# I've got something and it's stubborn



## bart2brett (Jun 29, 2005)

I've got something but I can't put my finger on it. I keep getting these little pop ups that just have an OK button and some garbage text, and selockdir in the header. I see it usually in windows explorer when trying to delete. Also when emptying the recycle bin. I also get a message saying the the Platform service is not running (although I don't see a service called that).

Here's the stuff you need: (I had to submit the ARK.TXT as an attachment, as it was too long for the post.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:52 PM, on 9/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\mfsyncsv.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\MImpPRO\MIProHst.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Documents and Settings\Pete\Desktop\dds.com
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=...il.live.com/default.aspx?n=808798880&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
O4 - HKLM\..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
O4 - HKLM\..\Run: [MImpPro] C:\Program Files\MImpPRO\MIProHst.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1715567821-162531612-1801674531-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - S-1-5-21-1715567821-162531612-1801674531-1003 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User '?')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Add to Link Commander collection - C:\Program Files\Link Commander\Libraries\add_link.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open in Web Archives Viewer - C:\Program Files\WebArchivesViewer\IEContext.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Show Link Commander - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - C:\PROGRA~1\LINKCO~1\LIBRAR~1\LCLaunch.dll
O9 - Extra 'Tools' menuitem: Show Link Commander - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - C:\PROGRA~1\LINKCO~1\LIBRAR~1\LCLaunch.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Add to collection - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - C:\PROGRA~1\LINKCO~1\LIBRAR~1\LCAdd.dll
O9 - Extra 'Tools' menuitem: Add to Link Commander collection - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - C:\PROGRA~1\LINKCO~1\LIBRAR~1\LCAdd.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1227406791671
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1257564424453
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} (AxLoaderPassword Class) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} (AIRJ01FPlayer.Player) - http://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53}: NameServer = 10.9.60.1
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Fences\FencesMenu.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Firewall (avgfws) - Unknown owner - C:\Program Files\AVG\AVG10\avgfws.exe (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CBMR Scheduler - Unknown owner - C:\Program Files\Cristie\CBMR\_BSSVC.EXE
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DataMirror Transformation Server Access Server - Unknown owner - C:\Program Files\DataMirror\Transformation Server Access Control\bin\dmaccessserver.exe
O23 - Service: DataMirror Transformation Server Integration Server - Unknown owner - C:\Program Files\DataMirror\Transformation Server Access Control\bin\dmintegrationserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MirrorFolder Auto-synchronization Service (mfsyncsv) - Techsoft - C:\WINDOWS\system32\mfsyncsv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: RDI Document Conversion Helper (RDIConverterPrintHelper) - Web Meeting - C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 18032 bytes

*****************************************************************************************************************************************

DDS (Ver_09-09-29.01) - NTFSx86 
Run by Pete at 21:01:19.53 on Tue 09/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234498901&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D808798880&id=64855
uWindow Title = Road Runner High Speed Online
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe
mRun: [nmctxth] c:\program files\common files\pure networks shared\platform\nmctxth.exe
mRun: [nmapp] c:\program files\pure networks\network magic\nmapp.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cfp.exe
mRun: [MImpPro] c:\program files\mimppro\MIProHst.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
IE: Add to Link Commander collection - c:\program files\link commander\libraries\add_link.htm
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open in Web Archives Viewer - c:\program files\webarchivesviewer\IEContext.htm
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - c:\progra~1\linkco~1\librar~1\LCLaunch.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - c:\progra~1\linkco~1\librar~1\LCAdd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: cinemanow.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227406791671
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257564424453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53} = 10.9.60.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: OPXPGina - 
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\fences\FencesMenu.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class
LSA: Notification Packages = :\WINDOWS scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\w8ha1gfu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - 
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\pete\application data\mozilla\firefox\profiles\w8ha1gfu.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\pete\application data\mozilla\firefox\profiles\w8ha1gfu.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-09-07 20:23 --d-----	c:\windows\system32\CatRoot2
2010-09-05 23:11	38,848	a-------	c:\windows\avastSS.scr
2010-09-05 22:38 --d-----	c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-05 22:23	29,512	a-------	c:\windows\system32\TURegOpt.exe
2010-09-05 22:23	30,024	a-------	c:\windows\system32\uxtuneup.dll
2010-09-05 22:22 --d-----	c:\program files\TuneUp Utilities 2010
2010-09-02 22:32 --d-----	c:\docume~1\pete\applic~1\DataMirror
2010-09-01 17:47 --d-----	c:\docume~1\pete\applic~1\AVG10
2010-09-01 17:45 --d-h---	c:\docume~1\alluse~1\applic~1\Common Files
2010-09-01 17:43 --d-----	c:\windows\system32\drivers\AVG
2010-09-01 17:43 --d-----	c:\docume~1\alluse~1\applic~1\AVG10
2010-09-01 17:43 --d-----	c:\program files\AVG
2010-08-30 19:33	72,520	a-------	c:\windows\system32\drivers\ftser2k.sys
2010-08-30 19:33	206,144	a-------	c:\windows\system32\ftd2xx.dll
2010-08-30 19:33	120,136	a-------	c:\windows\system32\ftbusui.dll
2010-08-30 19:33	57,672	a-------	c:\windows\system32\drivers\ftdibus.sys
2010-08-30 19:33 --d-----	c:\program files\National Consumer Panel
2010-08-28 12:31 --d-----	c:\program files\Spirits of Metropolis v1.10
2010-08-28 12:05	116,736	a-------	c:\windows\system32\drivers\mcdbus.sys
2010-08-28 12:05 --d-----	c:\program files\MagicDisc
2010-08-28 11:43 --d-----	c:\docume~1\pete\applic~1\Verizon Wireless
2010-08-27 01:07 --d-----	c:\windows\system32\wbem\Repository
2010-08-26 22:31	16	----h---	c:\windows\lockdirs.dat
2010-08-26 22:27	0	a-------	C:\_tmp_file
2010-08-25 22:50 --d-----	c:\program files\PolderbitS
2010-08-25 22:41	51,200	a-------	c:\windows\system32\MirFolder.cfg
2010-08-25 22:39	131,072	a-------	c:\windows\system32\mkdw48.acy
2010-08-25 22:39	131,072	a-------	c:\windows\system32\MirDisk.cfg
2010-08-25 15:39	21,464	a-------	c:\windows\system32\NaBootMir.exe
2010-08-25 15:39	512	a-------	c:\windows\MirDetected.bin
2010-08-25 15:39	37,016	a-------	c:\windows\system32\drivers\FolderHK.sys
2010-08-25 15:39	33,896	a-------	c:\windows\system32\drivers\HKDirFlt.sys
2010-08-25 15:39	28,648	a-------	c:\windows\system32\drivers\MirDisk.sys
2010-08-23 13:27	27,064	a-------	c:\windows\system32\drivers\revoflt.sys
2010-08-23 13:27 --d-----	c:\program files\VS Revo Group
2010-08-23 11:13 --d-----	c:\program files\JPG2PDF
2010-08-20 14:09	298,320	a-------	c:\windows\system32\drivers\avgtdix.sys
2010-08-20 14:09	249,296	a-------	c:\windows\system32\drivers\avgldx86.sys
2010-08-20 14:09	26,064	a-------	c:\windows\system32\drivers\avgrkx86.sys
2010-08-17 08:30	16,640	a-------	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-08-17 08:30 --d-----	c:\program files\Daniusoft
2010-08-15 21:51	129,024	a-------	c:\windows\system32\AVERM.dll
2010-08-15 21:51	28,672	a-------	c:\windows\system32\AVEQT.dll
2010-08-15 21:51 --d-----	c:\program files\Allok 3GP PSP MP4 iPod Video Converter
2010-08-14 12:42 --d-----	c:\documents and settings\pete\Downloads
2010-08-14 12:21 --d-----	c:\program files\RapidShareManager

==================== Find3M ====================

2010-08-04 20:25	23,456	a-------	c:\windows\system32\drivers\DrvAgent32.sys
2010-07-15 18:23	26,192	a-------	c:\windows\system32\drivers\AVGIDSShim.sys
2010-07-15 18:23	123,472	a-------	c:\windows\system32\drivers\AVGIDSDriver.sys
2010-07-15 18:23	30,288	a-------	c:\windows\system32\drivers\AVGIDSFilter.sys
2010-07-15 18:23	25,680	a-------	c:\windows\system32\drivers\AVGIDSEH.sys
2010-07-12 04:33	51,040	a-------	c:\windows\system32\avgfwdx.dll
2010-07-12 04:33	30,432	a-------	c:\windows\system32\drivers\avgfwdx.sys
2010-07-11 20:21	2,286,080	a-------	c:\windows\system32\TUKernel.exe
2010-06-30 08:31	149,504	a-------	c:\windows\system32\schannel.dll
2010-06-24 08:15	832,512	a-------	c:\windows\system32\wininet.dll
2010-06-24 08:15	78,336	a-------	c:\windows\system32\ieencode.dll
2010-06-24 08:15	17,408	a-------	c:\windows\system32\corpol.dll
2010-06-23 09:44	1,851,904	a-------	c:\windows\system32\win32k.sys
2010-06-17 10:03	80,384	a-------	c:\windows\system32\iccvid.dll
2010-06-14 10:31	744,448	a-------	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 03:41	1,172,480	a-------	c:\windows\system32\msxml3.dll
2010-05-21 21:13	256	a-------	c:\documents and settings\pete\pool.bin
2010-04-26 20:39	49,152	ac-sh---	c:\program files\Thumbs.db
2010-01-06 21:35	94,208	a-------	c:\docume~1\pete\applic~1\ezplay.sys
2010-01-06 21:35	87,608	a-------	c:\docume~1\pete\applic~1\inst.exe
2009-09-24 23:07	352,256	ac------	c:\program files\USBExtreme.exe
2009-07-23 14:49	72,569,774	ac------	c:\program files\3D_Driving-School_v3.1.exe
2009-02-03 18:08	13,227,453	-c------	c:\program files\PROCESSLIST.DB
2009-02-03 18:08	1,118,656	-c------	c:\program files\PROCESSLISTRELATED.DB
2008-12-14 19:47	47,360	-c------	c:\docume~1\pete\applic~1\pcouffin.sys
2008-11-30 20:44	81,920	ac------	c:\program files\sherlock.exe
2008-11-09 20:07	6,106,480	ac------	c:\program files\RiffMaster Pro 3.0.exe
2007-03-04 14:30	39,060	ac------	c:\program files\Buffering2.jpg
2007-03-04 14:30	39,047	ac------	c:\program files\Buffering5.jpg
2007-03-04 14:30	39,040	ac------	c:\program files\Buffering1.jpg
2007-03-04 14:30	39,038	ac------	c:\program files\Buffering6.jpg
2007-03-04 14:30	39,035	ac------	c:\program files\Buffering4.jpg
2007-03-04 14:30	39,033	ac------	c:\program files\Buffering3.jpg
2007-03-04 14:30	39,020	ac------	c:\program files\Buffering7.jpg
2006-03-23 15:17	114,688	--------	c:\program files\igfxzoom.exe
2004-05-24 23:05	536,631	--------	c:\program files\procexp.exe
2003-04-29 05:33	1,328,198	-c------	c:\program files\TuMeDrum.exe
2000-11-12 16:48	220,160	-c------	c:\program files\acpu.exe
2006-05-03 06:06	163,328	---shr--	c:\windows\system32\flvDX.dll
2007-02-21 07:47	31,232	---shr--	c:\windows\system32\msfDX.dll
2008-03-16 09:30	216,064	---shr--	c:\windows\system32\nbDX.dll
2009-02-08 00:57	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020720090208\index.dat
2009-02-08 01:25	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat
2009-09-19 10:17	32,768	ac-sh---	c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 21:02:35.96 ===============


----------



## bart2brett (Jun 29, 2005)

There's more...now both of my laptops have the same infection. Malwarebytes reports Rogue.AntiVirusPro. in C:\Documents and Settings\Pete\Application Data\hkey_local_machine.reg


----------



## jmw3 (Jul 23, 2007)

Hello & Welcome to TechSupportGuy

Please *Subscribe to this Thread* to get immediate notification of replies as soon as they are posted. To do this click *Thread Tools*, then click *Subscribe to this Thread*. Make sure it is set to *Instant notification by email*, then click *Add Subscription*.

*In the meantime please note the following:*

Any recommendations made are for your computer problems only and should *NOT* be used on any other computer.
Please *DO NOT* run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them: 
1. The tools that we use are very powerful and can cause *>>irreparable damage<<* to your computer if not used correctly.
2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
If you get stuck or are unsure of something please ask for a further explanation, do not guess.
It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
*Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.*
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

*Because of this, I advise you to backup any personal files and folders before you start.*

Thanks



> There's more...now both of my laptops have the same infection


Please don't run the same fixes on both computers. We'll work on the first - that you have posted the logs for - then the second notebook.

*TFC (Temp File Cleaner)*
Download *TFC (Temp File Cleaner)* by Old Timer *Here* & save it to your desktop. 

Save any unsaved work. *TFC Cleaner* will close all open application windows
Double-click *TFC.exe* to run the program, your desktop will temporarily disappear
If prompted, click *Yes* to reboot
*Note:* _Save your work._. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

*ComboFix*
Download *ComboFix* from one of these locations (*DO NOT* download ComboFix from anywhere else but one of the provided links):
*Link 1*
*Link 2*

***IMPORTANT !!! Save ComboFix.exe to your Desktop***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
*A guide to do this can be found here*
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console









**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of *C:\ComboFix.txt* in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix *SHOULD NOT* be used unless requested by a forum helper

Then re-run both *DDS* & *Gmer*

To post in next reply:
ComboFix log
New DDS log
New Attach Log
New Gmer log
Update on how the computer is running


----------



## bart2brett (Jun 29, 2005)

Some notes:
* When I ran TFC I got the selockdir pop up for each file to delete. So I had to click OK to these and it took forever.

* Combofix started with an error box with an "I" in a text bubble and "OK". When clicked, the system rebooted. It came back to my wallpaper and the combofix command box and started running. It couldn't find the Windows Recovery Console and when I tried to download it, Combofix couldn't see that I was connected to the internet. So I clicked OK and the scan ran.

* Ran GMER again and it took all night. Then the system locked up when I tried to save the log. So there is no new ARK.TXT file.

ComboFix 10-09-08.02 - Pete 09/09/2010 12:59:58.2.2 - x86
Running from: c:\documents and settings\Pete\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
_ ADS - WINDOWS: deleted 24 bytes in 1 streams. _

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pete\Application Data\EurekaLog
c:\documents and settings\Pete\Application Data\inst.exe
c:\windows\daemon.dll
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\2662017659.dat
c:\windows\system32\4221534445.dat
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\system
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.

2010-09-08 00:23 . 2010-09-09 17:09	--------	d-----w-	c:\windows\system32\CatRoot2
2010-09-06 03:11 . 2010-06-28 20:37	165456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-09-06 03:11 . 2010-06-28 20:32	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 03:11 . 2010-06-28 20:33	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-09-06 03:11 . 2010-06-28 20:37	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-09-06 03:11 . 2010-06-28 20:32	100176	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2010-09-06 03:11 . 2010-06-28 20:32	94544	----a-w-	c:\windows\system32\drivers\aswmon.sys
2010-09-06 03:11 . 2010-06-28 20:32	28880	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2010-09-06 03:11 . 2010-06-28 20:57	38848	----a-w-	c:\windows\avastSS.scr
2010-09-06 03:11 . 2010-06-28 20:57	165032	----a-w-	c:\windows\system32\aswBoot.exe
2010-09-06 02:38 . 2010-09-06 03:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-06 02:23 . 2009-10-30 19:08	29512	----a-w-	c:\windows\system32\TURegOpt.exe
2010-09-06 02:23 . 2009-10-30 19:01	30024	----a-w-	c:\windows\system32\uxtuneup.dll
2010-09-06 02:22 . 2010-09-06 02:23	--------	d-----w-	c:\program files\TuneUp Utilities 2010
2010-09-03 02:32 . 2010-09-03 02:32	307200	----a-w-	c:\documents and settings\Pete\Application Data\DataMirror\Management Console\configuration\org.eclipse.osgi\bundles\61\1\.cp\swt-win32-3346.dll
2010-09-03 02:32 . 2010-09-03 02:32	--------	d-----w-	c:\documents and settings\Pete\Application Data\DataMirror
2010-09-01 21:47 . 2010-09-01 21:47	--------	d-----w-	c:\documents and settings\Pete\Application Data\AVG10
2010-09-01 21:45 . 2010-09-01 21:45	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2010-09-01 21:43 . 2010-09-06 00:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG10
2010-09-01 21:43 . 2010-09-05 22:26	--------	d-----w-	c:\windows\system32\drivers\AVG
2010-09-01 21:43 . 2010-09-06 00:52	--------	d-----w-	c:\program files\AVG
2010-08-30 23:33 . 2009-02-17 12:17	72520	----a-w-	c:\windows\system32\drivers\ftser2k.sys
2010-08-30 23:33 . 2009-02-17 12:19	57672	----a-w-	c:\windows\system32\drivers\ftdibus.sys
2010-08-30 23:33 . 2009-02-17 10:23	206144	----a-w-	c:\windows\system32\ftd2xx.dll
2010-08-30 23:33 . 2009-02-17 10:22	120136	----a-w-	c:\windows\system32\ftbusui.dll
2010-08-30 23:33 . 2010-08-30 23:33	--------	d-----w-	c:\program files\National Consumer Panel
2010-08-28 16:31 . 2010-08-28 16:40	--------	d-----w-	c:\program files\Spirits of Metropolis v1.10
2010-08-28 16:05 . 2009-02-24 22:42	116736	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2010-08-28 16:05 . 2010-08-28 16:05	--------	d-----w-	c:\program files\MagicDisc
2010-08-28 15:43 . 2010-08-28 15:43	--------	d-----w-	c:\documents and settings\Pete\Application Data\Verizon Wireless
2010-08-27 05:07 . 2010-08-27 05:07	--------	d-----w-	c:\windows\system32\wbem\Repository
2010-08-27 02:31 . 2010-09-06 23:53	16	---h--w-	c:\windows\lockdirs.dat
2010-08-26 02:50 . 2010-08-26 02:50	--------	d-----w-	c:\program files\PolderbitS
2010-08-25 19:39 . 2010-06-28 22:04	21464	----a-w-	c:\windows\system32\NaBootMir.exe
2010-08-25 19:39 . 2010-02-24 21:16	512	----a-w-	c:\windows\MirDetected.bin
2010-08-25 19:39 . 2010-06-23 14:09	28648	----a-w-	c:\windows\system32\drivers\MirDisk.sys
2010-08-25 19:39 . 2010-06-23 14:09	33896	----a-w-	c:\windows\system32\drivers\HKDirFlt.sys
2010-08-25 19:39 . 2010-06-23 14:09	37016	----a-w-	c:\windows\system32\drivers\FolderHK.sys
2010-08-23 17:27 . 2009-12-30 15:20	27064	----a-w-	c:\windows\system32\drivers\revoflt.sys
2010-08-23 17:27 . 2010-08-23 17:27	--------	d-----w-	c:\program files\VS Revo Group
2010-08-23 15:13 . 2010-08-27 05:05	--------	d-----w-	c:\program files\JPG2PDF
2010-08-23 03:00 . 2010-08-23 03:00	--------	d-----w-	c:\documents and settings\LocalService\Application Data\TuneUp Software
2010-08-21 17:51 . 2010-08-21 17:51	34384	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-08-20 18:09 . 2010-08-20 18:09	298320	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-08-20 18:09 . 2010-08-20 18:09	249296	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-08-20 18:09 . 2010-08-20 18:09	26064	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2010-08-17 12:30 . 2009-09-03 14:37	16640	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-08-17 12:30 . 2010-08-17 12:30	--------	d-----w-	c:\program files\Daniusoft
2010-08-16 01:51 . 2007-04-12 18:19	129024	----a-w-	c:\windows\system32\AVERM.dll
2010-08-16 01:51 . 2006-09-26 17:57	28672	----a-w-	c:\windows\system32\AVEQT.dll
2010-08-16 01:51 . 2010-08-16 01:51	--------	d-----w-	c:\program files\Allok 3GP PSP MP4 iPod Video Converter
2010-08-14 16:42 . 2010-08-14 20:00	--------	d-----w-	c:\documents and settings\Pete\Downloads
2010-08-14 16:21 . 2010-08-28 17:33	--------	d-----w-	c:\program files\RapidShareManager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 02:48 . 2009-02-09 02:00	--------	d-----w-	c:\documents and settings\Pete\Application Data\SUPERAntiSpyware.com
2010-09-09 02:48 . 2009-02-03 02:39	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-09-07 16:14 . 2008-11-26 02:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Sonic
2010-09-07 16:14 . 2009-12-30 00:22	--------	d-----w-	c:\program files\Roxio 2010
2010-09-07 01:23 . 2009-02-14 20:04	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-09-06 23:53 . 2010-04-28 19:31	112	-c-h--w-	c:\windows\encdirs.dat
2010-09-06 23:52 . 2010-04-28 19:17	48	-c-h--w-	c:\windows\PwdManage.dat
2010-09-06 23:48 . 2010-04-28 19:14	37	----a-w-	c:\windows\sepath.dat
2010-09-06 23:32 . 2008-12-05 02:17	--------	d-----w-	c:\program files\Roxio
2010-09-06 23:32 . 2008-11-26 02:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\Roxio
2010-09-06 23:32 . 2008-11-26 03:10	--------	d-----w-	c:\documents and settings\Pete\Application Data\Roxio
2010-09-06 02:38 . 2009-02-11 15:32	--------	d-----w-	c:\program files\Alwil Software
2010-09-04 00:51 . 2008-11-27 04:52	--------	d-----w-	c:\program files\Easy File & Folder Protector
2010-09-04 00:48 . 2009-10-24 02:39	--------	d-----w-	c:\program files\Cool MP3 Splitter
2010-09-03 21:49 . 2009-04-23 01:29	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-09-03 01:31 . 2009-07-27 03:09	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-01 22:13 . 2009-12-19 00:28	--------	d-----w-	c:\program files\Makayama
2010-09-01 22:04 . 2010-03-30 14:23	--------	d-----w-	c:\program files\RegCure
2010-08-31 14:26 . 2009-08-31 01:49	--------	d-----w-	c:\program files\ACNielsen
2010-08-30 23:33 . 2008-11-22 01:47	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-28 15:58 . 2009-10-16 02:44	--------	d-----w-	c:\program files\Xvid
2010-08-28 15:58 . 2009-08-25 18:28	--------	d-----w-	c:\program files\speaktext
2010-08-28 15:58 . 2009-03-29 02:50	--------	d-----w-	c:\program files\Zinio
2010-08-28 15:58 . 2010-05-11 02:30	--------	d-----w-	c:\program files\SoundmaskerDeluxe
2010-08-28 15:58 . 2009-09-07 02:05	--------	d-----w-	c:\program files\RP3.1
2010-08-28 15:58 . 2009-07-28 18:07	--------	d-----w-	c:\program files\Spotmau
2010-08-28 15:58 . 2008-12-13 23:32	--------	d-----w-	c:\program files\QuickPar
2010-08-28 15:58 . 2010-05-10 23:47	--------	d-----w-	c:\program files\Atmosphere Deluxe
2010-08-28 15:58 . 2010-01-30 22:05	--------	d-----w-	c:\program files\BitTorrent
2010-08-28 15:58 . 2010-01-30 22:05	--------	d-----w-	c:\documents and settings\Pete\Application Data\BitTorrent
2010-08-28 15:44 . 2009-02-11 15:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\Verizon Wireless
2010-08-26 03:08 . 2010-07-24 21:54	477744	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-25 19:39 . 2010-04-28 19:14	--------	d-----w-	c:\program files\Wondershare
2010-08-19 01:51 . 2008-12-13 23:53	--------	d-----w-	c:\program files\dvdSanta
2010-08-11 02:48 . 2008-11-22 02:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-07 22:40 . 2009-02-08 16:46	109760	-c--a-w-	c:\documents and settings\Pete\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-07 00:59 . 2010-08-07 00:59	--------	d-----w-	c:\documents and settings\Pete\Application Data\Resort Labs
2010-08-07 00:59 . 2010-08-07 00:59	--------	d-----w-	c:\program files\Link Commander
2010-08-05 00:25 . 2010-08-05 00:25	23456	----a-w-	c:\windows\system32\drivers\DrvAgent32.sys
2010-07-31 20:58 . 2010-07-31 20:58	--------	d-----w-	c:\program files\SharpC
2010-07-31 16:45 . 2008-11-26 03:09	256	----a-w-	c:\windows\system32\pool.bin
2010-07-30 22:02 . 2010-07-30 21:51	--------	d-----w-	c:\program files\SpeedFan
2010-07-30 02:46 . 2010-07-30 02:44	--------	d-----w-	c:\program files\Driver Magician
2010-07-24 20:55 . 2010-07-24 20:52	--------	d-----w-	c:\documents and settings\Pete\Application Data\Western DigitalTemp
2010-07-24 20:55 . 2010-07-24 20:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\Western Digital
2010-07-24 19:46 . 2010-07-24 19:46	--------	d-----w-	c:\documents and settings\Pete\Application Data\Western Digital
2010-07-24 19:43 . 2010-07-24 19:43	--------	d-----w-	c:\program files\Western Digital
2010-07-23 00:29 . 2010-07-23 00:29	--------	d-----w-	c:\documents and settings\Pete\Application Data\Xilisoft
2010-07-23 00:22 . 2008-12-14 23:47	--------	d-----w-	c:\documents and settings\Pete\Application Data\Vso
2010-07-22 16:12 . 2008-11-27 03:04	--------	d-----w-	c:\program files\Google
2010-07-15 22:23 . 2010-07-15 22:23	26192	----a-w-	c:\windows\system32\drivers\AVGIDSShim.sys
2010-07-15 22:23 . 2010-07-15 22:23	30288	----a-w-	c:\windows\system32\drivers\AVGIDSFilter.sys
2010-07-15 22:23 . 2010-07-15 22:23	25680	----a-w-	c:\windows\system32\drivers\AVGIDSEH.sys
2010-07-15 22:23 . 2010-07-15 22:23	123472	----a-w-	c:\windows\system32\drivers\AVGIDSDriver.sys
2010-07-12 23:16 . 2010-07-12 23:16	3638	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_3D3DC91FC9DD2637D12FA2.exe
2010-07-12 23:16 . 2010-07-12 23:16	3638	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_31FAD3247F4B0F6385E90B.exe
2010-07-12 23:16 . 2010-07-12 23:16	10134	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_F8397BE02F4D062C7D8582.exe
2010-07-12 23:16 . 2010-07-12 23:16	10134	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_7EA93AB4D6B360FE8F56BE.exe
2010-07-12 23:16 . 2010-07-12 23:16	10134	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_380E8673AD6BA4E7CFE666.exe
2010-07-12 23:16 . 2010-07-12 23:16	--------	d-----w-	c:\program files\Teorex
2010-07-12 08:33 . 2010-07-12 08:33	51040	----a-w-	c:\windows\system32\avgfwdx.dll
2010-07-12 08:33 . 2010-07-12 08:33	30432	----a-w-	c:\windows\system32\drivers\avgfwdx.sys
2010-07-12 00:21 . 2010-07-11 22:57	2286080	----a-w-	c:\windows\system32\TUKernel.exe
2010-06-30 12:31 . 2008-11-23 04:26	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2006-03-04 03:33	832512	----a-w-	c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2008-11-23 04:27	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2008-11-23 04:27	17408	----a-w-	c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2008-11-23 04:26	1851904	----a-w-	c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-11-23 04:26	354304	------w-	c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-11-23 04:27	80384	----a-w-	c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-11-23 04:27	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-11-23 04:27	1172480	----a-w-	c:\windows\system32\msxml3.dll
2010-06-13 23:26 . 2010-06-13 23:26	10134	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-06-13 19:54 . 2010-06-13 19:54	2	--shatr-	c:\windows\winstart.bat
2010-04-27 00:39 . 2010-04-26 02:44	49152	-csha-w-	c:\program files\Thumbs.db
2009-09-25 03:07 . 2009-09-25 03:07	352256	-c--a-w-	c:\program files\USBExtreme.exe
2009-07-23 18:49 . 2009-11-24 23:41	72569774	-c--a-w-	c:\program files\3D_Driving-School_v3.1.exe
2009-02-03 22:08 . 2009-02-09 01:48	13227453	-c----w-	c:\program files\PROCESSLIST.DB
2009-02-03 22:08 . 2009-02-09 01:48	1118656	-c----w-	c:\program files\PROCESSLISTRELATED.DB
2008-12-01 00:44 . 2008-12-01 00:44	81920	-c--a-w-	c:\program files\sherlock.exe
2008-11-10 00:07 . 2009-12-24 01:18	6106480	-c--a-w-	c:\program files\RiffMaster Pro 3.0.exe
2007-03-04 18:30 . 2007-03-04 18:30	39060	-c--a-w-	c:\program files\Buffering2.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39047	-c--a-w-	c:\program files\Buffering5.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39040	-c--a-w-	c:\program files\Buffering1.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39038	-c--a-w-	c:\program files\Buffering6.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39035	-c--a-w-	c:\program files\Buffering4.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39033	-c--a-w-	c:\program files\Buffering3.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39020	-c--a-w-	c:\program files\Buffering7.jpg
2006-03-23 19:17 . 2008-11-27 02:52	114688	------w-	c:\program files\igfxzoom.exe
2004-05-25 03:05 . 2008-11-22 02:55	536631	------w-	c:\program files\procexp.exe
2003-04-29 09:33 . 2008-11-27 05:13	1328198	-c----w-	c:\program files\TuMeDrum.exe
2000-11-12 20:48 . 2008-11-27 04:41	220160	-c----w-	c:\program files\acpu.exe
2006-05-03 10:06 . 2010-03-27 16:28	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-03-27 16:28	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-03-27 16:28	216064	--sh--r-	c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-11-19 472112]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"MImpPro"="c:\program files\MImpPRO\MIProHst.exe" [2000-03-17 48128]

c:\documents and settings\Pete\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-8-28 576000]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe [2008-11-26 12693504]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0NaBootMir

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pete^Start Menu^Programs^Startup^Creative Element Power Tools Startup.lnk]
path=c:\documents and settings\Pete\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
backup=c:\windows\pss\Creative Element Power Tools Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Pete^Start Menu^Programs^Startup^Registration-Studio 8 LE.lnk]
backup=c:\windows\pss\Registration-Studio 8 LE.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpotmauSecretary]
2010-02-05 17:05	625152	----a-w-	c:\program files\Spotmau\secretary\Spotmau_S.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-26 21:07	2424560	----a-w-	c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\D-Link\\SharePort\\SharePort Network USB Utility.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\program files\Common Files\Agilix\GoBinder\Binder.exe"= c:\program files\Common Files\Agilix\GoBinder\Binder.exe:127.0.0.1/255.255.255.255:Enabled:Agilix GoBinder
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Psygnosis\\Rollcage\\Direct3D\\Rollcage.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Help Systems\\Robot CONSOLE 5\\RobotConsole.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 06\\updater.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\JDownloader_PortableApps\\CommonFiles\\Java\\bin\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Program Files\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbopcon.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Satellite TV for PC 2009 Titanium Edition (Portable)\\PC Satellite TV.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabledure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57970:TCP"= 57970:TCPandoRest Listening Port
"9303:UDP"= 9303:UDP:SharePort Network USB Utility UDP Port

R0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [x]
R2 bsaspi32;bsaspi32; [x]
R2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;c:\program files\BVRP Connection Manager\BVRPNDIS.SYS [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 133104]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-07-15 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-07-15 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-07-15 26192]
R3 CBMR Scheduler;CBMR Scheduler;c:\program files\Cristie\CBMR\_BSSVC.EXE [2006-10-31 36864]
R3 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
R3 DataMirror Transformation Server Access Server;DataMirror Transformation Server Access Server;c:\program files\DataMirror\Transformation Server Access Control\bin\dmaccessserver.exe [2008-02-29 90112]
R3 DataMirror Transformation Server Integration Server;DataMirror Transformation Server Integration Server;c:\program files\DataMirror\Transformation Server Access Control\bin\dmintegrationserver.exe [2008-02-29 90112]
R3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\Drivers\DlinkUDSTcpBus.sys [2008-11-11 97664]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-08-05 23456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 HauppaugeTVServer;HauppaugeTVServer;c:\program files\WinTV\TVServer\HauppaugeTVServer.exe [2009-06-05 434176]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2009-03-19 27904]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2009-03-19 1190784]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2009-03-19 1187072]
R3 L6PODLV;PODxt Live Service;c:\windows\system32\Drivers\L6PODLV.sys [2010-04-03 571136]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
R3 NUVision;Pinnacle LINX;c:\windows\system32\DRIVERS\NUVision.sys [2000-07-16 136352]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]
R3 SKYNETU;B2C2 Broadband Receiver USB Adapter;c:\windows\system32\DRIVERS\SkyNETU.SYS [2003-08-19 513688]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-07 25088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-03 457200]
R4 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [x]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
R4 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-03-29 717296]
R4 TS EA Access Server;TS EA Access Server;c:\program files\DataMirror\TS EA\dmservserv.exe [2006-01-27 57344]
R4 TS EA Integration Server;TS EA Integration Server;c:\program files\DataMirror\TS EA\dmis.exe [2006-01-27 49152]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-07-15 25680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2010-08-20 26064]
S0 d346prt;d346prt;c:\windows\System32\Drivers\d346prt.sys [2004-03-13 5248]
S0 HKDirFlt;Wondershare HKDirFlt;c:\windows\system32\drivers\HKDirFlt.sys [2010-06-23 33896]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-13 40560]
S0 MirDisk;Wondershare Time Freeze;c:\windows\system32\drivers\MirDisk.sys [2010-06-23 28648]
S0 mrfoldr;MirrorFolder real-time replication driver;c:\windows\System32\drivers\mrfoldr.sys [2008-07-27 77304]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-02 21488]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-02 15856]
S1 aswSP;aswSP; [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-08-20 249296]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-08-20 298320]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 229312]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 25240]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-02 25584]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-30 67656]
S2 aswFsBlk;aswFsBlk; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 mfsyncsv;MirrorFolder Auto-synchronization Service;c:\windows\system32\mfsyncsv.exe [2008-07-27 127352]
S2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\DRIVERS\pnpcap.sys [2008-12-14 23344]
S2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\Common Files\ICWM\Printer\RDIConverterService.exe [2008-10-01 64888]
S2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 202280]
S2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2010-02-05 354176]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-08 185640]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
S3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\DlinkUDSMBus.sys [2008-11-11 74624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-09-03 16640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 19:12]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 22:04]

2010-09-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-162531612-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-162531612-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234498901&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D808798880&id=64855
IE: Add to Link Commander collection - c:\program files\Link Commander\Libraries\add_link.htm
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open in Web Archives Viewer - c:\program files\WebArchivesViewer\IEContext.htm
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - c:\progra~1\LINKCO~1\LIBRAR~1\LCLaunch.dll
IE: {{4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - c:\progra~1\LINKCO~1\LIBRAR~1\LCAdd.dll
Trusted Zone: cinemanow.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: {DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53} = 10.9.60.1
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
FF - ProfilePath - c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\w8ha1gfu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - 
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\w8ha1gfu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\w8ha1gfu.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-OPXPGina - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 13:10
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-162531612-1801674531-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"=""
"Increment"=".002874"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]
@Denied: (A 2 3) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32]
@="%SystemRoot%\\Explorer.exe"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID]
@="DAO.Client"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\TypeLib]
@="{6687A87F-0520-6642-8336-6E686B6F6E71}"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1444)
c:\program files\Softex\OmniPass\ginastub.dll
c:\program files\Softex\OmniPass\ssplogon.dll
c:\program files\Softex\OmniPass\RandomPass.dll
c:\program files\Softex\OmniPass\cryptodll.dll
c:\program files\Softex\OmniPass\storeng.dll
c:\program files\Softex\OmniPass\autheng.dll
c:\program files\Softex\OmniPass\userdata.dll
c:\program files\Softex\OmniPass\hdddrv.dll
c:\program files\Softex\OmniPass\ldapdrv.dll
c:\program files\Softex\OmniPass\cachedrv.dll
c:\program files\Softex\OmniPass\mstrpwd.dll

- - - - - - - > 'explorer.exe'(2364)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\program files\Fences\FencesMenu.dll
c:\program files\fences\DesktopDock.dll
c:\program files\Wondershare\SafeLock\selockdir.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Softex\OmniPass\Omniserv.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
.
**************************************************************************
.
Completion time: 2010-09-09 13:24:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-09 17:24
ComboFix2.txt 2009-02-10 14:20

Pre-Run: 12,130,922,496 bytes free
Post-Run: 11,904,819,200 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - C3C9012AE1515778D5F470D093B45C9C


----------



## bart2brett (Jun 29, 2005)

Here is the DSS

DDS (Ver_09-09-29.01) - NTFSx86 
Run by Pete at 14:13:52.45 on Thu 09/09/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234498901&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D808798880&id=64855
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
mRun: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe
mRun: [nmctxth] c:\program files\common files\pure networks shared\platform\nmctxth.exe
mRun: [nmapp] c:\program files\pure networks\network magic\nmapp.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cfp.exe
mRun: [MImpPro] c:\program files\mimppro\MIProHst.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link dwa-652 xtreme n notebook adapter\wirelesscm.exe
IE: Add to Link Commander collection - c:\program files\link commander\libraries\add_link.htm
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open in Web Archives Viewer - c:\program files\webarchivesviewer\IEContext.htm
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - c:\progra~1\linkco~1\librar~1\LCLaunch.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - c:\progra~1\linkco~1\librar~1\LCAdd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: cinemanow.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227406791671
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257564424453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53} = 10.9.60.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\fences\FencesMenu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\w8ha1gfu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - 
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-09-09 12:32	77,312	a-------	c:\windows\MBR.exe
2010-09-09 12:32	256,512	a-------	c:\windows\PEV.exe
2010-09-07 20:23 --d-----	c:\windows\system32\CatRoot2
2010-09-05 23:11	38,848	a-------	c:\windows\avastSS.scr
2010-09-05 22:38 --d-----	c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-05 22:23	29,512	a-------	c:\windows\system32\TURegOpt.exe
2010-09-05 22:23	30,024	a-------	c:\windows\system32\uxtuneup.dll
2010-09-05 22:22 --d-----	c:\program files\TuneUp Utilities 2010
2010-09-02 22:32 --d-----	c:\docume~1\pete\applic~1\DataMirror
2010-09-01 17:47 --d-----	c:\docume~1\pete\applic~1\AVG10
2010-09-01 17:45 --d-h---	c:\docume~1\alluse~1\applic~1\Common Files
2010-09-01 17:43 --d-----	c:\windows\system32\drivers\AVG
2010-09-01 17:43 --d-----	c:\docume~1\alluse~1\applic~1\AVG10
2010-09-01 17:43 --d-----	c:\program files\AVG
2010-08-30 19:33	72,520	a-------	c:\windows\system32\drivers\ftser2k.sys
2010-08-30 19:33	206,144	a-------	c:\windows\system32\ftd2xx.dll
2010-08-30 19:33	120,136	a-------	c:\windows\system32\ftbusui.dll
2010-08-30 19:33	57,672	a-------	c:\windows\system32\drivers\ftdibus.sys
2010-08-30 19:33 --d-----	c:\program files\National Consumer Panel
2010-08-28 12:31 --d-----	c:\program files\Spirits of Metropolis v1.10
2010-08-28 12:05	116,736	a-------	c:\windows\system32\drivers\mcdbus.sys
2010-08-28 12:05 --d-----	c:\program files\MagicDisc
2010-08-28 11:43 --d-----	c:\docume~1\pete\applic~1\Verizon Wireless
2010-08-27 01:07 --d-----	c:\windows\system32\wbem\Repository
2010-08-26 22:31	16	----h---	c:\windows\lockdirs.dat
2010-08-26 22:27	0	a-------	C:\_tmp_file
2010-08-25 22:50 --d-----	c:\program files\PolderbitS
2010-08-25 22:41	51,200	a-------	c:\windows\system32\MirFolder.cfg
2010-08-25 22:39	131,072	a-------	c:\windows\system32\mkdw48.acy
2010-08-25 22:39	131,072	a-------	c:\windows\system32\MirDisk.cfg
2010-08-25 15:39	21,464	a-------	c:\windows\system32\NaBootMir.exe
2010-08-25 15:39	512	a-------	c:\windows\MirDetected.bin
2010-08-25 15:39	37,016	a-------	c:\windows\system32\drivers\FolderHK.sys
2010-08-25 15:39	33,896	a-------	c:\windows\system32\drivers\HKDirFlt.sys
2010-08-25 15:39	28,648	a-------	c:\windows\system32\drivers\MirDisk.sys
2010-08-23 13:27	27,064	a-------	c:\windows\system32\drivers\revoflt.sys
2010-08-23 13:27 --d-----	c:\program files\VS Revo Group
2010-08-23 11:13 --d-----	c:\program files\JPG2PDF
2010-08-20 14:09	298,320	a-------	c:\windows\system32\drivers\avgtdix.sys
2010-08-20 14:09	249,296	a-------	c:\windows\system32\drivers\avgldx86.sys
2010-08-20 14:09	26,064	a-------	c:\windows\system32\drivers\avgrkx86.sys
2010-08-17 08:30	16,640	a-------	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-08-17 08:30 --d-----	c:\program files\Daniusoft
2010-08-15 21:51	129,024	a-------	c:\windows\system32\AVERM.dll
2010-08-15 21:51	28,672	a-------	c:\windows\system32\AVEQT.dll
2010-08-15 21:51 --d-----	c:\program files\Allok 3GP PSP MP4 iPod Video Converter
2010-08-14 12:42 --d-----	c:\documents and settings\pete\Downloads
2010-08-14 12:21 --d-----	c:\program files\RapidShareManager

==================== Find3M ====================

2010-08-04 20:25	23,456	a-------	c:\windows\system32\drivers\DrvAgent32.sys
2010-07-15 18:23	26,192	a-------	c:\windows\system32\drivers\AVGIDSShim.sys
2010-07-15 18:23	123,472	a-------	c:\windows\system32\drivers\AVGIDSDriver.sys
2010-07-15 18:23	30,288	a-------	c:\windows\system32\drivers\AVGIDSFilter.sys
2010-07-15 18:23	25,680	a-------	c:\windows\system32\drivers\AVGIDSEH.sys
2010-07-12 04:33	51,040	a-------	c:\windows\system32\avgfwdx.dll
2010-07-12 04:33	30,432	a-------	c:\windows\system32\drivers\avgfwdx.sys
2010-07-11 20:21	2,286,080	a-------	c:\windows\system32\TUKernel.exe
2010-06-30 08:31	149,504	a-------	c:\windows\system32\schannel.dll
2010-06-24 08:15	832,512	a-------	c:\windows\system32\wininet.dll
2010-06-24 08:15	78,336	a-------	c:\windows\system32\ieencode.dll
2010-06-24 08:15	17,408	a-------	c:\windows\system32\corpol.dll
2010-06-23 09:44	1,851,904	a-------	c:\windows\system32\win32k.sys
2010-06-17 10:03	80,384	a-------	c:\windows\system32\iccvid.dll
2010-06-14 10:31	744,448	a-------	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 03:41	1,172,480	a-------	c:\windows\system32\msxml3.dll
2010-05-21 21:13	256	a-------	c:\documents and settings\pete\pool.bin
2010-04-26 20:39	49,152	ac-sh---	c:\program files\Thumbs.db
2010-01-06 21:35	94,208	a-------	c:\docume~1\pete\applic~1\ezplay.sys
2009-09-24 23:07	352,256	ac------	c:\program files\USBExtreme.exe
2009-07-23 14:49	72,569,774	ac------	c:\program files\3D_Driving-School_v3.1.exe
2009-02-03 18:08	13,227,453	-c------	c:\program files\PROCESSLIST.DB
2009-02-03 18:08	1,118,656	-c------	c:\program files\PROCESSLISTRELATED.DB
2008-12-14 19:47	47,360	-c------	c:\docume~1\pete\applic~1\pcouffin.sys
2008-11-30 20:44	81,920	ac------	c:\program files\sherlock.exe
2008-11-09 20:07	6,106,480	ac------	c:\program files\RiffMaster Pro 3.0.exe
2007-03-04 14:30	39,060	ac------	c:\program files\Buffering2.jpg
2007-03-04 14:30	39,047	ac------	c:\program files\Buffering5.jpg
2007-03-04 14:30	39,040	ac------	c:\program files\Buffering1.jpg
2007-03-04 14:30	39,038	ac------	c:\program files\Buffering6.jpg
2007-03-04 14:30	39,035	ac------	c:\program files\Buffering4.jpg
2007-03-04 14:30	39,033	ac------	c:\program files\Buffering3.jpg
2007-03-04 14:30	39,020	ac------	c:\program files\Buffering7.jpg
2006-03-23 15:17	114,688	--------	c:\program files\igfxzoom.exe
2004-05-24 23:05	536,631	--------	c:\program files\procexp.exe
2003-04-29 05:33	1,328,198	-c------	c:\program files\TuMeDrum.exe
2000-11-12 16:48	220,160	-c------	c:\program files\acpu.exe
2006-05-03 06:06	163,328	---shr--	c:\windows\system32\flvDX.dll
2007-02-21 07:47	31,232	---shr--	c:\windows\system32\msfDX.dll
2008-03-16 09:30	216,064	---shr--	c:\windows\system32\nbDX.dll
2009-02-08 00:57	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020720090208\index.dat
2009-02-08 01:25	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat

============= FINISH: 14:14:26.43 ===============


----------



## bart2brett (Jun 29, 2005)

And the Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

==== Disk Partitions =========================

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

5.0
Aaron's WebVacuum 2
Absolute Fretboard Trainer PRO
Absolute MP3 Splitter version 2.8.7
ACDSee Pro 3
Adobe Audition 3.0
Adobe Audition 3.0.1 Patch
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Shockwave Player 11.5
AI RoboForm (All Users)
Alchemy Deluxe
ALi USB2.0 Driver
Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
Allstate Home Inventory 3.08
Amazing Adventures: The Lost Tomb
Amazon MP3 Downloader 1.0.5
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
AstroPop Deluxe
Atari: The 80 Classic Games
Atmosphere Deluxe v7.0
Atomica Deluxe
AudibleManager
Avi2Dvd 0.5
Avidemux 2.4
AviSynth 2.5
Bejeweled 2 Deluxe 1.1
Bejeweled Deluxe
Bejeweled Twist 1.0.3.7482
Beyond Compare Version 2.5.3
Big Kahuna Reef
Big Money Deluxe
Bing Maps 3D
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry USB Drivers
BlindWrite 6
Bonjour
Bonnie's Bookstore Deluxe
Bookworm Adventures Deluxe
Bookworm Deluxe
Broadcom Gigabit Integrated Controller
Calculator Powertoy for Windows XP
Canopus Codec Option
CBMR 5.0.1
Channel Master
Chuzzle Deluxe
CinemaNow Media Manager
Cisco Network Magic
ClocX (1.5b2)
Collectorz.com Movie Collector
Combined Community Codec Pack 2007-07-22
COMODO Internet Security
ConvertXtoDVD 3.3.2.100
Cool MP3 Splitter 2.2
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - VSTA
Coupon Printer for Windows
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
D'Accord Guitar Chord Dictionary 3.0
D-Link DWA-652 Xtreme N Notebook Adapter
Daniusoft Digital Music Converter(Build 2.4.3.0)
DataMirror Enterprise Administrator
DataMirror Transformation Server Access Control
DataMirror Transformation Server Management Console
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Resource CD
Dell Wireless WLAN Card
Diner Dash 2
DirectX 9 Runtime
Disk Investigator 1.4
DivX Codec
Driver Magician 3.5
DriverAgent by eSupport.com
Duplicate File Remover
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVD to iPod Converter 4
DVDFab 6.0.6.0 (04/09/2009)
dvdSanta 4.50
Dynomite Deluxe
EA SPORTS online 2006
Easy File & Folder Protector v4.2
ebgcInfra
ebgcRes
ebgcSDK
emlOpenView 1.6
eWallet 6.1 for BlackBerry
EZ Guitar Tabs
Family Feud
Feeding Frenzy 2 Deluxe
Feeding Frenzy Deluxe
Fences
ffdshow [rev 2583] [2009-01-05]
FileZilla Client 3.2.7.1
Finale NotePad 2004
Firebird SQL Server - MAGIX Edition
FLV Converter 2.5
Folder Marker Home v 3.0
Foxit PDF Editor
Foxit PDF IFilter
Foxit Phantom
Foxit Reader
FranklinCovey PlanPlus for Windows
Garmin City Navigator North America NT 2010.10 Update
Garmin City Navigator North America NT 2010.30
Garmin City Navigator North America NT 2010.40
Garmin City Navigator North America NT 2011.10 Update
Garmin Communicator Plugin
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GCH Guitar academy
Giganews Accelerator
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GSM 1.1.4.2
GST 2.3.8.4
Guitar Chord Buster Pro 4.4.0
Guitar FX BOX 2.6
Guitar Pro 5.2
GuitarCourses.ws Fretboard Trainer 1.0
Haali Media Splitter
Hammer Heads Deluxe
Hauppauge WinTV 7
Heavy Weapon Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows XP (KB954550-v5)
Hoyle Card Games 2010 (remove only)
IBM iSeries Access for Windows
Iggle Pop Deluxe
ImagXpress
Inpaint
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
InterCall Web Meeting
Internet Transporter - NCP Link
Inzomia Viewer 3.11
IrfanView (remove only)
ISO Recorder
IsoBuster 2.5.5
iTunes
J2SE Runtime Environment 5.0 Update 21
Java Auto Updater
Java(TM) 6 Update 20
JPG2PDF 2.2
Junk Mail filter update
Kate's Video Converter
LekuSoft Blu ray Ripper 5.50
LightZone 3.7
Line 6 Edit (remove only)
Line 6 Uninstaller
Link Commander
Logitech MouseWare 9.79 
Madden NFL 06
Magic Match
MagicDisc 2.7.106
MAGIX Music Maker 15 Premium Download version 15.0.1.8 (US)
MAGIX Screenshare 4.3.6.1987 (US)
Mahjong Escape: Ancient Japan
Malwarebytes' Anti-Malware
MediaSPace
MessageViewer Pro 3.1.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chinese TTS 5.1
Microsoft Choice Guard
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2010
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
MirrorFolder 4.1.194.18 (Retail)
Mobile Broadband Generic Drivers
Move Media Player
Mozilla Firefox (3.6.8)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Mummy Maze Deluxe
MusicLab RealGuitar 2.0
Mystery Case Files: Huntsville
Mystery PI
Mystery Solitaire: Secret Island
n-Track Studio 6
NCP Internet Transporter
Nero 7 Ultra Edition
Nero ControlCenter
neroxml
Network Magic
Nevo Audio Splitter 2.1
NewsLeecher v3.9 Final
NingPo MahJong Deluxe
Noah's Ark Deluxe
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
OmniPass 7.00.08
Opera 9.64
OZ776 SCR Driver V1.1.4.204
Pacific Fighters
Paragon Drive Copy™ 9.5 Personal
PartitionMagic
PayPal Plug-In
Pcsx2 0.9.6
Peggle Deluxe
PerfectDisk 10 Professional
PFConfig 1.0.278
PFPortChecker 1.0.32
Photo DVD Maker Professional 8.08
Photo Stamp Remover 2.0
PictureToTV 1.20
Pinnacle Studio LINX
Pixelus Deluxe
PizzaFrenzy
Platypus
PlayStation(R)Network Downloader
PlayStation(R)Store
PolderbitS Sound Recorder and Editor
PowerDVD
PowerDVD Ultra
PowerQuest PartitionMagic 8.0
Privacy Eraser Pro
ProCoder 3
Product Key Explorer 2.4.3
Pure Networks Platform
QBeez 2
QFolder
QuickTime
Radioshack USB-to-Serial cable
RapidShare Manager
RealPlayer
RealUpgrade 1.0
Registry Mechanic 8.0
Replay Media Catcher 3.02
ResumeMaker Ultimate
Revo Uninstaller Pro 2.1.5
Road Runner Install
Road Runner Medic 6.1
Robot/CONSOLE 5
Robot/NETWORK 10
Robot/SCHEDULE 10
Rocket Mania Deluxe
Rollcage
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Burn Manager
Roxio Burn Manager CDB
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Pro
Roxio Disaster Recovery
Roxio File Backup
Roxio Venue
Roxio Video Capture USB
RSA SecurID Software Token
Sandlot Games Client Services 1.2.2
SAPI Wrapper
Satellite TV PC Master v6.0
Save Flash 4.1
Security Task Manager 1.7f
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Segoe UI
Setup
Seven Seas Deluxe
SharePort Network USB Utility
SigmaTel Audio
SmartSound Quicktracks Plugin
SmartSound Sonicfire Pro 5
SnagIt 8
Sony Media Manager for PSP 3.0
Sony Noise Reduction Plug-In 2.0h
SopCast 3.0.3
SpeakText v20090219
Speed Meter Pro
SpeedFan (remove only)
Spirits of Metropolis v1.10
Spotmau 5.1.2.6407
SRS Audio Sandbox
Studio 8
SUPER © Version 2010.bld.37 (Jan 2, 2010)
Super Collapse 3
Super Internet TV v8.0 (Premium Edition)
System Explorer 1.5
Talismania Deluxe
TeamViewer 5
Text-To-Speech-Runtime
The KMPlayer (remove only)
TipTop Deluxe
Tradewinds Legends
TTS Wrapper
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Turbo Tax Audit Support Center 2.0
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TVUPlayer 2.4.9.1
TWC Customer Controls
Typer Shark Deluxe
U3Launcher
Ubee USB RNDIS and NDIS Driver 
UltraISO Premium V9.31
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Veetle TV 0.9.16
Venice Deluxe
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 0.9.4
VPN Client
Water Bugs
WD SmartWare
WebArchivesViewer
WebEx Support Manager for Internet Explorer
WebFldrs XP
WinDirStat 1.1.2
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
WinX HD Video Converter Deluxe 3.7
WM Recorder 12.1
Wondershare Time Freeze
Word Harmony Deluxe
Xilisoft Video Converter Ultimate 6
Xilisoft Video Cutter
Xvid 1.2.1 final uninstall
Zinio Reader
Zuma Deluxe

==== End Of File ===========================


----------



## jmw3 (Jul 23, 2007)

Apologies for the delay... I'll get back to you as soon as I can.


----------



## jmw3 (Jul 23, 2007)

Hi

A bit to do here. Your logs are showing signs of having multiple Anti-Virus programs installed. Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
If you have not already done so, remove both *Avast 5 & AVG10*, then run the following removal tools to clean up the left overs (run these even if you have already uninstalled the programs):
http://www.avast.com/uninstall-utility
http://www.avg.com/us-en/download-tools

*ComboFix*
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Scroll down to *Step 1* (where it says: *Step 1: Download the Setup disk program*), & select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.
*Note: If you have SP3, use the SP2 package.*
Save the file to the desktop of your computer
*Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools








Drag the setup package onto ComboFix.exe and drop it
If prompted by ComboFix to update, please do so
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console








At the next prompt, click *No* to exit
*CFScript*
Close any open browsers.
Open *notepad* and copy/paste the text in the code box below into it:


```
Rootkit::
c:\windows\system32\drivers\TDSSserv.sys
c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\system32\drivers\TDSSoiqh.dll
c:\windows\system32\drivers\TDSSoiqh.dat
c:\windows\system32\drivers\TDSStkdu.dll
c:\windows\system32\drivers\TDSSbubx.dll
c:\windows\system32\drivers\TDSSvvbj.dll
c:\windows\system32\drivers\TDSSbivk.dll
c:\windows\system32\drivers\TDSSkpjp.log
c:\windows\system32\drivers\TDSSuyfh.dll
c:\windows\system32\drivers\TDSSjllx.log
c:\windows\system32\drivers\TDSSolnk.log
Driver::
TDSSserv
TDSSpqlt
File::
c:\windows\lockdirs.dat
c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
DDS::
Trusted Zone: cinemanow.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
RegNul::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\User Data\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*]
FixCSet::
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at *"C:\ComboFix.txt"*
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix *SHOULD NOT* be used unless requested by a forum helper

Re-run DDS ensuring that your Anti-virus & Anti-spyware programs are correctly disabled.

To post in next reply:
ComboFix log
New DDS log
New Attach log


----------



## bart2brett (Jun 29, 2005)

ComboFix 10-09-08.02 - Pete 09/11/2010 15:30:32.4.2 - x86
Running from: c:\documents and settings\Pete\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pete\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll"
"c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll"
"c:\windows\lockdirs.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
c:\windows\lockdirs.dat

.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-08 00:23 . 2010-09-11 19:38	--------	d-----w-	c:\windows\system32\CatRoot2
2010-09-06 03:11 . 2010-06-28 20:57	38848	----a-w-	c:\windows\avastSS.scr
2010-09-06 02:38 . 2010-09-06 03:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-06 02:23 . 2009-10-30 19:08	29512	----a-w-	c:\windows\system32\TURegOpt.exe
2010-09-06 02:23 . 2009-10-30 19:01	30024	----a-w-	c:\windows\system32\uxtuneup.dll
2010-09-06 02:22 . 2010-09-06 02:23	--------	d-----w-	c:\program files\TuneUp Utilities 2010
2010-09-03 02:32 . 2010-09-03 02:32	307200	----a-w-	c:\documents and settings\Pete\Application Data\DataMirror\Management Console\configuration\org.eclipse.osgi\bundles\61\1\.cp\swt-win32-3346.dll
2010-09-03 02:32 . 2010-09-03 02:32	--------	d-----w-	c:\documents and settings\Pete\Application Data\DataMirror
2010-09-01 21:47 . 2010-09-01 21:47	--------	d-----w-	c:\documents and settings\Pete\Application Data\AVG10
2010-09-01 21:45 . 2010-09-01 21:45	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2010-09-01 21:43 . 2010-09-06 00:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG10
2010-08-30 23:33 . 2009-02-17 12:17	72520	----a-w-	c:\windows\system32\drivers\ftser2k.sys
2010-08-30 23:33 . 2009-02-17 12:19	57672	----a-w-	c:\windows\system32\drivers\ftdibus.sys
2010-08-30 23:33 . 2009-02-17 10:23	206144	----a-w-	c:\windows\system32\ftd2xx.dll
2010-08-30 23:33 . 2009-02-17 10:22	120136	----a-w-	c:\windows\system32\ftbusui.dll
2010-08-30 23:33 . 2010-08-30 23:33	--------	d-----w-	c:\program files\National Consumer Panel
2010-08-28 16:31 . 2010-08-28 16:40	--------	d-----w-	c:\program files\Spirits of Metropolis v1.10
2010-08-28 16:05 . 2009-02-24 22:42	116736	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2010-08-28 16:05 . 2010-08-28 16:05	--------	d-----w-	c:\program files\MagicDisc
2010-08-28 15:43 . 2010-08-28 15:43	--------	d-----w-	c:\documents and settings\Pete\Application Data\Verizon Wireless
2010-08-27 05:07 . 2010-08-27 05:07	--------	d-----w-	c:\windows\system32\wbem\Repository
2010-08-26 02:50 . 2010-08-26 02:50	--------	d-----w-	c:\program files\PolderbitS
2010-08-25 19:39 . 2010-06-28 22:04	21464	----a-w-	c:\windows\system32\NaBootMir.exe
2010-08-25 19:39 . 2010-02-24 21:16	512	----a-w-	c:\windows\MirDetected.bin
2010-08-25 19:39 . 2010-06-23 14:09	28648	----a-w-	c:\windows\system32\drivers\MirDisk.sys
2010-08-25 19:39 . 2010-06-23 14:09	33896	----a-w-	c:\windows\system32\drivers\HKDirFlt.sys
2010-08-25 19:39 . 2010-06-23 14:09	37016	----a-w-	c:\windows\system32\drivers\FolderHK.sys
2010-08-23 17:27 . 2009-12-30 15:20	27064	----a-w-	c:\windows\system32\drivers\revoflt.sys
2010-08-23 17:27 . 2010-08-23 17:27	--------	d-----w-	c:\program files\VS Revo Group
2010-08-23 15:13 . 2010-08-27 05:05	--------	d-----w-	c:\program files\JPG2PDF
2010-08-23 03:00 . 2010-08-23 03:00	--------	d-----w-	c:\documents and settings\LocalService\Application Data\TuneUp Software
2010-08-17 12:30 . 2009-09-03 14:37	16640	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-08-17 12:30 . 2010-08-17 12:30	--------	d-----w-	c:\program files\Daniusoft
2010-08-16 01:51 . 2007-04-12 18:19	129024	----a-w-	c:\windows\system32\AVERM.dll
2010-08-16 01:51 . 2006-09-26 17:57	28672	----a-w-	c:\windows\system32\AVEQT.dll
2010-08-16 01:51 . 2010-08-16 01:51	--------	d-----w-	c:\program files\Allok 3GP PSP MP4 iPod Video Converter
2010-08-14 16:42 . 2010-08-14 20:00	--------	d-----w-	c:\documents and settings\Pete\Downloads
2010-08-14 16:21 . 2010-08-28 17:33	--------	d-----w-	c:\program files\RapidShareManager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 19:04 . 2009-02-09 02:00	--------	d-----w-	c:\documents and settings\Pete\Application Data\SUPERAntiSpyware.com
2010-09-11 18:07 . 2009-02-11 15:32	--------	d-----w-	c:\program files\Alwil Software
2010-09-09 02:48 . 2009-02-03 02:39	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-09-07 16:14 . 2008-11-26 02:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Sonic
2010-09-07 16:14 . 2009-12-30 00:22	--------	d-----w-	c:\program files\Roxio 2010
2010-09-07 01:23 . 2009-02-14 20:04	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-09-06 23:53 . 2010-04-28 19:31	112	-c-h--w-	c:\windows\encdirs.dat
2010-09-06 23:52 . 2010-04-28 19:17	48	-c-h--w-	c:\windows\PwdManage.dat
2010-09-06 23:48 . 2010-04-28 19:14	37	----a-w-	c:\windows\sepath.dat
2010-09-06 23:32 . 2008-12-05 02:17	--------	d-----w-	c:\program files\Roxio
2010-09-06 23:32 . 2008-11-26 02:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\Roxio
2010-09-06 23:32 . 2008-11-26 03:10	--------	d-----w-	c:\documents and settings\Pete\Application Data\Roxio
2010-09-04 00:51 . 2008-11-27 04:52	--------	d-----w-	c:\program files\Easy File & Folder Protector
2010-09-04 00:48 . 2009-10-24 02:39	--------	d-----w-	c:\program files\Cool MP3 Splitter
2010-09-03 21:49 . 2009-04-23 01:29	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-09-03 01:31 . 2009-07-27 03:09	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-01 22:13 . 2009-12-19 00:28	--------	d-----w-	c:\program files\Makayama
2010-09-01 22:04 . 2010-03-30 14:23	--------	d-----w-	c:\program files\RegCure
2010-08-31 14:26 . 2009-08-31 01:49	--------	d-----w-	c:\program files\ACNielsen
2010-08-30 23:33 . 2008-11-22 01:47	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-28 15:58 . 2009-10-16 02:44	--------	d-----w-	c:\program files\Xvid
2010-08-28 15:58 . 2009-08-25 18:28	--------	d-----w-	c:\program files\speaktext
2010-08-28 15:58 . 2009-03-29 02:50	--------	d-----w-	c:\program files\Zinio
2010-08-28 15:58 . 2010-05-11 02:30	--------	d-----w-	c:\program files\SoundmaskerDeluxe
2010-08-28 15:58 . 2009-09-07 02:05	--------	d-----w-	c:\program files\RP3.1
2010-08-28 15:58 . 2009-07-28 18:07	--------	d-----w-	c:\program files\Spotmau
2010-08-28 15:58 . 2008-12-13 23:32	--------	d-----w-	c:\program files\QuickPar
2010-08-28 15:58 . 2010-05-10 23:47	--------	d-----w-	c:\program files\Atmosphere Deluxe
2010-08-28 15:58 . 2010-01-30 22:05	--------	d-----w-	c:\program files\BitTorrent
2010-08-28 15:58 . 2010-01-30 22:05	--------	d-----w-	c:\documents and settings\Pete\Application Data\BitTorrent
2010-08-28 15:44 . 2009-02-11 15:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\Verizon Wireless
2010-08-26 03:08 . 2010-07-24 21:54	477744	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-25 19:39 . 2010-04-28 19:14	--------	d-----w-	c:\program files\Wondershare
2010-08-19 01:51 . 2008-12-13 23:53	--------	d-----w-	c:\program files\dvdSanta
2010-08-11 02:48 . 2008-11-22 02:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-07 22:40 . 2009-02-08 16:46	109760	-c--a-w-	c:\documents and settings\Pete\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-07 00:59 . 2010-08-07 00:59	--------	d-----w-	c:\documents and settings\Pete\Application Data\Resort Labs
2010-08-07 00:59 . 2010-08-07 00:59	--------	d-----w-	c:\program files\Link Commander
2010-08-05 00:25 . 2010-08-05 00:25	23456	----a-w-	c:\windows\system32\drivers\DrvAgent32.sys
2010-07-31 20:58 . 2010-07-31 20:58	--------	d-----w-	c:\program files\SharpC
2010-07-31 16:45 . 2008-11-26 03:09	256	----a-w-	c:\windows\system32\pool.bin
2010-07-30 22:02 . 2010-07-30 21:51	--------	d-----w-	c:\program files\SpeedFan
2010-07-30 02:46 . 2010-07-30 02:44	--------	d-----w-	c:\program files\Driver Magician
2010-07-24 20:55 . 2010-07-24 20:52	--------	d-----w-	c:\documents and settings\Pete\Application Data\Western DigitalTemp
2010-07-24 20:55 . 2010-07-24 20:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\Western Digital
2010-07-24 19:46 . 2010-07-24 19:46	--------	d-----w-	c:\documents and settings\Pete\Application Data\Western Digital
2010-07-24 19:43 . 2010-07-24 19:43	--------	d-----w-	c:\program files\Western Digital
2010-07-23 00:29 . 2010-07-23 00:29	--------	d-----w-	c:\documents and settings\Pete\Application Data\Xilisoft
2010-07-23 00:22 . 2008-12-14 23:47	--------	d-----w-	c:\documents and settings\Pete\Application Data\Vso
2010-07-22 16:12 . 2008-11-27 03:04	--------	d-----w-	c:\program files\Google
2010-07-12 23:16 . 2010-07-12 23:16	3638	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_3D3DC91FC9DD2637D12FA2.exe
2010-07-12 23:16 . 2010-07-12 23:16	3638	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_31FAD3247F4B0F6385E90B.exe
2010-07-12 23:16 . 2010-07-12 23:16	10134	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_F8397BE02F4D062C7D8582.exe
2010-07-12 23:16 . 2010-07-12 23:16	10134	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_7EA93AB4D6B360FE8F56BE.exe
2010-07-12 23:16 . 2010-07-12 23:16	10134	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_380E8673AD6BA4E7CFE666.exe
2010-07-12 08:33 . 2010-07-12 08:33	51040	----a-w-	c:\windows\system32\avgfwdx.dll
2010-07-12 08:33 . 2010-07-12 08:33	30432	----a-w-	c:\windows\system32\drivers\avgfwdx.sys
2010-07-12 00:21 . 2010-07-11 22:57	2286080	----a-w-	c:\windows\system32\TUKernel.exe
2010-06-30 12:31 . 2008-11-23 04:26	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2006-03-04 03:33	832512	----a-w-	c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2008-11-23 04:27	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2008-11-23 04:27	17408	----a-w-	c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2008-11-23 04:26	1851904	----a-w-	c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-11-23 04:26	354304	------w-	c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-11-23 04:27	80384	----a-w-	c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-11-23 04:27	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-11-23 04:27	1172480	----a-w-	c:\windows\system32\msxml3.dll
2010-06-13 23:26 . 2010-06-13 23:26	10134	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-06-13 19:54 . 2010-06-13 19:54	2	--shatr-	c:\windows\winstart.bat
2010-04-27 00:39 . 2010-04-26 02:44	49152	-csha-w-	c:\program files\Thumbs.db
2009-09-25 03:07 . 2009-09-25 03:07	352256	-c--a-w-	c:\program files\USBExtreme.exe
2009-07-23 18:49 . 2009-11-24 23:41	72569774	-c--a-w-	c:\program files\3D_Driving-School_v3.1.exe
2009-02-03 22:08 . 2009-02-09 01:48	13227453	-c----w-	c:\program files\PROCESSLIST.DB
2009-02-03 22:08 . 2009-02-09 01:48	1118656	-c----w-	c:\program files\PROCESSLISTRELATED.DB
2008-12-01 00:44 . 2008-12-01 00:44	81920	-c--a-w-	c:\program files\sherlock.exe
2008-11-10 00:07 . 2009-12-24 01:18	6106480	-c--a-w-	c:\program files\RiffMaster Pro 3.0.exe
2007-03-04 18:30 . 2007-03-04 18:30	39060	-c--a-w-	c:\program files\Buffering2.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39047	-c--a-w-	c:\program files\Buffering5.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39040	-c--a-w-	c:\program files\Buffering1.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39038	-c--a-w-	c:\program files\Buffering6.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39035	-c--a-w-	c:\program files\Buffering4.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39033	-c--a-w-	c:\program files\Buffering3.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39020	-c--a-w-	c:\program files\Buffering7.jpg
2006-03-23 19:17 . 2008-11-27 02:52	114688	------w-	c:\program files\igfxzoom.exe
2004-05-25 03:05 . 2008-11-22 02:55	536631	------w-	c:\program files\procexp.exe
2003-04-29 09:33 . 2008-11-27 05:13	1328198	-c----w-	c:\program files\TuMeDrum.exe
2000-11-12 20:48 . 2008-11-27 04:41	220160	-c----w-	c:\program files\acpu.exe
2006-05-03 10:06 . 2010-03-27 16:28	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-03-27 16:28	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-03-27 16:28	216064	--sh--r-	c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( [email protected]_17.19.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-11 19:37 . 2010-09-11 19:37	16384 c:\windows\temp\Perflib_Perfdata_7d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-26 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-11-19 472112]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"MImpPro"="c:\program files\MImpPRO\MIProHst.exe" [2000-03-17 48128]
"SpotmauSecretary"="c:\program files\Spotmau\secretary\Spotmau_S.exe" [2010-02-05 625152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0NaBootMir

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pete^Start Menu^Programs^Startup^Registration-Studio 8 LE.lnk]
backup=c:\windows\pss\Registration-Studio 8 LE.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\D-Link\\SharePort\\SharePort Network USB Utility.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\program files\Common Files\Agilix\GoBinder\Binder.exe"= c:\program files\Common Files\Agilix\GoBinder\Binder.exe:127.0.0.1/255.255.255.255:Enabled:Agilix GoBinder
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Psygnosis\\Rollcage\\Direct3D\\Rollcage.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Help Systems\\Robot CONSOLE 5\\RobotConsole.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 06\\updater.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\JDownloader_PortableApps\\CommonFiles\\Java\\bin\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Program Files\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbopcon.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Satellite TV for PC 2009 Titanium Edition (Portable)\\PC Satellite TV.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabledure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57970:TCP"= 57970:TCPandoRest Listening Port
"9303:UDP"= 9303:UDP:SharePort Network USB Utility UDP Port

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
R0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [x]
R2 bsaspi32;bsaspi32; [x]
R2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;c:\program files\BVRP Connection Manager\BVRPNDIS.SYS [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 133104]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R3 CBMR Scheduler;CBMR Scheduler;c:\program files\Cristie\CBMR\_BSSVC.EXE [2006-10-31 36864]
R3 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
R3 DataMirror Transformation Server Access Server;DataMirror Transformation Server Access Server;c:\program files\DataMirror\Transformation Server Access Control\bin\dmaccessserver.exe [2008-02-29 90112]
R3 DataMirror Transformation Server Integration Server;DataMirror Transformation Server Integration Server;c:\program files\DataMirror\Transformation Server Access Control\bin\dmintegrationserver.exe [2008-02-29 90112]
R3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\Drivers\DlinkUDSTcpBus.sys [2008-11-11 97664]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-08-05 23456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 HauppaugeTVServer;HauppaugeTVServer;c:\program files\WinTV\TVServer\HauppaugeTVServer.exe [2009-06-05 434176]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2009-03-19 27904]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2009-03-19 1190784]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2009-03-19 1187072]
R3 L6PODLV;PODxt Live Service;c:\windows\system32\Drivers\L6PODLV.sys [2010-04-03 571136]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
R3 NUVision;Pinnacle LINX;c:\windows\system32\DRIVERS\NUVision.sys [2000-07-16 136352]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]
R3 SKYNETU;B2C2 Broadband Receiver USB Adapter;c:\windows\system32\DRIVERS\SkyNETU.SYS [2003-08-19 513688]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-07 25088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-03 457200]
R4 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [x]
R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
R4 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-03-29 717296]
R4 TS EA Access Server;TS EA Access Server;c:\program files\DataMirror\TS EA\dmservserv.exe [2006-01-27 57344]
R4 TS EA Integration Server;TS EA Integration Server;c:\program files\DataMirror\TS EA\dmis.exe [2006-01-27 49152]
S0 d346prt;d346prt;c:\windows\System32\Drivers\d346prt.sys [2004-03-13 5248]
S0 HKDirFlt;Wondershare HKDirFlt;c:\windows\system32\drivers\HKDirFlt.sys [2010-06-23 33896]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-13 40560]
S0 MirDisk;Wondershare Time Freeze;c:\windows\system32\drivers\MirDisk.sys [2010-06-23 28648]
S0 mrfoldr;MirrorFolder real-time replication driver;c:\windows\System32\drivers\mrfoldr.sys [2008-07-27 77304]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-02 21488]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-02 15856]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 229312]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 25240]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-02 25584]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-30 67656]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 mfsyncsv;MirrorFolder Auto-synchronization Service;c:\windows\system32\mfsyncsv.exe [2008-07-27 127352]
S2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\DRIVERS\pnpcap.sys [2008-12-14 23344]
S2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\Common Files\ICWM\Printer\RDIConverterService.exe [2008-10-01 64888]
S2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 202280]
S2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2010-02-05 354176]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-08 185640]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\DlinkUDSMBus.sys [2008-11-11 74624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-09-03 16640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 19:12]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 22:04]

2010-09-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-162531612-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-162531612-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234498901&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D808798880&id=64855
IE: Add to Link Commander collection - c:\program files\Link Commander\Libraries\add_link.htm
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open in Web Archives Viewer - c:\program files\WebArchivesViewer\IEContext.htm
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - c:\progra~1\LINKCO~1\LIBRAR~1\LCLaunch.dll
IE: {{4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - c:\progra~1\LINKCO~1\LIBRAR~1\LCAdd.dll
TCP: {DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53} = 10.9.60.1
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
FF - ProfilePath - c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\w8ha1gfu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - 
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\w8ha1gfu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\w8ha1gfu.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 15:39
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-162531612-1801674531-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"=""
"Increment"=".002874"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\program files\Softex\OmniPass\ginastub.dll
c:\program files\Softex\OmniPass\ssplogon.dll
c:\program files\Softex\OmniPass\RandomPass.dll
c:\program files\Softex\OmniPass\cryptodll.dll
c:\program files\Softex\OmniPass\storeng.dll
c:\program files\Softex\OmniPass\autheng.dll
c:\program files\Softex\OmniPass\userdata.dll
c:\program files\Softex\OmniPass\hdddrv.dll
c:\program files\Softex\OmniPass\ldapdrv.dll
c:\program files\Softex\OmniPass\cachedrv.dll
c:\program files\Softex\OmniPass\mstrpwd.dll

- - - - - - - > 'explorer.exe'(3792)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\program files\Fences\FencesMenu.dll
c:\program files\Wondershare\SafeLock\selockdir.dll
c:\program files\fences\DesktopDock.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Softex\OmniPass\Omniserv.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe
.
**************************************************************************
.
Completion time: 2010-09-11 15:45:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 19:45
ComboFix2.txt 2010-09-11 18:58
ComboFix3.txt 2010-09-09 17:24
ComboFix4.txt 2009-02-10 14:20

Pre-Run: 11,854,999,552 bytes free
Post-Run: 11,820,453,888 bytes free

- - End Of File - - 5BBB63C27E12A55DFADB22EE64BE9F69


----------



## bart2brett (Jun 29, 2005)

DDS (Ver_09-09-29.01) - NTFSx86 
Run by Pete at 15:52:05.45 on Sat 09/11/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234498901&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D808798880&id=64855
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe
mRun: [nmctxth] c:\program files\common files\pure networks shared\platform\nmctxth.exe
mRun: [nmapp] c:\program files\pure networks\network magic\nmapp.exe
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cfp.exe
mRun: [MImpPro] c:\program files\mimppro\MIProHst.exe
mRun: [SpotmauSecretary] c:\program files\spotmau\secretary\Spotmau_S.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\creati~1.lnk - c:\program files\creative element power tools\Startup.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link dwa-652 xtreme n notebook adapter\wirelesscm.exe
IE: Add to Link Commander collection - c:\program files\link commander\libraries\add_link.htm
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open in Web Archives Viewer - c:\program files\webarchivesviewer\IEContext.htm
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - c:\progra~1\linkco~1\librar~1\LCLaunch.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - c:\progra~1\linkco~1\librar~1\LCAdd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227406791671
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257564424453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53} = 10.9.60.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\fences\FencesMenu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\w8ha1gfu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - 
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-09-11 15:18 a-dshr--	C:\cmdcons
2010-09-09 12:32	77,312	a-------	c:\windows\MBR.exe
2010-09-09 12:32	256,512	a-------	c:\windows\PEV.exe
2010-09-07 20:23 --d-----	c:\windows\system32\CatRoot2
2010-09-05 23:11	38,848	a-------	c:\windows\avastSS.scr
2010-09-05 22:38 --d-----	c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-05 22:23	29,512	a-------	c:\windows\system32\TURegOpt.exe
2010-09-05 22:23	30,024	a-------	c:\windows\system32\uxtuneup.dll
2010-09-05 22:22 --d-----	c:\program files\TuneUp Utilities 2010
2010-09-02 22:32 --d-----	c:\docume~1\pete\applic~1\DataMirror
2010-09-01 17:47 --d-----	c:\docume~1\pete\applic~1\AVG10
2010-09-01 17:45 --d-h---	c:\docume~1\alluse~1\applic~1\Common Files
2010-09-01 17:43 --d-----	c:\docume~1\alluse~1\applic~1\AVG10
2010-08-30 19:33	72,520	a-------	c:\windows\system32\drivers\ftser2k.sys
2010-08-30 19:33	206,144	a-------	c:\windows\system32\ftd2xx.dll
2010-08-30 19:33	120,136	a-------	c:\windows\system32\ftbusui.dll
2010-08-30 19:33	57,672	a-------	c:\windows\system32\drivers\ftdibus.sys
2010-08-30 19:33 --d-----	c:\program files\National Consumer Panel
2010-08-28 12:31 --d-----	c:\program files\Spirits of Metropolis v1.10
2010-08-28 12:05	116,736	a-------	c:\windows\system32\drivers\mcdbus.sys
2010-08-28 12:05 --d-----	c:\program files\MagicDisc
2010-08-28 11:43 --d-----	c:\docume~1\pete\applic~1\Verizon Wireless
2010-08-27 01:07 --d-----	c:\windows\system32\wbem\Repository
2010-08-26 22:27	0	a-------	C:\_tmp_file
2010-08-25 22:50 --d-----	c:\program files\PolderbitS
2010-08-25 22:41	51,200	a-------	c:\windows\system32\MirFolder.cfg
2010-08-25 22:39	131,072	a-------	c:\windows\system32\mkdw48.acy
2010-08-25 22:39	131,072	a-------	c:\windows\system32\MirDisk.cfg
2010-08-25 15:39	21,464	a-------	c:\windows\system32\NaBootMir.exe
2010-08-25 15:39	512	a-------	c:\windows\MirDetected.bin
2010-08-25 15:39	37,016	a-------	c:\windows\system32\drivers\FolderHK.sys
2010-08-25 15:39	33,896	a-------	c:\windows\system32\drivers\HKDirFlt.sys
2010-08-25 15:39	28,648	a-------	c:\windows\system32\drivers\MirDisk.sys
2010-08-23 13:27	27,064	a-------	c:\windows\system32\drivers\revoflt.sys
2010-08-23 13:27 --d-----	c:\program files\VS Revo Group
2010-08-23 11:13 --d-----	c:\program files\JPG2PDF
2010-08-17 08:30	16,640	a-------	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-08-17 08:30 --d-----	c:\program files\Daniusoft
2010-08-15 21:51	129,024	a-------	c:\windows\system32\AVERM.dll
2010-08-15 21:51	28,672	a-------	c:\windows\system32\AVEQT.dll
2010-08-15 21:51 --d-----	c:\program files\Allok 3GP PSP MP4 iPod Video Converter
2010-08-14 12:42 --d-----	c:\documents and settings\pete\Downloads
2010-08-14 12:21 --d-----	c:\program files\RapidShareManager

==================== Find3M ====================

2010-08-04 20:25	23,456	a-------	c:\windows\system32\drivers\DrvAgent32.sys
2010-07-12 04:33	51,040	a-------	c:\windows\system32\avgfwdx.dll
2010-07-11 20:21	2,286,080	a-------	c:\windows\system32\TUKernel.exe
2010-06-30 08:31	149,504	a-------	c:\windows\system32\schannel.dll
2010-06-24 08:15	832,512	a-------	c:\windows\system32\wininet.dll
2010-06-24 08:15	78,336	a-------	c:\windows\system32\ieencode.dll
2010-06-24 08:15	17,408	a-------	c:\windows\system32\corpol.dll
2010-06-23 09:44	1,851,904	a-------	c:\windows\system32\win32k.sys
2010-06-17 10:03	80,384	a-------	c:\windows\system32\iccvid.dll
2010-06-14 10:31	744,448	a-------	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 03:41	1,172,480	a-------	c:\windows\system32\msxml3.dll
2010-05-21 21:13	256	a-------	c:\documents and settings\pete\pool.bin
2010-04-26 20:39	49,152	ac-sh---	c:\program files\Thumbs.db
2010-01-06 21:35	94,208	a-------	c:\docume~1\pete\applic~1\ezplay.sys
2009-09-24 23:07	352,256	ac------	c:\program files\USBExtreme.exe
2009-07-23 14:49	72,569,774	ac------	c:\program files\3D_Driving-School_v3.1.exe
2009-02-03 18:08	13,227,453	-c------	c:\program files\PROCESSLIST.DB
2009-02-03 18:08	1,118,656	-c------	c:\program files\PROCESSLISTRELATED.DB
2008-12-14 19:47	47,360	-c------	c:\docume~1\pete\applic~1\pcouffin.sys
2008-11-30 20:44	81,920	ac------	c:\program files\sherlock.exe
2008-11-09 20:07	6,106,480	ac------	c:\program files\RiffMaster Pro 3.0.exe
2007-03-04 14:30	39,060	ac------	c:\program files\Buffering2.jpg
2007-03-04 14:30	39,047	ac------	c:\program files\Buffering5.jpg
2007-03-04 14:30	39,040	ac------	c:\program files\Buffering1.jpg
2007-03-04 14:30	39,038	ac------	c:\program files\Buffering6.jpg
2007-03-04 14:30	39,035	ac------	c:\program files\Buffering4.jpg
2007-03-04 14:30	39,033	ac------	c:\program files\Buffering3.jpg
2007-03-04 14:30	39,020	ac------	c:\program files\Buffering7.jpg
2006-03-23 15:17	114,688	--------	c:\program files\igfxzoom.exe
2004-05-24 23:05	536,631	--------	c:\program files\procexp.exe
2003-04-29 05:33	1,328,198	-c------	c:\program files\TuMeDrum.exe
2000-11-12 16:48	220,160	-c------	c:\program files\acpu.exe
2006-05-03 06:06	163,328	---shr--	c:\windows\system32\flvDX.dll
2007-02-21 07:47	31,232	---shr--	c:\windows\system32\msfDX.dll
2008-03-16 09:30	216,064	---shr--	c:\windows\system32\nbDX.dll
2009-02-08 00:57	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020720090208\index.dat
2009-02-08 01:25	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat

============= FINISH: 15:52:36.78 ===============


----------



## bart2brett (Jun 29, 2005)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

==== Disk Partitions =========================

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

5.0
Aaron's WebVacuum 2
Absolute Fretboard Trainer PRO
Absolute MP3 Splitter version 2.8.7
ACDSee Pro 3
Adobe Audition 3.0
Adobe Audition 3.0.1 Patch
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Shockwave Player 11.5
AI RoboForm (All Users)
Alchemy Deluxe
ALi USB2.0 Driver
Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
Allstate Home Inventory 3.08
Amazing Adventures: The Lost Tomb
Amazon MP3 Downloader 1.0.5
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
AstroPop Deluxe
Atari: The 80 Classic Games
Atmosphere Deluxe v7.0
Atomica Deluxe
AudibleManager
Avi2Dvd 0.5
Avidemux 2.4
AviSynth 2.5
Bejeweled 2 Deluxe 1.1
Bejeweled Deluxe
Bejeweled Twist 1.0.3.7482
Beyond Compare Version 2.5.3
Big Kahuna Reef
Big Money Deluxe
Bing Maps 3D
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry USB Drivers
BlindWrite 6
Bonjour
Bonnie's Bookstore Deluxe
Bookworm Adventures Deluxe
Bookworm Deluxe
Broadcom Gigabit Integrated Controller
Calculator Powertoy for Windows XP
Canopus Codec Option
CBMR 5.0.1
Channel Master
Chuzzle Deluxe
CinemaNow Media Manager
Cisco Network Magic
ClocX (1.5b2)
Collectorz.com Movie Collector
Combined Community Codec Pack 2007-07-22
COMODO Internet Security
ConvertXtoDVD 3.3.2.100
Cool MP3 Splitter 2.2
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - VSTA
Coupon Printer for Windows
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
D'Accord Guitar Chord Dictionary 3.0
D-Link DWA-652 Xtreme N Notebook Adapter
Daniusoft Digital Music Converter(Build 2.4.3.0)
DataMirror Enterprise Administrator
DataMirror Transformation Server Access Control
DataMirror Transformation Server Management Console
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Resource CD
Dell Wireless WLAN Card
Diner Dash 2
DirectX 9 Runtime
Disk Investigator 1.4
DivX Codec
Driver Magician 3.5
DriverAgent by eSupport.com
Duplicate File Remover
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVD to iPod Converter 4
DVDFab 6.0.6.0 (04/09/2009)
dvdSanta 4.50
Dynomite Deluxe
EA SPORTS online 2006
Easy File & Folder Protector v4.2
ebgcInfra
ebgcRes
ebgcSDK
emlOpenView 1.6
eWallet 6.1 for BlackBerry
EZ Guitar Tabs
Family Feud
Feeding Frenzy 2 Deluxe
Feeding Frenzy Deluxe
Fences
ffdshow [rev 2583] [2009-01-05]
FileZilla Client 3.2.7.1
Finale NotePad 2004
Firebird SQL Server - MAGIX Edition
FLV Converter 2.5
Folder Marker Home v 3.0
Foxit PDF Editor
Foxit PDF IFilter
Foxit Phantom
Foxit Reader
FranklinCovey PlanPlus for Windows
Garmin City Navigator North America NT 2010.10 Update
Garmin City Navigator North America NT 2010.30
Garmin City Navigator North America NT 2010.40
Garmin City Navigator North America NT 2011.10 Update
Garmin Communicator Plugin
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GCH Guitar academy
Giganews Accelerator
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GSM 1.1.4.2
GST 2.3.8.4
Guitar Chord Buster Pro 4.4.0
Guitar FX BOX 2.6
Guitar Pro 5.2
GuitarCourses.ws Fretboard Trainer 1.0
Haali Media Splitter
Hammer Heads Deluxe
Hauppauge WinTV 7
Heavy Weapon Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows XP (KB954550-v5)
Hoyle Card Games 2010 (remove only)
IBM iSeries Access for Windows
Iggle Pop Deluxe
ImagXpress
Inpaint
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
InterCall Web Meeting
Internet Transporter - NCP Link
Inzomia Viewer 3.11
IrfanView (remove only)
ISO Recorder
IsoBuster 2.5.5
iTunes
J2SE Runtime Environment 5.0 Update 21
Java Auto Updater
Java(TM) 6 Update 20
JPG2PDF 2.2
Junk Mail filter update
Kate's Video Converter
LekuSoft Blu ray Ripper 5.50
LightZone 3.7
Line 6 Edit (remove only)
Line 6 Uninstaller
Link Commander
Logitech MouseWare 9.79 
Madden NFL 06
Magic Match
MagicDisc 2.7.106
MAGIX Music Maker 15 Premium Download version 15.0.1.8 (US)
MAGIX Screenshare 4.3.6.1987 (US)
Mahjong Escape: Ancient Japan
Malwarebytes' Anti-Malware
MediaSPace
MessageViewer Pro 3.1.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chinese TTS 5.1
Microsoft Choice Guard
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2010
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
MirrorFolder 4.1.194.18 (Retail)
Mobile Broadband Generic Drivers
Move Media Player
Mozilla Firefox (3.6.8)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Mummy Maze Deluxe
MusicLab RealGuitar 2.0
Mystery Case Files: Huntsville
Mystery PI
Mystery Solitaire: Secret Island
n-Track Studio 6
NCP Internet Transporter
Nero 7 Ultra Edition
Nero ControlCenter
neroxml
Network Magic
Nevo Audio Splitter 2.1
NewsLeecher v3.9 Final
NingPo MahJong Deluxe
Noah's Ark Deluxe
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
OmniPass 7.00.08
Opera 9.64
OZ776 SCR Driver V1.1.4.204
Pacific Fighters
Paragon Drive Copy™ 9.5 Personal
PartitionMagic
PayPal Plug-In
Pcsx2 0.9.6
Peggle Deluxe
PerfectDisk 10 Professional
PFConfig 1.0.278
PFPortChecker 1.0.32
Photo DVD Maker Professional 8.08
Photo Stamp Remover 2.0
PictureToTV 1.20
Pinnacle Studio LINX
Pixelus Deluxe
PizzaFrenzy
Platypus
PlayStation(R)Network Downloader
PlayStation(R)Store
PolderbitS Sound Recorder and Editor
PowerDVD
PowerDVD Ultra
PowerQuest PartitionMagic 8.0
Privacy Eraser Pro
ProCoder 3
Product Key Explorer 2.4.3
Pure Networks Platform
QBeez 2
QFolder
QuickTime
Radioshack USB-to-Serial cable
RapidShare Manager
RealPlayer
RealUpgrade 1.0
Registry Mechanic 8.0
Replay Media Catcher 3.02
ResumeMaker Ultimate
Revo Uninstaller Pro 2.1.5
Road Runner Install
Road Runner Medic 6.1
Robot/CONSOLE 5
Robot/NETWORK 10
Robot/SCHEDULE 10
Rocket Mania Deluxe
Rollcage
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Burn Manager
Roxio Burn Manager CDB
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Pro
Roxio Disaster Recovery
Roxio File Backup
Roxio Venue
Roxio Video Capture USB
RSA SecurID Software Token
Sandlot Games Client Services 1.2.2
SAPI Wrapper
Satellite TV PC Master v6.0
Save Flash 4.1
Security Task Manager 1.7f
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Segoe UI
Setup
Seven Seas Deluxe
SharePort Network USB Utility
SigmaTel Audio
SmartSound Quicktracks Plugin
SmartSound Sonicfire Pro 5
SnagIt 8
Sony Media Manager for PSP 3.0
Sony Noise Reduction Plug-In 2.0h
SopCast 3.0.3
SpeakText v20090219
Speed Meter Pro
SpeedFan (remove only)
Spirits of Metropolis v1.10
Spotmau 5.1.2.6407
SRS Audio Sandbox
Studio 8
SUPER © Version 2010.bld.37 (Jan 2, 2010)
Super Collapse 3
Super Internet TV v8.0 (Premium Edition)
System Explorer 1.5
Talismania Deluxe
TeamViewer 5
Text-To-Speech-Runtime
The KMPlayer (remove only)
TipTop Deluxe
Tradewinds Legends
TTS Wrapper
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Turbo Tax Audit Support Center 2.0
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TVUPlayer 2.4.9.1
TWC Customer Controls
Typer Shark Deluxe
U3Launcher
Ubee USB RNDIS and NDIS Driver 
UltraISO Premium V9.31
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Veetle TV 0.9.16
Venice Deluxe
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 0.9.4
VPN Client
Water Bugs
WD SmartWare
WebArchivesViewer
WebEx Support Manager for Internet Explorer
WebFldrs XP
WinDirStat 1.1.2
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
WinX HD Video Converter Deluxe 3.7
WM Recorder 12.1
Wondershare Time Freeze
Word Harmony Deluxe
Xilisoft Video Converter Ultimate 6
Xilisoft Video Cutter
Xvid 1.2.1 final uninstall
Zinio Reader
Zuma Deluxe

==== End Of File ===========================


----------



## jmw3 (Jul 23, 2007)

Hi

Did you run the AVG & Avast removal tools as requested?

*Registry Cleaners + "Tweak" Tools*

Re. *Registry Mechanic 8.0 | TuneUp Utilities*

I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools. They are marketed as ways to make your machine run faster and more efficiently ...... _Some will actually achieve this_ .... *IF you know how to use them correctly.*
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though.
Stopping services & setting policies _can_ speed up your machine ..... as long as you stop & set the right ones, & even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, & not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing & what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them. I would strongly recommend their removal.

Discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

*WinPcap 4.0* - Did you install this yourself?

Before proceeding any further, could I get an update on how the computer is running & any problems?


----------



## bart2brett (Jun 29, 2005)

I will read the 2 links you provided. I may have installed WinPcap, I don't remember. Should I remove it? If I find I needed it for something, I can get it from the official site.

I seem to have gotten rid of the selockdir issue by removing Wondershare SafeLock. I also downloaded the SuperAntiSpyware removal tool from their website and it seems to have solved the issue I was having with it trying to start even after I uninstalled it.

I did run the two removal tools that you suggested. When can I reinstall my anti-virus?


----------



## jmw3 (Jul 23, 2007)

Hi

WinPcap is a legitimate program, however it can be utilised by malware. That's the reason I asked if you installed it yourself.



> I did run the two removal tools that you suggested. When can I reinstall my anti-virus?


Haven't you already got *COMODO Internet Security* installed? Or did you uninstall that also? If so you can re-install it.

It's possible there is a problem with the *Windows Management Instrumentation* (WMI) on your computer. Notice how the DDS logs are showing no information under some of the headings?
To check the WMI, do this:
Right-click the *My Computer* icon & select *Manage* (Alternate: Click Start, Control Panel, Administrative Tools, Computer Management)
Left-click the *[+]* next to *Services and Applications* to expand the tree view
Left-click on *WMI Control*
Now, right-click on the same WMI Control item and select *Properties*
If WMI is working properly, you will see *Successfully connected to <local computer>* followed by information about your computer
If WMI is broken, you will see one or more error messages in the dialog
If there are error messages, could you post what they are


----------



## bart2brett (Jun 29, 2005)

WMI properties show connected but has this error:
Failed to connect to <local computer>
because "Interface Class not registered"


----------



## jmw3 (Jul 23, 2007)

Hi

Let's start with the obvious:
Click *Start > Run*, then copy/paste *Services.msc* into the text box & click *OK*
Click the *Name* tab to alphabetise the list of Services, then scroll down to *Windows Management Instrumentation*
Right click on it then choose *Properties*
From the drop down list next to *Startup type* choose *Automatic*
Under *Service status* click *Start*, then click *Apply* & OK your way out
Check the status of the WMI again by following the instructions in my last post.


----------



## bart2brett (Jun 29, 2005)

The service was already 'automatic'. I changed the WMI driver extension service to automatic as well. I rebooted and rechecked the WMI again. There is no change.


----------



## jmw3 (Jul 23, 2007)

Hi

Ok, try this:

Click *Start > Run* then copy/paste the following bold text into the text box & click *OK*

*rundll32 wbemupgd, UpgradeRepository*

Once that's done you will find the results at C:\Windows\system32\wbem\logs\*setup.log*. Post the contents of that log in your next reply & again check the status of the WMI.

The folders may be hidden, so do this prior to navigating to the log:
*View Hidden Files & Folders* Windows XP
To view Hidden Files & Folders do the following:
Click *Start* 
Open *My Computer* 
Select the *Tools* menu and click *Folder Options* 
Select the *View* Tab 
Under the *Hidden files and folders* heading select *Show hidden files and folders* 
Uncheck the *Hide protected operating system files (recommended)* option 
Click *Yes* to confirm 
Click *OK*


----------



## bart2brett (Jun 29, 2005)

Mon Sep 13 13:24:00 2010): ================================================================================
(Mon Sep 13 13:24:00 2010): Beginning WBEM Service Pack Installation
(Mon Sep 13 13:24:00 2010): Current build of wbemupgd.dll is 5.1.2600.5512 (xpsp.080413-2108)
(Mon Sep 13 13:24:00 2010): Current build of wbemcore.dll is 5.1.2600.5512 (xpsp.080413-2108)
(Mon Sep 13 13:24:00 2010): Failing Connecting to Namespace [root\default] with result [80040154]
(Mon Sep 13 13:24:00 2010): One or more core modules is not registered; registering.

Now the WMI properties say: Failed to connect to <local computer>
because "Windows: Server execution failed"

I rebooted and now it says Successfully Connected to: <local computer>


----------



## jmw3 (Jul 23, 2007)

Hi

OK... was there information about your computer listed below "Successfully Connected to: <local computer>"?

Can you run DDS again & post the logs


----------



## bart2brett (Jun 29, 2005)

Yes it has the system information.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/21/2008 8:19:05 PM
System Uptime: 9/13/2010 7:25:57 PM (3 hours ago)

Motherboard: Dell Inc. | | 0FT292
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 1664/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 10.423 GiB free.
D: is CDROM ()
K: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0004
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0004
Service: d346bus

==== System Restore Points ===================

RP36: 8/22/2010 10:56:56 PM - Removed TuneUp Utilities
RP37: 8/22/2010 10:58:01 PM - Removed TuneUp Utilities Language Pack (en-US)
RP38: 8/22/2010 10:58:41 PM - Installed TuneUp Utilities
RP39: 8/22/2010 11:04:01 PM - Removed TuneUp Utilities
RP40: 8/22/2010 11:04:54 PM - Removed TuneUp Utilities Language Pack (en-US)
RP41: 8/27/2010 12:54:13 AM - Restore Operation
RP42: 8/27/2010 1:05:00 AM - Restore Operation
RP43: 8/28/2010 11:44:16 AM - Revo Uninstaller Pro's restore point - VZAccess Manager
RP44: 8/28/2010 12:06:05 PM - Revo Uninstaller Pro's restore point - DAEMON Tools
RP45: 8/28/2010 12:06:55 PM - Removed 
RP46: 8/30/2010 7:29:10 PM - Revo Uninstaller Pro's restore point - Homescan Internet Transporter
RP47: 8/30/2010 7:33:36 PM - Installed NCP Internet Transporter
RP48: 9/1/2010 5:06:43 PM - Revo Uninstaller Pro's restore point - avast! Antivirus
RP49: 9/1/2010 5:43:18 PM - Installed AVG 2011
RP50: 9/1/2010 5:43:44 PM - Installed AVG 2011
RP51: 9/1/2010 6:04:23 PM - Revo Uninstaller Pro's restore point - RegCure
RP52: 9/1/2010 6:10:01 PM - Revo Uninstaller Pro's restore point - Easy WiFi Radar PRO 1.0.0
RP53: 9/2/2010 4:14:12 PM - Software Distribution Service 3.0
RP54: 9/3/2010 5:53:51 PM - Revo Uninstaller Pro's restore point - Secunia PSI
RP55: 9/5/2010 6:33:17 PM - Revo Uninstaller Pro's restore point - Process Lasso
RP56: 9/5/2010 10:22:37 PM - Installed TuneUp Utilities
RP57: 9/5/2010 10:38:42 PM - avast! Internet Security Setup
RP58: 9/5/2010 11:04:40 PM - Revo Uninstaller Pro's restore point - avast! Internet Security
RP59: 9/5/2010 11:05:12 PM - avast! Internet Security Setup
RP60: 9/5/2010 11:11:14 PM - avast! Free Antivirus Setup
RP61: 9/6/2010 7:05:20 PM - Installed WD SmartWare
RP62: 9/6/2010 7:32:06 PM - Revo Uninstaller Pro's restore point - Roxio PhotoShow
RP63: 9/6/2010 7:37:48 PM - Revo Uninstaller Pro's restore point - Roxio Creator 2010 Content
RP64: 9/6/2010 7:39:54 PM - Removed Roxio Creator 2010 Content.
RP65: 9/6/2010 8:47:06 PM - Revo Uninstaller Pro's restore point - Creative Element Power Tools
RP66: 9/7/2010 7:09:49 PM - Restore Operation
RP67: 9/7/2010 8:00:09 PM - Restore Operation
RP68: 9/8/2010 10:47:42 PM - Revo Uninstaller Pro's restore point - SUPERAntiSpyware Professional
RP69: 9/8/2010 10:48:10 PM - Removed SUPERAntiSpyware Professional
RP70: 9/11/2010 6:33:39 PM - Revo Uninstaller Pro's restore point - Wondershare Time Freeze
RP71: 9/12/2010 1:14:11 PM - Installed Windows Installer Clean Up
RP72: 9/12/2010 1:18:13 PM - Installed Cisco Network Magic
RP73: 9/12/2010 1:30:23 PM - Installed Cisco Network Magic
RP74: 9/12/2010 4:38:08 PM - avast! Free Antivirus Setup
RP75: 9/13/2010 5:03:21 PM - System Checkpoint

==== Installed Programs ======================

5.0
Aaron's WebVacuum 2
Absolute Fretboard Trainer PRO
Absolute MP3 Splitter version 2.8.7
ACDSee Pro 3
Adobe Audition 3.0
Adobe Audition 3.0.1 Patch
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Shockwave Player 11.5
AI RoboForm (All Users)
Alchemy Deluxe
ALi USB2.0 Driver
Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
Allstate Home Inventory 3.08
Amazing Adventures: The Lost Tomb
Amazon MP3 Downloader 1.0.5
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
AstroPop Deluxe
Atari: The 80 Classic Games
Atmosphere Deluxe v7.0
Atomica Deluxe
AudibleManager
avast! Free Antivirus
Avi2Dvd 0.5
Avidemux 2.4
AviSynth 2.5
Bejeweled 2 Deluxe 1.1
Bejeweled Deluxe
Bejeweled Twist 1.0.3.7482
Beyond Compare Version 2.5.3
Big Kahuna Reef
Big Money Deluxe
Bing Maps 3D
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry USB Drivers
BlindWrite 6
Bonjour
Bonnie's Bookstore Deluxe
Bookworm Adventures Deluxe
Bookworm Deluxe
Broadcom Gigabit Integrated Controller
Calculator Powertoy for Windows XP
Canopus Codec Option
CBMR 5.0.1
Channel Master
Chuzzle Deluxe
CinemaNow Media Manager
Cisco Network Magic
ClocX (1.5b2)
Collectorz.com Movie Collector
Combined Community Codec Pack 2007-07-22
COMODO Internet Security
ConvertXtoDVD 3.3.2.100
Cool MP3 Splitter 2.2
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - VSTA
Coupon Printer for Windows
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
D'Accord Guitar Chord Dictionary 3.0
D-Link DWA-652 Xtreme N Notebook Adapter
Daniusoft Digital Music Converter(Build 2.4.3.0)
DataMirror Enterprise Administrator
DataMirror Transformation Server Access Control
DataMirror Transformation Server Management Console
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Resource CD
Dell Wireless WLAN Card
Diner Dash 2
DirectX 9 Runtime
Disk Investigator 1.4
DivX Codec
Driver Magician 3.5
DriverAgent by eSupport.com
Duplicate File Remover
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVD to iPod Converter 4
DVDFab 6.0.6.0 (04/09/2009)
dvdSanta 4.50
Dynomite Deluxe
EA SPORTS online 2006
Easy File & Folder Protector v4.2
ebgcInfra
ebgcRes
ebgcSDK
emlOpenView 1.6
eWallet 6.1 for BlackBerry
EZ Guitar Tabs
Family Feud
Feeding Frenzy 2 Deluxe
Feeding Frenzy Deluxe
Fences
ffdshow [rev 2583] [2009-01-05]
FileZilla Client 3.2.7.1
Finale NotePad 2004
Firebird SQL Server - MAGIX Edition
FLV Converter 2.5
Folder Marker Home v 3.0
Foxit PDF Editor
Foxit PDF IFilter
Foxit Phantom
Foxit Reader
FranklinCovey PlanPlus for Windows
Garmin City Navigator North America NT 2010.10 Update
Garmin City Navigator North America NT 2010.30
Garmin City Navigator North America NT 2010.40
Garmin City Navigator North America NT 2011.10 Update
Garmin Communicator Plugin
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GCH Guitar academy
Giganews Accelerator
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GSM 1.1.4.2
GST 2.3.8.4
Guitar Chord Buster Pro 4.4.0
Guitar FX BOX 2.6
Guitar Pro 5.2
GuitarCourses.ws Fretboard Trainer 1.0
Haali Media Splitter
Hammer Heads Deluxe
Hauppauge WinTV 7
Heavy Weapon Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows XP (KB954550-v5)
Hoyle Card Games 2010 (remove only)
IBM iSeries Access for Windows
Iggle Pop Deluxe
ImagXpress
Inpaint
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
InterCall Web Meeting
Internet Transporter - NCP Link
Inzomia Viewer 3.11
IrfanView (remove only)
ISO Recorder
IsoBuster 2.5.5
iTunes
J2SE Runtime Environment 5.0 Update 21
Java Auto Updater
Java(TM) 6 Update 20
JPG2PDF 2.2
Junk Mail filter update
Kate's Video Converter
LekuSoft Blu ray Ripper 5.50
LightZone 3.7
Line 6 Edit (remove only)
Line 6 Uninstaller
Link Commander
Logitech MouseWare 9.79 
Madden NFL 06
Magic Match
MagicDisc 2.7.106
MAGIX Music Maker 15 Premium Download version 15.0.1.8 (US)
MAGIX Screenshare 4.3.6.1987 (US)
Mahjong Escape: Ancient Japan
Malwarebytes' Anti-Malware
MediaSPace
MessageViewer Pro 3.1.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chinese TTS 5.1
Microsoft Choice Guard
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2010
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
MirrorFolder 4.1.194.18 (Retail)
Mobile Broadband Generic Drivers
Move Media Player
Mozilla Firefox (3.6.8)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Mummy Maze Deluxe
MusicLab RealGuitar 2.0
Mystery Case Files: Huntsville
Mystery PI
Mystery Solitaire: Secret Island
n-Track Studio 6
NCP Internet Transporter
Nero 7 Ultra Edition
Nero ControlCenter
neroxml
Network Magic
Nevo Audio Splitter 2.1
NewsLeecher v3.9 Final
NingPo MahJong Deluxe
Noah's Ark Deluxe
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
OmniPass 7.00.08
Opera 9.64
OZ776 SCR Driver V1.1.4.204
Pacific Fighters
Paragon Drive Copy™ 9.5 Personal
PartitionMagic
PayPal Plug-In
Pcsx2 0.9.6
Peggle Deluxe
PerfectDisk 10 Professional
PFConfig 1.0.278
PFPortChecker 1.0.32
Photo DVD Maker Professional 8.08
Photo Stamp Remover 2.0
PictureToTV 1.20
Pinnacle Studio LINX
Pixelus Deluxe
PizzaFrenzy
Platypus
PlayStation(R)Network Downloader
PlayStation(R)Store
PolderbitS Sound Recorder and Editor
PowerDVD
PowerDVD Ultra
PowerQuest PartitionMagic 8.0
Privacy Eraser Pro
ProCoder 3
Product Key Explorer 2.4.3
Pure Networks Platform
QBeez 2
QFolder
QuickTime
Radioshack USB-to-Serial cable
RapidShare Manager
RealPlayer
RealUpgrade 1.0
Registry Mechanic 8.0
Replay Media Catcher 3.02
ResumeMaker Ultimate
Revo Uninstaller Pro 2.1.5
Road Runner Install
Road Runner Medic 6.1
Robot/CONSOLE 5
Robot/NETWORK 10
Robot/SCHEDULE 10
Rocket Mania Deluxe
Rollcage
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Burn Manager
Roxio Burn Manager CDB
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Pro
Roxio Disaster Recovery
Roxio File Backup
Roxio Venue
Roxio Video Capture USB
RSA SecurID Software Token
Sandlot Games Client Services 1.2.2
SAPI Wrapper
Satellite TV PC Master v6.0
Save Flash 4.1
Security Task Manager 1.7f
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Segoe UI
Setup
Seven Seas Deluxe
SharePort Network USB Utility
SigmaTel Audio
SmartSound Quicktracks Plugin
SmartSound Sonicfire Pro 5
SnagIt 8
Sony Media Manager for PSP 3.0
Sony Noise Reduction Plug-In 2.0h
SopCast 3.0.3
SpeakText v20090219
Speed Meter Pro
SpeedFan (remove only)
Spirits of Metropolis v1.10
Spotmau 5.1.2.6407
SRS Audio Sandbox
Studio 8
SUPER © Version 2010.bld.37 (Jan 2, 2010)
Super Collapse 3
Super Internet TV v8.0 (Premium Edition)
System Explorer 1.5
Talismania Deluxe
TeamViewer 5
Text-To-Speech-Runtime
The KMPlayer (remove only)
TipTop Deluxe
Tradewinds Legends
TTS Wrapper
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Turbo Tax Audit Support Center 2.0
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TVUPlayer 2.4.9.1
TWC Customer Controls
Typer Shark Deluxe
U3Launcher
Ubee USB RNDIS and NDIS Driver 
UltraISO Premium V9.31
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Veetle TV 0.9.16
Venice Deluxe
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 0.9.4
VPN Client
Water Bugs
WD SmartWare
WebArchivesViewer
WebEx Support Manager for Internet Explorer
WebFldrs XP
WinDirStat 1.1.2
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
WinX HD Video Converter Deluxe 3.7
WM Recorder 12.1
Word Harmony Deluxe
Xilisoft Video Converter Ultimate 6
Xilisoft Video Cutter
Xvid 1.2.1 final uninstall
Zinio Reader
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

9/8/2010 8:05:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswTdi d346bus
9/8/2010 2:49:16 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
9/8/2010 2:00:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: d346bus
9/8/2010 2:00:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TuneUp Utilities Service service to connect.
9/8/2010 2:00:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.
9/8/2010 2:00:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PDAgent service to connect.
9/8/2010 2:00:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cyberlink RichVideo Service(CRVS) service to connect.
9/8/2010 2:00:03 PM, error: Service Control Manager [7000] - The TuneUp Utilities Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/8/2010 2:00:03 PM, error: Service Control Manager [7000] - The PDAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/8/2010 2:00:03 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/8/2010 2:00:03 PM, error: Service Control Manager [7000] - The BVRPNDIS Protocol Driver U/I service failed to start due to the following error: The system cannot find the path specified.
9/8/2010 2:00:03 PM, error: Service Control Manager [7000] - The bsaspi32 service failed to start due to the following error: The system cannot find the file specified.
9/8/2010 2:00:03 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The system cannot find the path specified.
9/8/2010 2:00:03 PM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the path specified.
9/8/2010 2:00:03 PM, error: Service Control Manager [7000] - The AVG Firewall service failed to start due to the following error: The system cannot find the path specified.
9/7/2010 9:51:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD Aspi32 aswSP aswTdi Avgldx86 Avgmfx86 Avgtdix cmdGuard cmdHlp d346bus Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip vmm
9/7/2010 9:51:27 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2010 9:51:27 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2010 9:51:27 PM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2010 9:51:27 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2010 9:51:27 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2010 9:51:27 PM, error: Service Control Manager [7001] - The Cisco Systems, Inc. VPN Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2010 9:50:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/7/2010 8:44:05 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 7:01:45 PM, error: Service Control Manager [7001] - The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/7/2010 6:26:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 Aspi32 aswSP aswTdi Avgldx86 Avgmfx86 cmdGuard d346bus Fips intelppm SASDIFSV SASKUTIL vmm
9/13/2010 10:19:14 AM, error: Service Control Manager [7034] - The Softex OmniPass Service service terminated unexpectedly. It has done this 1 time(s).
9/13/2010 10:19:09 AM, error: Service Control Manager [7034] - The TeamViewer 5 service terminated unexpectedly. It has done this 1 time(s).
9/12/2010 11:52:30 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH d346bus
9/10/2010 8:34:17 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
9/10/2010 10:56:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Remote Desktop Help Session Manager service to connect.
9/10/2010 10:56:03 PM, error: Service Control Manager [7000] - The Remote Desktop Help Session Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

DDS (Ver_09-09-29.01) - NTFSx86 
Run by Pete at 22:17:35.56 on Mon 09/13/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2075 [GMT -4:00]

AV: AVG Internet Security 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\mfsyncsv.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\MImpPRO\MIProHst.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe
C:\Program Files\Veetle\Player\player.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Pete\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234498901&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D808798880&id=64855
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
mRun: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe
mRun: [nmctxth] c:\program files\common files\pure networks shared\platform\nmctxth.exe
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cfp.exe
mRun: [MImpPro] c:\program files\mimppro\MIProHst.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link dwa-652 xtreme n notebook adapter\wirelesscm.exe
IE: Add to Link Commander collection - c:\program files\link commander\libraries\add_link.htm
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open in Web Archives Viewer - c:\program files\webarchivesviewer\IEContext.htm
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - c:\progra~1\linkco~1\librar~1\LCLaunch.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - c:\progra~1\linkco~1\librar~1\LCAdd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227406791671
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257564424453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53} = 10.9.60.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\fences\FencesMenu.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\w8ha1gfu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - 
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\pete\application data\mozilla\firefox\profiles\w8ha1gfu.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\pete\application data\mozilla\firefox\profiles\w8ha1gfu.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2009-3-30 5248]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-5-25 40560]
R0 mrfoldr;MirrorFolder real-time replication driver;c:\windows\system32\drivers\mrfoldr.sys [2009-3-5 77304]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-12-29 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-12-29 15856]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-12 165584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 25240]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-12-29 25584]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-12 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-12 40384]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1778480]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-19 304464]
R2 mfsyncsv;MirrorFolder Auto-synchronization Service;c:\windows\system32\mfsyncsv.exe [2009-3-5 127352]
R2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [2009-10-5 23344]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\common files\icwm\printer\RDIConverterService.exe [2008-10-1 64888]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2009-11-21 202280]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2009-7-28 354176]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-8 185640]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-12 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-12 40384]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [2008-11-11 74624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-19 20952]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-8-17 16640]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-26 54432]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
S0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys --> c:\windows\system32\drivers\d346bus.sys [?]
S2 bsaspi32;bsaspi32; [x]
S2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;\??\c:\program files\bvrp connection manager\bvrpndis.sys --> c:\program files\bvrp connection manager\BVRPNDIS.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-4 133104]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
S3 CBMR Scheduler;CBMR Scheduler;c:\program files\cristie\cbmr\_BSSVC.EXE [2006-10-31 36864]
S3 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\mediacoder\sysinfo.sys --> c:\program files\mediacoder\SysInfo.sys [?]
S3 DataMirror Transformation Server Access Server;DataMirror Transformation Server Access Server;c:\program files\datamirror\transformation server access control\bin\dmaccessserver.exe [2008-2-29 90112]
S3 DataMirror Transformation Server Integration Server;DataMirror Transformation Server Integration Server;c:\program files\datamirror\transformation server access control\bin\dmintegrationserver.exe [2008-2-29 90112]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [2008-11-11 97664]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-8-4 23456]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-1-10 1527900]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2009-10-18 434176]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2009-10-18 27904]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2009-10-18 1190784]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2009-10-18 1187072]
S3 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-9-29 13088]
S3 L6PODLV;PODxt Live Service;c:\windows\system32\drivers\L6PODLV.sys [2010-5-19 571136]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 NUVision;Pinnacle LINX;c:\windows\system32\drivers\Nuvision.sys [2010-3-27 136352]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-8-23 27064]
S3 SKYNETU;B2C2 Broadband Receiver USB Adapter;c:\windows\system32\drivers\SkyNETU.sys [2010-8-6 513688]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-7 25088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-21 280344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-7-24 11520]
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
S4 avgfws;AVG Firewall;"c:\program files\avg\avg10\avgfws.exe" --> c:\program files\avg\avg10\avgfws.exe [?]
S4 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?]
S4 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S4 TS EA Access Server;TS EA Access Server;c:\program files\datamirror\ts ea\dmservserv.exe [2006-1-27 57344]
S4 TS EA Integration Server;TS EA Integration Server;c:\program files\datamirror\ts ea\dmis.exe [2006-1-27 49152]

=============== Created Last 30 ================

2010-09-12 13:14 --d-----	c:\program files\Windows Installer Clean Up
2010-09-05 22:38 --d-----	c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-05 22:22 --d-----	c:\program files\TuneUp Utilities 2010
2010-09-02 22:32 --d-----	c:\docume~1\pete\applic~1\DataMirror
2010-09-01 17:47 --d-----	c:\docume~1\pete\applic~1\AVG10
2010-09-01 17:45 --d-h---	c:\docume~1\alluse~1\applic~1\Common Files
2010-09-01 17:43 --d-----	c:\docume~1\alluse~1\applic~1\AVG10
2010-08-30 19:33 --d-----	c:\program files\National Consumer Panel
2010-08-28 12:31 --d-----	c:\program files\Spirits of Metropolis v1.10
2010-08-28 12:05 --d-----	c:\program files\MagicDisc
2010-08-28 11:43 --d-----	c:\docume~1\pete\applic~1\Verizon Wireless
2010-08-25 22:50 --d-----	c:\program files\PolderbitS
2010-08-23 13:27 --d-----	c:\program files\VS Revo Group
2010-08-23 11:13 --d-----	c:\program files\JPG2PDF
2010-08-17 08:30 --d-----	c:\program files\Daniusoft
2010-08-15 21:51 --d-----	c:\program files\Allok 3GP PSP MP4 iPod Video Converter

==================== Find3M ====================

2010-09-07 11:12	38,848	a-------	c:\windows\avastSS.scr
2010-08-04 20:25	23,456	a-------	c:\windows\system32\drivers\DrvAgent32.sys
2010-07-12 04:33	51,040	a-------	c:\windows\system32\avgfwdx.dll
2010-07-11 20:21	2,286,080	a-------	c:\windows\system32\TUKernel.exe
2010-06-30 08:31	149,504	a-------	c:\windows\system32\schannel.dll
2010-06-24 08:15	832,512	a-------	c:\windows\system32\wininet.dll
2010-06-24 08:15	78,336	a-------	c:\windows\system32\ieencode.dll
2010-06-24 08:15	17,408	a-------	c:\windows\system32\corpol.dll
2010-06-23 09:44	1,851,904	a-------	c:\windows\system32\win32k.sys
2010-06-17 10:03	80,384	a-------	c:\windows\system32\iccvid.dll
2010-05-21 21:13	256	a-------	c:\documents and settings\pete\pool.bin
2010-04-26 20:39	49,152	ac-sh---	c:\program files\Thumbs.db
2010-01-06 21:35	94,208	a-------	c:\docume~1\pete\applic~1\ezplay.sys
2009-09-24 23:07	352,256	ac------	c:\program files\USBExtreme.exe
2009-07-23 14:49	72,569,774	ac------	c:\program files\3D_Driving-School_v3.1.exe
2009-02-03 18:08	13,227,453	-c------	c:\program files\PROCESSLIST.DB
2009-02-03 18:08	1,118,656	-c------	c:\program files\PROCESSLISTRELATED.DB
2008-12-14 19:47	47,360	-c------	c:\docume~1\pete\applic~1\pcouffin.sys
2008-11-30 20:44	81,920	ac------	c:\program files\sherlock.exe
2008-11-09 20:07	6,106,480	ac------	c:\program files\RiffMaster Pro 3.0.exe
2007-03-04 14:30	39,060	ac------	c:\program files\Buffering2.jpg
2007-03-04 14:30	39,047	ac------	c:\program files\Buffering5.jpg
2007-03-04 14:30	39,040	ac------	c:\program files\Buffering1.jpg
2007-03-04 14:30	39,038	ac------	c:\program files\Buffering6.jpg
2007-03-04 14:30	39,035	ac------	c:\program files\Buffering4.jpg
2007-03-04 14:30	39,033	ac------	c:\program files\Buffering3.jpg
2007-03-04 14:30	39,020	ac------	c:\program files\Buffering7.jpg
2006-03-23 15:17	114,688	--------	c:\program files\igfxzoom.exe
2004-05-24 23:05	536,631	--------	c:\program files\procexp.exe
2003-04-29 05:33	1,328,198	-c------	c:\program files\TuMeDrum.exe
2000-11-12 16:48	220,160	-c------	c:\program files\acpu.exe
2010-06-13 15:54	2	a--shrot	c:\windows\winstart.bat
2006-05-03 06:06	163,328	---shr--	c:\windows\system32\flvDX.dll
2007-02-21 07:47	31,232	---shr--	c:\windows\system32\msfDX.dll
2008-03-16 09:30	216,064	---shr--	c:\windows\system32\nbDX.dll
2009-02-08 00:57	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020720090208\index.dat
2009-02-08 01:25	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat

============= FINISH: 22:18:44.60 ===============


----------



## jmw3 (Jul 23, 2007)

Hi

Well the WMI issue appears to be sorted... However I still see evidence of multiple Anti-virus programs installed & being actively used. This will cause you problems, with out a doubt. When it comes to Anti-virus programs, More is Better *does not apply*.

AV: AVG Internet Security 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

Even if you have the AV component of Comodo disabled & only using the firewall, it is still hooked into the kernel & can cause conflicts.


----------



## bart2brett (Jun 29, 2005)

OK. Well I did reinstall the Avast because I don't have the anti virus portion of the Comodo. What do you suggest? I don't understand why AVG is still showing, I'll run the clean-up removal program again. 

I know this must drive you crazy, but I did make some changes. I began using 'drop my rights' I am running Firefox through it with a script blocker and WOT.

My system does seem to start up faster now. The only real slow thing is when I click on 'my computer', it takes forever to come up. 

**I ran the AVG cleaner again and It still shows up as an installed firewall.


----------



## jmw3 (Jul 23, 2007)

Hi

If you want to continue using Avast, that's fine, however I would suggest uninstalling Comod Internet Security & downloading the stand alone Firewall:
http://personalfirewall.comodo.com/free-download.html

Or another stand alone Firewall:
*2)**PC Tools Firewall Plus*
*4)**ZoneAlarm* (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)



> **I ran the AVG cleaner again and It still shows up as an installed firewall.


Looks as though it is still registered in the WMI.

*CFScript*
Close any open browsers.
Open *notepad* and copy/paste the text in the code box below into it:


```
SecCenter::
AV: AVG Internet Security 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at *"C:\ComboFix.txt"*
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix *SHOULD NOT* be used unless requested by a forum helper

I'd also really like to see a new Gmer log:
*Gmer*
Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*


_Click the image to enlarge it_

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\) 
Show All (don't miss this one)

Then click the Scan button & wait for it to finish
Once done click on the *[Save..]* button, and in the File name area, type in *"Gmer.txt"* or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply
_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries_
*Do not run any programs while Gmer is running.*

*NOTE:* _If you cannot run GMER as indicated above, save a scan from the initial startup scan.

Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
Double click the *gmer.exe* file
The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click *No*
After the "initial scan" is complete, click on the *Save* button, save the log file to your desktop & post it in your reply
_To post in next reply:
ComboFix log
New Gmer log


----------



## bart2brett (Jun 29, 2005)

It's too bad we're not in the same time zone (it would save you a bunch of work). I say this because after I posted my last entry, I found a backup that I had on an external drive taken in July. I restored my system to that time. However, I would still like to provide the GMER/DDS/HiJackthis logs if you don't mind.


----------



## jmw3 (Jul 23, 2007)

Hi

Differing Time Zones can be frustrating at times... but you get used to it.

So I take it these new logs will be from the system rolled back to your July Backup? And you just want to make sure all is OK?

Not a problem... post away


----------



## bart2brett (Jun 29, 2005)

That's right, it's rolled back. I'll get the logs together and post them. I am installing just the Comodo firewall as you suggested and keeping the avast.


----------



## jmw3 (Jul 23, 2007)

OK, no problem


----------



## bart2brett (Jun 29, 2005)

I couldn't get GMER to run after several attempts. It seems to do the initial scan and then hangs. I tried it in normal and safe mode. So here are the other posts. One in each post.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:28 AM, on 9/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=...il.live.com/default.aspx?n=808798880&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [MImpPro] C:\Program Files\MImpPRO\MIProHst.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open in Web Archives Viewer - C:\Program Files\WebArchivesViewer\IEContext.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1227406791671
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1257564424453
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} (AxLoaderPassword Class) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} (AIRJ01FPlayer.Player) - http://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53}: NameServer = 10.9.60.1
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Fences\FencesMenu.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CBMR Scheduler - Unknown owner - C:\Program Files\Cristie\CBMR\_BSSVC.EXE
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DataMirror Transformation Server Access Server - Unknown owner - C:\Program Files\DataMirror\Transformation Server Access Control\bin\dmaccessserver.exe
O23 - Service: DataMirror Transformation Server Integration Server - Unknown owner - C:\Program Files\DataMirror\Transformation Server Access Control\bin\dmintegrationserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MirrorFolder Auto-synchronization Service (mfsyncsv) - Techsoft - C:\WINDOWS\system32\mfsyncsv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: RDI Document Conversion Helper (RDIConverterPrintHelper) - Web Meeting - C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 16276 bytes


----------



## bart2brett (Jun 29, 2005)

DDS (Ver_09-09-29.01) - NTFSx86 
Run by Pete at 11:01:04.04 on Wed 09/15/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2822 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100914-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pete\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234498901&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D808798880&id=64855
uWindow Title = Road Runner High Speed Online
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [MImpPro] c:\program files\mimppro\MIProHst.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\creati~1.lnk - c:\program files\creative element power tools\Startup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open in Web Archives Viewer - c:\program files\webarchivesviewer\IEContext.htm
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: cinemanow.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227406791671
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257564424453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53} = 10.9.60.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: OPXPGina - 
AppInit_DLLs: 
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\fences\FencesMenu.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class
LSA: Notification Packages = :\WINDOW

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\w8ha1gfu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - 
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\pete\application data\mozilla\firefox\profiles\w8ha1gfu.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\pete\application data\mozilla\firefox\profiles\w8ha1gfu.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2009-3-30 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2009-3-30 5248]
R0 mrfoldr;MirrorFolder real-time replication driver;c:\windows\system32\drivers\mrfoldr.sys [2009-3-5 77304]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-12-29 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-12-29 15856]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-2 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 25240]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-12-29 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67656]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-2 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-2 138680]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1901056]
R2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [2009-10-5 23344]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2009-7-28 354176]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-2 352920]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [2008-11-11 74624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-19 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-26 54432]
S2 bsaspi32;bsaspi32; [x]
S2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;\??\c:\program files\bvrp connection manager\bvrpndis.sys --> c:\program files\bvrp connection manager\BVRPNDIS.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-4 133104]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-9-29 13088]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-19 304464]
S2 mfsyncsv;MirrorFolder Auto-synchronization Service;c:\windows\system32\mfsyncsv.exe [2009-3-5 127352]
S2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\common files\icwm\printer\RDIConverterService.exe [2008-10-1 64888]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2009-11-21 202280]
S2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-8 185640]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-7-6 1051968]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592]
S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]
S2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 CBMR Scheduler;CBMR Scheduler;c:\program files\cristie\cbmr\_BSSVC.EXE [2006-10-31 36864]
S3 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\mediacoder\sysinfo.sys --> c:\program files\mediacoder\SysInfo.sys [?]
S3 DataMirror Transformation Server Access Server;DataMirror Transformation Server Access Server;c:\program files\datamirror\transformation server access control\bin\dmaccessserver.exe [2008-2-29 90112]
S3 DataMirror Transformation Server Integration Server;DataMirror Transformation Server Integration Server;c:\program files\datamirror\transformation server access control\bin\dmintegrationserver.exe [2008-2-29 90112]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [2008-11-11 97664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-1-10 1527900]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2009-10-18 434176]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2009-10-18 27904]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2009-10-18 1190784]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2009-10-18 1187072]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 L6PODLV;PODxt Live Service;c:\windows\system32\drivers\L6PODLV.sys [2010-5-19 571136]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 NUVision;Pinnacle LINX;c:\windows\system32\drivers\Nuvision.sys [2010-3-27 136352]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-7-8 27064]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-7 25088]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-21 280344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-7-24 11520]
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
S4 TS EA Access Server;TS EA Access Server;c:\program files\datamirror\ts ea\dmservserv.exe [2006-1-27 57344]
S4 TS EA Integration Server;TS EA Integration Server;c:\program files\datamirror\ts ea\dmis.exe [2006-1-27 49152]

=============== Created Last 30 ================

2010-09-15 10:18 --d-h---	C:\VritualRoot
2010-09-15 10:05 --d-----	c:\program files\COMODO
2010-09-15 10:01 --d-----	c:\docume~1\alluse~1\applic~1\Comodo
2010-09-15 09:14 --d-----	c:\program files\DropMyRights
2010-09-15 07:41	280,692	a-------	c:\windows\sketch.jpg
2010-09-10 23:41	285,480	a-------	c:\windows\system32\guard32.dll
2010-09-10 23:40	239,240	a-------	c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 23:40	25,240	a-------	c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 23:40	15,592	a-------	c:\windows\system32\drivers\cmderd.sys

==================== Find3M ====================

2010-07-24 18:57	120,875,614	a-------	c:\docume~1\pete\applic~1\hkey_local_machine.reg
2010-07-11 20:21	2,286,080	a-------	c:\windows\system32\TUKernel.exe
2010-07-06 07:57	30,528	a-------	c:\windows\system32\TURegOpt.exe
2010-07-06 07:52	30,016	a-------	c:\windows\system32\uxtuneup.dll
2010-05-21 21:13	256	a-------	c:\documents and settings\pete\pool.bin
2010-04-26 20:39	49,152	a--sh---	c:\program files\Thumbs.db
2010-01-06 21:35	94,208	a-------	c:\docume~1\pete\applic~1\ezplay.sys
2010-01-06 21:35	87,608	a-------	c:\docume~1\pete\applic~1\inst.exe
2009-09-24 23:07	352,256	a-------	c:\program files\USBExtreme.exe
2009-07-23 14:49	72,569,774	a-------	c:\program files\3D_Driving-School_v3.1.exe
2009-02-03 18:08	13,227,453	-c------	c:\program files\PROCESSLIST.DB
2009-02-03 18:08	1,118,656	-c------	c:\program files\PROCESSLISTRELATED.DB
2008-12-14 19:47	47,360	-c------	c:\docume~1\pete\applic~1\pcouffin.sys
2008-11-30 20:44	81,920	a-------	c:\program files\sherlock.exe
2008-11-09 20:07	6,106,480	a-------	c:\program files\RiffMaster Pro 3.0.exe
2007-03-04 14:30	39,060	a-------	c:\program files\Buffering2.jpg
2007-03-04 14:30	39,047	a-------	c:\program files\Buffering5.jpg
2007-03-04 14:30	39,040	a-------	c:\program files\Buffering1.jpg
2007-03-04 14:30	39,038	a-------	c:\program files\Buffering6.jpg
2007-03-04 14:30	39,035	a-------	c:\program files\Buffering4.jpg
2007-03-04 14:30	39,033	a-------	c:\program files\Buffering3.jpg
2007-03-04 14:30	39,020	a-------	c:\program files\Buffering7.jpg
2006-03-23 15:17	114,688	--------	c:\program files\igfxzoom.exe
2004-05-24 23:05	536,631	--------	c:\program files\procexp.exe
2003-04-29 05:33	1,328,198	--------	c:\program files\TuMeDrum.exe
2000-11-12 16:48	220,160	--------	c:\program files\acpu.exe
2010-06-13 15:54	2	a--shrot	c:\windows\winstart.bat
2006-05-03 06:06	163,328	---shr--	c:\windows\system32\flvDX.dll
2007-02-21 07:47	31,232	---shr--	c:\windows\system32\msfDX.dll
2008-03-16 09:30	216,064	---shr--	c:\windows\system32\nbDX.dll
2009-02-08 00:57	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020720090208\index.dat
2009-02-08 01:25	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat

============= FINISH: 11:02:06.90 ===============


----------



## bart2brett (Jun 29, 2005)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/21/2008 8:19:05 PM
System Uptime: 9/15/2010 10:49:29 AM (1 hours ago)

Motherboard: Dell Inc. | | 0FT292
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 1664/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 14.788 GiB free.
D: is Removable
E: is CDROM ()
K: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP20: 7/24/2010 3:43:32 PM - Installed WD SmartWare
RP21: 9/15/2010 8:34:16 AM - System Checkpoint
RP22: 9/15/2010 8:42:42 AM - Revo Uninstaller Pro's restore point - HijackThis 2.0.2
RP23: 9/15/2010 8:44:51 AM - Revo Uninstaller Pro's restore point - PayPal Plug-In
RP24: 9/15/2010 8:46:19 AM - Removed PayPal Plug-In
RP25: 9/15/2010 8:50:29 AM - Revo Uninstaller Pro's restore point - RegCure
RP26: 9/15/2010 8:53:05 AM - Revo Uninstaller Pro's restore point - Registry Mechanic 8.0
RP27: 9/15/2010 8:56:10 AM - Revo Uninstaller Pro's restore point - Paragon Drive Copy 9.5 Personal
RP28: 9/15/2010 9:06:48 AM - Installed HiJackThis
RP29: 9/15/2010 9:14:48 AM - Installed DropMyRights
RP30: 9/15/2010 9:49:53 AM - Revo Uninstaller Pro's restore point - COMODO Internet Security
RP31: 9/15/2010 10:05:39 AM - Installed COMODO Internet Security

==== Installed Programs ======================

5.0
Aaron's WebVacuum 2
Absolute Fretboard Trainer PRO
Absolute MP3 Splitter version 2.8.7
ACDSee Pro 3
Adobe Audition 3.0
Adobe Audition 3.0.1 Patch
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Shockwave Player 11.5
AI RoboForm (All Users)
Alchemy Deluxe
ALi USB2.0 Driver
Allstate Home Inventory 3.08
Amazing Adventures: The Lost Tomb
Amazon MP3 Downloader 1.0.5
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
AstroPop Deluxe
Atari: The 80 Classic Games
Atmosphere Deluxe v7.0
Atomica Deluxe
AudibleManager
avast! Antivirus
Avi2Dvd 0.5
Avidemux 2.4
AviSynth 2.5
Bejeweled 2 Deluxe 1.1
Bejeweled Deluxe
Bejeweled Twist 1.0.3.7482
Beyond Compare Version 2.5.3
Big Kahuna Reef
Big Money Deluxe
Bing Maps 3D
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry USB Drivers
BlindWrite 6
Bonjour
Bonnie's Bookstore Deluxe
Bookworm Adventures Deluxe
Bookworm Deluxe
Broadcom Gigabit Integrated Controller
Calculator Powertoy for Windows XP
Canopus Codec Option
CBMR 5.0.1
Chuzzle Deluxe
CinemaNow Media Manager
Cisco Network Magic
ClocX (1.5b2)
Collectorz.com Movie Collector
Combined Community Codec Pack 2007-07-22
COMODO Internet Security
ConvertXtoDVD 3.3.2.100
Cool MP3 Splitter 2.2
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - VSTA
Coupon Printer for Windows
Creative Element Power Tools
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
D'Accord Guitar Chord Dictionary 3.0
D-Link DWA-652 Xtreme N Notebook Adapter
DataMirror Enterprise Administrator
DataMirror Transformation Server Access Control
DataMirror Transformation Server Management Console
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Resource CD
Dell Wireless WLAN Card
Diner Dash 2
DirectX 9 Runtime
Disk Investigator 1.4
DivX Codec
DropMyRights
Duplicate File Remover
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVD to iPod Converter 4
DVDFab 6.0.6.0 (04/09/2009)
dvdSanta 4.50
Dynomite Deluxe
EA SPORTS online 2006
Easy File & Folder Protector v4.2
Easy WiFi Radar PRO 1.0.0
ebgcInfra
ebgcRes
ebgcSDK
emlOpenView 1.6
eWallet 6.1 for BlackBerry
EZ Guitar Tabs
Family Feud
Feeding Frenzy 2 Deluxe
Feeding Frenzy Deluxe
Fences
ffdshow [rev 2583] [2009-01-05]
FileZilla Client 3.2.7.1
Finale NotePad 2004
Firebird SQL Server - MAGIX Edition
FLV Converter 2.5
Folder Marker Home v 3.0
Foxit PDF Editor
Foxit PDF IFilter
Foxit Phantom
Foxit Reader
FranklinCovey PlanPlus for Windows
FTDI USB Serial Converter Drivers
Garmin City Navigator North America NT 2010.10 Update
Garmin City Navigator North America NT 2010.30
Garmin City Navigator North America NT 2010.40
Garmin City Navigator North America NT 2011.10 Update
Garmin Communicator Plugin
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GCH Guitar academy
Giganews Accelerator
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GSM 1.1.4.2
GST 2.3.8.4
Guitar Chord Buster Pro 4.4.0
Guitar FX BOX 2.6
Guitar Pro 5.2
GuitarCourses.ws Fretboard Trainer 1.0
Haali Media Splitter
Hammer Heads Deluxe
Hauppauge WinTV 7
Heavy Weapon Deluxe
HiJackThis
Homescan Internet Transporter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows XP (KB954550-v5)
Hoyle Card Games 2010 (remove only)
HP OfficeJet/PSC Scrubber
IBM iSeries Access for Windows
Iggle Pop Deluxe
ImagXpress
Inpaint
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
InterCall Web Meeting
Inzomia Viewer 3.11
IrfanView (remove only)
ISO Recorder
IsoBuster 2.5.5
iTunes
J2SE Runtime Environment 5.0 Update 21
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Kate's Video Converter
LekuSoft Blu ray Ripper 5.50
LightZone 3.7
Line 6 Edit (remove only)
Line 6 Uninstaller
Logitech MouseWare 9.79 
Madden NFL (TM) 99
Madden NFL 06
Magic Match
MAGIX Music Maker 15 Premium Download version 15.0.1.8 (US)
MAGIX Screenshare 4.3.6.1987 (US)
Mahjong Escape: Ancient Japan
Malwarebytes' Anti-Malware
MediaSPace
MessageViewer Pro 3.1.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chinese TTS 5.1
Microsoft Choice Guard
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2010
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
MirrorFolder 4.1.194.18 (Retail)
Mobile Broadband Generic Drivers
Move Media Player
Mozilla Firefox (3.6.7)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Mummy Maze Deluxe
MusicLab RealGuitar 2.0
Mystery Case Files: Huntsville
Mystery PI
Mystery Solitaire: Secret Island
n-Track Studio 6
Nero 7 Ultra Edition
Nero ControlCenter
neroxml
Network Magic
Nevo Audio Splitter 2.1
NewsLeecher v3.9 Final
NingPo MahJong Deluxe
Noah's Ark Deluxe
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
OmniPass 7.00.08
Opera 9.64
OZ776 SCR Driver V1.1.4.204
Pacific Fighters
PartitionMagic
Pcsx2 0.9.6
Peggle Deluxe
PerfectDisk 10 Professional
PFConfig 1.0.278
PFPortChecker 1.0.32
Photo DVD Maker Professional 8.08
Photo Stamp Remover 2.0
PictureToTV 1.20
Pinnacle Studio LINX
Pixelus Deluxe
PizzaFrenzy
Platypus
PlayStation(R)Network Downloader
PlayStation(R)Store
PowerDVD
PowerDVD Ultra
PowerQuest PartitionMagic 8.0
Privacy Eraser Pro
Process Lasso
ProCoder 3
Product Key Explorer 2.4.3
Pure Networks Platform
QBeez 2
QFolder
QuickTime
Radioshack USB-to-Serial cable
RealPlayer
RealUpgrade 1.0
Replay Media Catcher 3.02
ResumeMaker Ultimate
Revo Uninstaller Pro 2.2.3
Road Runner Install
Road Runner Medic 6.1
Robot/CONSOLE 5
Robot/NETWORK 10
Robot/SCHEDULE 10
Rocket Mania Deluxe
Rollcage
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Burn Manager
Roxio Burn Manager CDB
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Content
Roxio Creator 2010 Pro
Roxio Disaster Recovery
Roxio File Backup
Roxio PhotoShow
Roxio Venue
Roxio Video Capture USB
RSA SecurID Software Token
Sandlot Games Client Services 1.2.2
SAPI Wrapper
Satellite TV PC Master v6.0
Save Flash 4.1
Security Task Manager 1.7f
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Segoe UI
Setup
Seven Seas Deluxe
SharePort Network USB Utility
SigmaTel Audio
SmartSound Quicktracks Plugin
SmartSound Sonicfire Pro 5
SnagIt 8
Sony Media Manager for PSP 3.0
Sony Noise Reduction Plug-In 2.0h
SopCast 3.0.3
SpeakText v20090219
Speed Meter Pro
Spotmau 5.1.2.6407
SRS Audio Sandbox
Studio 8
SUPER © Version 2010.bld.37 (Jan 2, 2010)
Super Collapse 3
Super Internet TV v8.0 (Premium Edition)
SUPERAntiSpyware Professional
System Explorer 1.5
Talismania Deluxe
TeamViewer 5
Text-To-Speech-Runtime
The KMPlayer (remove only)
TipTop Deluxe
Tradewinds Legends
TTS Wrapper
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Turbo Tax Audit Support Center 2.0
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TVUPlayer 2.4.9.1
TWC Customer Controls
Typer Shark Deluxe
U3Launcher
Ubee USB RNDIS and NDIS Driver 
UltraISO Premium V9.31
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Veetle TV 0.9.16
Venice Deluxe
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 0.9.4
VPN Client
VZAccess Manager
Water Bugs
WD SmartWare
WebArchivesViewer
WebEx Support Manager for Internet Explorer
WebFldrs XP
WinDirStat 1.1.2
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
WinX HD Video Converter Deluxe 3.7
WM Recorder 12.1
Word Harmony Deluxe
Xilisoft Video Converter Ultimate 6
Xilisoft Video Cutter
Xvid 1.2.1 final uninstall
Zinio Reader
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

9/15/2010 7:27:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.
9/15/2010 7:27:33 AM, error: Service Control Manager [7000] - The BVRPNDIS Protocol Driver U/I service failed to start due to the following error: The system cannot find the path specified.
9/15/2010 7:27:33 AM, error: Service Control Manager [7000] - The bsaspi32 service failed to start due to the following error: The system cannot find the file specified.
9/15/2010 10:58:13 AM, error: Service Control Manager [7034] - The WD File Management Shadow Engine service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:13 AM, error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:13 AM, error: Service Control Manager [7034] - The PDEngine service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The TeamViewer 5 service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (medicsp2) service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The RDI Document Conversion Helper service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The PDAgent service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The O2Micro Flash Memory Card Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The MirrorFolder Auto-synchronization Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:11 AM, error: Service Control Manager [7034] - The Softex OmniPass Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:11 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:21:21 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TuneUp.UtilitiesSvc service.
9/15/2010 10:20:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Atheros Configuration Service service to connect.
9/14/2010 11:38:37 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
9/14/2010 11:34:09 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/14/2010 11:33:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL vmm
9/14/2010 11:30:04 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
9/14/2010 11:30:04 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/14/2010 11:30:04 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================


----------



## jmw3 (Jul 23, 2007)

Hi

Just some cleaning up to do.

*Remove Programs*
Click *Start > Control Panel > Add/Remove Programs*
Remove these programs by clicking *Remove*

*J2SE Runtime Environment 5.0 Update 21
WinPcap 4.0*

*If some programs listed are not present, please do not panic*

*CFScript*
Delete the copy of ComboFix you have & download it again:
Download *ComboFix* from one of these locations (*DO NOT* download ComboFix from anywhere else but one of the provided links):
*Link 1*
*Link 2*
Close any open browsers.
Open *notepad* and copy/paste the text in the code box below into it:


```
DDS::
Trusted Zone: cinemanow.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Firefox::
FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\w8ha1gfu.default\
FF - prefs.js: keyword.URL -
FF - HiddenExtension: Java Console: No Registry Reference - 
FF - HiddenExtension: Java Console: No Registry Reference - 
File::
c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
c:\windows\system32\drivers\npf.sys
Folder::
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Driver::
bsaspi32
NPF
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at *"C:\ComboFix.txt"*
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix *SHOULD NOT* be used unless requested by a forum helper

To post in next reply:
ComboFix log


----------



## bart2brett (Jun 29, 2005)

I'm downloading combofix from my work PC and Mcafee flags it as a virus and deletes it.


----------



## jmw3 (Jul 23, 2007)

Gotta love McAfee 
Can you disable it & then download ComboFix


----------



## bart2brett (Jun 29, 2005)

Well, what I'll have to do is wait until I get home at lunch time, and download it from there. I can't disable it here.


----------



## jmw3 (Jul 23, 2007)

OK, no problem


----------



## bart2brett (Jun 29, 2005)

ComboFix 10-09-15.03 - Pete 09/16/2010 16:21:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2702 [GMT -4:00]
Running from: c:\documents and settings\Pete\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pete\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100915-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\program files\mozilla firefox\plugins\npCouponPrinter.dll"
"c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll"
"c:\windows\system32\drivers\npf.sys"
.
_ ADS - WINDOWS: deleted 24 bytes in 1 streams. _

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dfinstall.log
c:\documents and settings\Pete\Application Data\EurekaLog
c:\documents and settings\Pete\Application Data\hkey_local_machine.reg
c:\documents and settings\Pete\Application Data\inst.exe
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome.manifest
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\install.rdf
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome.manifest
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\install.rdf
c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
c:\windows\daemon.dll
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\2662017659.dat
c:\windows\system32\4221534445.dat
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\system
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BSASPI32
-------\Legacy_NPF
-------\Service_bsaspi32

((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
.

2010-09-16 00:42 . 2010-09-16 00:42	--------	d-----w-	c:\program files\Siber Systems
2010-09-16 00:41 . 2010-09-16 00:41	--------	d-----w-	c:\documents and settings\Pete\Application Data\RoboForm
2010-09-15 14:18 . 2010-09-15 14:18	--------	d-----w-	C:\VritualRoot
2010-09-15 14:05 . 2010-09-15 14:05	--------	d-----w-	c:\program files\COMODO
2010-09-15 14:01 . 2010-09-15 14:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Comodo
2010-09-15 13:14 . 2010-09-15 13:14	--------	d-----w-	c:\program files\DropMyRights
2010-09-15 13:06 . 2010-09-15 13:06	388096	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-11 03:41 . 2010-09-11 03:41	285480	----a-w-	c:\windows\system32\guard32.dll
2010-09-11 03:40 . 2010-09-11 03:40	91560	----a-w-	c:\windows\system32\drivers\inspect.sys
2010-09-11 03:40 . 2010-09-11 03:40	25240	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2010-09-11 03:40 . 2010-09-11 03:40	239240	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2010-09-11 03:40 . 2010-09-11 03:40	15592	----a-w-	c:\windows\system32\drivers\cmderd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 20:39 . 2010-05-04 20:18	63488	----a-w-	c:\documents and settings\Pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-16 20:39 . 2009-03-16 22:09	117760	----a-w-	c:\documents and settings\Pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-16 12:25 . 2009-01-06 00:08	--------	d-----w-	c:\program files\Java
2010-09-16 02:02 . 2008-11-22 02:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-15 12:50 . 2010-03-30 14:23	--------	d-----w-	c:\program files\RegCure
2010-09-15 12:46 . 2008-11-22 01:47	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-15 11:28 . 2009-02-14 20:04	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-08-17 13:17 . 2008-11-23 04:26	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-07-24 21:54 . 2010-07-24 21:54	239360	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-24 20:55 . 2010-07-24 20:52	--------	d-----w-	c:\documents and settings\Pete\Application Data\Western DigitalTemp
2010-07-24 20:55 . 2010-07-24 20:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\Western Digital
2010-07-24 19:46 . 2010-07-24 19:46	--------	d-----w-	c:\documents and settings\Pete\Application Data\Western Digital
2010-07-24 19:43 . 2010-07-24 19:43	--------	d-----w-	c:\program files\Western Digital
2010-07-23 00:29 . 2010-07-23 00:29	--------	d-----w-	c:\documents and settings\Pete\Application Data\Xilisoft
2010-07-23 00:22 . 2008-12-14 23:47	--------	d-----w-	c:\documents and settings\Pete\Application Data\Vso
2010-07-22 16:12 . 2008-11-27 03:04	--------	d-----w-	c:\program files\Google
2010-07-22 15:49 . 2008-11-23 04:26	590848	----a-w-	c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-17 00:34	5120	----a-w-	c:\windows\system32\xpsp4res.dll
2010-07-12 23:16 . 2010-07-12 23:16	3638	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_3D3DC91FC9DD2637D12FA2.exe
2010-07-12 23:16 . 2010-07-12 23:16	3638	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_31FAD3247F4B0F6385E90B.exe
2010-07-12 23:16 . 2010-07-12 23:16	10134	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_F8397BE02F4D062C7D8582.exe
2010-07-12 23:16 . 2010-07-12 23:16	10134	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_7EA93AB4D6B360FE8F56BE.exe
2010-07-12 23:16 . 2010-07-12 23:16	10134	----a-r-	c:\documents and settings\Pete\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_380E8673AD6BA4E7CFE666.exe
2010-07-12 00:21 . 2010-07-11 22:57	2286080	----a-w-	c:\windows\system32\TUKernel.exe
2010-07-06 11:57 . 2010-07-11 00:05	30528	----a-w-	c:\windows\system32\TURegOpt.exe
2010-07-06 11:52 . 2010-07-11 00:12	30016	----a-w-	c:\windows\system32\uxtuneup.dll
2010-06-30 12:31 . 2008-11-23 04:26	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-23 13:44 . 2008-11-23 04:26	1851904	----a-w-	c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-11-23 04:26	354304	------w-	c:\windows\system32\drivers\srv.sys
2010-04-27 00:39 . 2010-04-26 02:44	49152	--sha-w-	c:\program files\Thumbs.db
2009-09-25 03:07 . 2009-09-25 03:07	352256	----a-w-	c:\program files\USBExtreme.exe
2009-07-23 18:49 . 2009-11-24 23:41	72569774	----a-w-	c:\program files\3D_Driving-School_v3.1.exe
2009-02-03 22:08 . 2009-02-09 01:48	13227453	-c----w-	c:\program files\PROCESSLIST.DB
2009-02-03 22:08 . 2009-02-09 01:48	1118656	-c----w-	c:\program files\PROCESSLISTRELATED.DB
2008-12-01 00:44 . 2008-12-01 00:44	81920	----a-w-	c:\program files\sherlock.exe
2008-11-10 00:07 . 2009-12-24 01:18	6106480	----a-w-	c:\program files\RiffMaster Pro 3.0.exe
2007-03-04 18:30 . 2007-03-04 18:30	39060	----a-w-	c:\program files\Buffering2.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39047	----a-w-	c:\program files\Buffering5.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39040	----a-w-	c:\program files\Buffering1.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39038	----a-w-	c:\program files\Buffering6.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39035	----a-w-	c:\program files\Buffering4.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39033	----a-w-	c:\program files\Buffering3.jpg
2007-03-04 18:30 . 2007-03-04 18:30	39020	----a-w-	c:\program files\Buffering7.jpg
2006-03-23 19:17 . 2008-11-27 02:52	114688	------w-	c:\program files\igfxzoom.exe
2004-05-25 03:05 . 2008-11-22 02:55	536631	------w-	c:\program files\procexp.exe
2003-04-29 09:33 . 2008-11-27 05:13	1328198	------w-	c:\program files\TuMeDrum.exe
2000-11-12 20:48 . 2008-11-27 04:41	220160	------w-	c:\program files\acpu.exe
2010-06-13 19:54 . 2010-06-13 19:54	2	--shatr-	c:\windows\winstart.bat
2006-05-03 10:06 . 2010-03-27 16:28	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-03-27 16:28	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-03-27 16:28	216064	--sh--r-	c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-14 09:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-11 15:46	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pete^Start Menu^Programs^Startup^Creative Element Power Tools Startup.lnk]
path=c:\documents and settings\Pete\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
backup=c:\windows\pss\Creative Element Power Tools Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Pete^Start Menu^Programs^Startup^Registration-Studio 8 LE.lnk]
backup=c:\windows\pss\Registration-Studio 8 LE.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Pete^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
path=c:\documents and settings\Pete\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
backup=c:\windows\pss\Wireless Connection Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpotmauSecretary]
2010-02-05 17:05	625152	----a-w-	c:\program files\Spotmau\secretary\Spotmau_S.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"medicsp2"=c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
"ProcessLassoManagementConsole"=c:\program files\Process Lasso\processlasso.exe
"ProcessGovernor"=c:\program files\Process Lasso\processgovernor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\D-Link\\SharePort\\SharePort Network USB Utility.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\program files\Common Files\Agilix\GoBinder\Binder.exe"= c:\program files\Common Files\Agilix\GoBinder\Binder.exe:127.0.0.1/255.255.255.255:Enabled:Agilix GoBinder
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Psygnosis\\Rollcage\\Direct3D\\Rollcage.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Help Systems\\Robot CONSOLE 5\\RobotConsole.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 06\\updater.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\JDownloader_PortableApps\\CommonFiles\\Java\\bin\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Program Files\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbopcon.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Satellite TV for PC 2009 Titanium Edition (Portable)\\PC Satellite TV.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabledure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57970:TCP"= 57970:TCPandoRest Listening Port
"9303:UDP"= 9303:UDP:SharePort Network USB Utility UDP Port

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [3/30/2009 10:48 PM 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [3/30/2009 10:48 PM 5248]
R0 mrfoldr;MirrorFolder real-time replication driver;c:\windows\system32\drivers\mrfoldr.sys [3/5/2009 10:30 PM 77304]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [12/29/2009 8:36 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [12/29/2009 8:36 PM 15856]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/2/2009 11:15 PM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/10/2010 11:40 PM 25240]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [12/29/2009 8:36 PM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/2/2009 11:15 PM 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/19/2010 7:14 PM 304464]
R2 mfsyncsv;MirrorFolder Auto-synchronization Service;c:\windows\system32\mfsyncsv.exe [3/5/2009 10:30 PM 127352]
R2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [10/5/2009 12:30 PM 23344]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\Common Files\ICWM\Printer\RDIConverterService.exe [10/1/2008 3:52 PM 64888]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [11/21/2009 7:46 PM 202280]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [7/28/2009 2:09 PM 354176]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [12/8/2009 6:46 AM 185640]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7/6/2010 7:55 AM 1051968]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 11:33 AM 110592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 11:32 AM 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 11:32 AM 482304]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [11/11/2008 4:01 PM 74624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/19/2010 7:14 PM 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24 AM 10064]
S2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;\??\c:\program files\BVRP Connection Manager\BVRPNDIS.SYS --> c:\program files\BVRP Connection Manager\BVRPNDIS.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/4/2009 6:05 PM 133104]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]
S3 CBMR Scheduler;CBMR Scheduler;c:\program files\Cristie\CBMR\_BSSVC.EXE [10/31/2006 10:19 AM 36864]
S3 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 6:40 PM 127352]
S3 DataMirror Transformation Server Access Server;DataMirror Transformation Server Access Server;c:\program files\DataMirror\Transformation Server Access Control\bin\dmaccessserver.exe [2/29/2008 3:45 PM 90112]
S3 DataMirror Transformation Server Integration Server;DataMirror Transformation Server Integration Server;c:\program files\DataMirror\Transformation Server Access Control\bin\dmintegrationserver.exe [2/29/2008 3:45 PM 90112]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [11/11/2008 4:01 PM 97664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [1/10/2010 9:13 PM 1527900]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\program files\WinTV\TVServer\HauppaugeTVServer.exe [10/18/2009 10:31 PM 434176]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [10/18/2009 10:11 PM 27904]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [10/18/2009 10:11 PM 1190784]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [10/18/2009 10:11 PM 1187072]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 L6PODLV;PODxt Live Service;c:\windows\system32\drivers\L6PODLV.sys [5/19/2010 6:34 PM 571136]
S3 NUVision;Pinnacle LINX;c:\windows\system32\drivers\Nuvision.sys [3/27/2010 9:48 PM 136352]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/8/2010 10:14 PM 27064]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 12872]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/7/2008 4:37 AM 25088]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7/24/2010 4:55 PM 11520]
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/29/2009 1:23 AM 717296]
S4 TS EA Access Server;TS EA Access Server;c:\program files\DataMirror\TS EA\dmservserv.exe [1/27/2006 12:20 PM 57344]
S4 TS EA Integration Server;TS EA Integration Server;c:\program files\DataMirror\TS EA\dmis.exe [1/27/2006 12:20 PM 49152]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 22:04]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 22:04]

2010-09-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-162531612-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-162531612-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234498901&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D808798880&id=64855
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open in Web Archives Viewer - c:\program files\WebArchivesViewer\IEContext.htm
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: {DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53} = 10.9.60.1
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
FF - ProfilePath - c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\w8ha1gfu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\w8ha1gfu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\w8ha1gfu.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-OPXPGina - (no file)
AddRemove-Madden NFL (TM) 99 - f:\maddem\DeIsL1.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 16:37
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys SahdIa32.sys ACPI.sys hal.dll >>UNKNOWN [0x8B6AC008]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7587cb8
\Driver\atapi -> 0x8b6ac008
IoDeviceObjectType -> ParseProcedure -> TUKERNEL.EXE @ 0x80578f7a
\Device\Harddisk0\DR0 -> ParseProcedure -> TUKERNEL.EXE @ 0x80578f7a
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269]
"ImagePath"="c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Aavmker4]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ACS]
"ImagePath"="c:\program files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ad-Watch Connect Filter]
"ImagePath"="\??\c:\windows\system32\drivers\NSDriver.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Adobe LM Service]
"ImagePath"="\"c:\program files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Apple Mobile Device]
"ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AR5416]
"ImagePath"="system32\DRIVERS\ar5416.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Aspi32]
"ImagePath"="System32\drivers\aspi32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aswFsBlk]
"ImagePath"="system32\DRIVERS\aswFsBlk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aswMon2]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aswRdr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aswSP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aswTdi]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aswUpdSv]
"ImagePath"="\"c:\program files\Alwil Software\Avast4\aswUpdSv.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\avast! Antivirus]
"ImagePath"="\"c:\program files\Alwil Software\Avast4\ashServ.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\avast! Mail Scanner]
"ImagePath"="\"c:\program files\Alwil Software\Avast4\ashMaiSv.exe\" /service"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\avast! Web Scanner]
"ImagePath"="\"c:\program files\Alwil Software\Avast4\ashWebSv.exe\" /service"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\b57w2k]
"ImagePath"="system32\DRIVERS\b57xp32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BCMLogon]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BVRPMPR5]
"ImagePath"="\??\c:\windows\system32\drivers\BVRPMPR5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BVRPNDIS]
"ImagePath"="\??\c:\program files\BVRP Connection Manager\BVRPNDIS.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\catchme]
"ImagePath"="\??\c:\docume~1\Pete\LOCALS~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CBMR Scheduler]
"ImagePath"="\"c:\program files\Cristie\CBMR\_BSSVC.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cdrbsvsd]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cercsr6]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CertPropSvc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CinemaNow Service]
"ImagePath"="c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cmdAgent]
"ImagePath"="\"c:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cmdGuard]
"ImagePath"="System32\DRIVERS\cmdguard.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cmdHlp]
"ImagePath"="System32\DRIVERS\cmdhlp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Creative Service for CDROM Access]
"ImagePath"="c:\windows\system32\CTsvcCDA.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CrystalSysInfo]
"ImagePath"="\??\c:\program files\MediaCoder\SysInfo.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CSRBC]
"ImagePath"="System32\Drivers\csrbcxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CVirtA]
"ImagePath"="system32\DRIVERS\CVirtA.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CVPND]
"ImagePath"="\"c:\program files\Cisco Systems\VPN Client\cvpnd.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CVPNDRVA]
"ImagePath"="\??\c:\windows\system32\Drivers\CVPNDRVA.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cwbnetnt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cwbrxd]
"ImagePath"="c:\windows\CWBRXD.EXE"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\d346bus]
"ImagePath"="system32\DRIVERS\d346bus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\d346prt]
"ImagePath"="System32\Drivers\d346prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DataMirror Transformation Server Access Server]
"ImagePath"="\"c:\program files\DataMirror\Transformation Server Access Control\bin\dmaccessserver.exe\" -service \"DataMirror Transformation Server Access Server\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DataMirror Transformation Server Integration Server]
"ImagePath"="\"c:\program files\DataMirror\Transformation Server Access Control\bin\dmintegrationserver.exe\" -service \"DataMirror Transformation Server Integration Server\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DefragFS]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DlinkUDSMBus]
"ImagePath"="System32\Drivers\DlinkUDSMBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DlinkUDSTcpBus]
"ImagePath"="System32\Drivers\DlinkUDSTcpBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DNE]
"ImagePath"="system32\DRIVERS\dne2000.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ezplay]
"ImagePath"="System32\Drivers\ezplay.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FirebirdServerMAGIXInstance]
"ImagePath"="c:\program files\MAGIX\Common\Database\bin\fbserver.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FTDIBUS]
"ImagePath"="system32\drivers\ftdibus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FTSER2K]
"ImagePath"="system32\drivers\ftser2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\guardian2]
"ImagePath"="System32\Drivers\oz776.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\gupdate]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Hardlock]
"ImagePath"="\??\c:\windows\system32\drivers\hardlock.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HauppaugeTVServer]
"ImagePath"="c:\program files\WinTV\TVServer\HauppaugeTVServer.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hcw72ADFilter]
"ImagePath"="system32\DRIVERS\hcw72ADFilter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hcw72ATV]
"ImagePath"="system32\DRIVERS\hcw72ATV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hcw72DTV]
"ImagePath"="system32\DRIVERS\hcw72DTV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hcw89]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ialm]
"ImagePath"="system32\DRIVERS\igxpmp32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iastor]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Imapi Helper]
"ImagePath"="\"c:\program files\ISO Recorder\ImapiHelper.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ImapiHelper]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Inspect]
"ImagePath"="System32\DRIVERS\inspect.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IntuitUpdateService]
"ImagePath"="\"c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ISODrive]
"ImagePath"="\??\c:\program files\UltraISO\drivers\ISODrive.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ivusb]
"ImagePath"="system32\DRIVERS\ivusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\L6PODLV]
"ImagePath"="System32\Drivers\L6PODLV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\L8042pr2]
"ImagePath"="system32\DRIVERS\L8042pr2.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LHidFilt]
"ImagePath"="system32\DRIVERS\LHidFilt.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LHidFlt2]
"ImagePath"="system32\DRIVERS\LHidFlt2.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LHidUsb]
"ImagePath"="System32\Drivers\LHidUsb.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LMouFilt]
"ImagePath"="system32\DRIVERS\LMouFilt.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LMouFlt2]
"ImagePath"="system32\DRIVERS\LMouFlt2.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LUsbFilt]
"ImagePath"="System32\Drivers\LUsbFilt.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MBAMProtector]
"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MBAMService]
"ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mfsyncsv]
"ImagePath"="%SystemRoot%\system32\mfsyncsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MPE]
"ImagePath"="system32\DRIVERS\MPE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MREMP50]
"ImagePath"="\??\c:\progra~1\COMMON~1\Motive\MREMP50.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MREMPR5]
"ImagePath"="\??\c:\progra~1\COMMON~1\Motive\MREMPR5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRENDIS5]
"ImagePath"="\??\c:\progra~1\COMMON~1\Motive\MRENDIS5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRESP50]
"ImagePath"="\??\c:\progra~1\COMMON~1\Motive\MRESP50.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRESP50a64]
"ImagePath"="\??\c:\progra~1\COMMON~1\Motive\MRESP50a64.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mrfoldr]
"ImagePath"="System32\drivers\mrfoldr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NBService]
"ImagePath"="c:\program files\Nero\Nero 7\Nero BackItUp\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\nm]
"ImagePath"="system32\DRIVERS\NMnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\nmservice]
"ImagePath"="\"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\nuvaud2]
"ImagePath"="system32\DRIVERS\nuvaud2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NUVision]
"ImagePath"="system32\DRIVERS\NUVision.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\nuvvid2]
"ImagePath"="system32\DRIVERS\nuvvid2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NWADI]
"ImagePath"="system32\DRIVERS\NWADIenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NWUSBModem]
"ImagePath"="system32\DRIVERS\nwusbmdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NWUSBPort]
"ImagePath"="system32\DRIVERS\nwusbser.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\o2flash]
"ImagePath"="\"c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\odserv]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\omniserv]
"ImagePath"="c:\program files\Softex\OmniPass\Omniserv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Outlook]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Parport]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Pcmcia]
"ImagePath"="system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pcouffin]
"ImagePath"="System32\Drivers\pcouffin.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDAgent]
"ImagePath"="\"c:\program files\Raxco\PerfectDisk10\PDAgent.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDEngine]
"ImagePath"="\"c:\program files\Raxco\PerfectDisk10\PDEngine.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Pfc]
"ImagePath"="\??\c:\windows\system32\drivers\pfc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pnarp]
"ImagePath"="system32\DRIVERS\pnarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pnpcap]
"ImagePath"="system32\DRIVERS\pnpcap.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PQNTDrv]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PSI_SVC_2]
"ImagePath"="\"c:\program files\Common Files\Protexis\License Service\PsiService_2.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\purendis]
"ImagePath"="system32\DRIVERS\purendis.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDIConverterPrintHelper]
"ImagePath"="\"c:\program files\Common Files\ICWM\Printer\RDIConverterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Revoflt]
"ImagePath"="system32\DRIVERS\revoflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RichVideo]
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo.exe\"\00\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\10\02\01\03\01\03\01\03\01\03\01\03\01\03\01\03\02\03\02\03\02\03\02\03\02\03"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RimUsb]
"ImagePath"="System32\Drivers\RimUsb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RimVSerPort]
"ImagePath"="system32\DRIVERS\RimSerial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RoxMediaDB12]
"ImagePath"="\"c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RoxWatch12]
"ImagePath"="\"c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SahdIa32]
"ImagePath"="System32\Drivers\SahdIa32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SaibIa32]
"ImagePath"="System32\Drivers\SaibIa32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SaibVd32]
"ImagePath"="System32\Drivers\SaibVd32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SASENUM]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sermouse]
"ImagePath"="system32\DRIVERS\sermouse.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Sfloppy]
"ImagePath"="system32\DRIVERS\sfloppy.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SMNDIS5]
"ImagePath"="\??\c:\progra~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SMSIVZAM5]
"ImagePath"="\??\c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sprtsvc_medicsp2]
"ImagePath"="c:\program files\twc\medicsp2\bin\sprtsvc.exe /service /p medicsp2"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SRS_SSCFilter]
"ImagePath"="system32\drivers\srs_sscfilter_i386.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\STHDA]
"ImagePath"="system32\drivers\sthda.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\StillCam]
"ImagePath"="system32\DRIVERS\serscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\supersafer]
"ImagePath"="\??\c:\windows\system32\drivers\supersafer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SupportSoft RemoteAssist]
"ImagePath"="c:\program files\Common Files\supportsoft\bin\ssrc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{8A1353CF-578D-4020-A0A8-F5C599D7E405}"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TeamViewer5]
"ImagePath"="\"c:\program files\TeamViewer\Version5\TeamViewer_Service.exe\" -service"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\teamviewervpn]
"ImagePath"="system32\DRIVERS\teamviewervpn.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TS EA Access Server]
"ImagePath"="\"c:\program files\DataMirror\TS EA\dmservserv.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TS EA Integration Server]
"ImagePath"="\"c:\program files\DataMirror\TS EA\dmis.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TuneUp.Defrag]
"ImagePath"="c:\program files\TuneUp Utilities 2010\TuneUpDefragService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TuneUp.UtilitiesSvc]
"ImagePath"="\"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TuneUpUtilitiesDrv]
"ImagePath"="\??\c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usb]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\USBCCID]
"ImagePath"="system32\DRIVERS\usbccid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\USBIO]
"ImagePath"="System32\Drivers\usbio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UxTuneUp]
"ServiceDll"="%SystemRoot%\System32\uxtuneup.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vmm]
"ImagePath"="\??\c:\windows\system32\Drivers\vmm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VPCNetS2]
"ImagePath"="system32\DRIVERS\VMNetSrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"="\??\c:\windows\system32\vsdatant.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WDC_SAM]
"ImagePath"="system32\DRIVERS\wdcsam.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WDDMService]
"ImagePath"="\"c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Wdf01000]
"ImagePath"="system32\DRIVERS\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WDFME]
"ImagePath"="\"c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WDSC]
"ImagePath"="\"c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wltrysvc]
"ImagePath"="%SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WSIMD]
"ImagePath"="system32\DRIVERS\wsimd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{5932FCEC-2064-4591-84A8-119A031B986B}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{612EB6AD-F653-44AB-AF0F-485213814373}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{701F7D7C-A448-4A56-8D0B-589E6B40845A}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{96812B27-F9C4-46A7-84D1-F414550D8B84}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-162531612-1801674531-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"=""
"Increment"=".002874"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]
@Denied: (A 2 3) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32]
@="%SystemRoot%\\Explorer.exe"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID]
@="DAO.Client"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\TypeLib]
@="{6687A87F-0520-3780-8336-6E686B6F6E71}"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(2012)
c:\program files\Softex\OmniPass\ginastub.dll
c:\program files\Softex\OmniPass\ssplogon.dll
c:\program files\Softex\OmniPass\RandomPass.dll
c:\program files\Softex\OmniPass\cryptodll.dll
c:\program files\Softex\OmniPass\storeng.dll
c:\program files\Softex\OmniPass\autheng.dll
c:\program files\Softex\OmniPass\userdata.dll
c:\program files\Softex\OmniPass\hdddrv.dll
c:\program files\Softex\OmniPass\ldapdrv.dll
c:\program files\Softex\OmniPass\cachedrv.dll
c:\program files\Softex\OmniPass\mstrpwd.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(364)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(3044)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\program files\Softex\OmniPass\SCUREDLL.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Fences\FencesMenu.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\program files\fences\DesktopDock.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\Common Files\Pure Networks Shared\Platform\11.2.09195.1.nmcorePS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MImpPRO\MIProHst.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Pure Networks\Network Magic\nmapp.exe
c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
c:\program files\Softex\OmniPass\scureapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
.
**************************************************************************
.
Completion time: 2010-09-16 16:49:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-16 20:49

Pre-Run: 14,684,434,432 bytes free
Post-Run: 14,536,699,904 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - FE0682FF7FBCBA5BEB03FFF7E3F18267


----------



## jmw3 (Jul 23, 2007)

*Rootkit Unhooker*
Download *Rootkit Unhooker* from *Here* & save it on your desktop.
Disable your security programs
Double click *RKUnhookerLE.exe* to run it
Click the *Report* tab, then click *Scan*
Check *Drivers and Stealth Code,* uncheck the rest, then click *OK*
When prompted to Select Disks for Scan, make sure *C:\* is checked then click *OK*
Wait till the scanner has finished then go *File > Save Report*
Save the report somewhere you can find it such as your desktop then click *Close*
Copy/paste the entire contents of the report & post it in your next reply
*Note - You may get the following warning - it is ok - just ignore it:*
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"​
*MBRCheck*
Download *MBRCheck* from *Here* & save it to your desktop.
*Disable* your security programs so they do not interfere with the tool.
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt if enabled)
A window will open on your desktop
If an unknown bootcode is found, *do not* proceed with any further options at this time. For now, type in *N* then press *Enter* twice to exit the program
If nothing unusual is found just press *Enter*
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop 
Post the contents of that file in your next reply


----------



## bart2brett (Jun 29, 2005)

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBA152000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5705728 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1D8000 C:\WINDOWS\System32\igxpdx32.DLL 2605056 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 PnpManager 2400256 bytes
0x804D7000 RAW 2400256 bytes
0x804D7000 C:\WINDOWS\system32\TUKERNEL.EXE 2400256 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 WMIxWDM 2400256 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1613824 bytes (Intel Corporation, Component GHAL Driver)
0xA9B33000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xA86C0000 C:\WINDOWS\system32\drivers\hardlock.sys 696320 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT)
0xBA082000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xA8792000 C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA9842000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9E14000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA9A22000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA861D000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xA83BE000 C:\WINDOWS\system32\drivers\supersafer.sys 356352 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9DD9000 C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 241664 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0xA98FF000 C:\WINDOWS\system32\Drivers\vmm.sys 241664 bytes (Microsoft Corporation, Virtual Machine Monitor)
0xA9AAE000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xB9E72000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7581000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7842000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA98B2000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xBA116000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA995C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF75AF000 d346bus.sys 159744 bytes ( , PnP BIOS Extension)
0xA99AC000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA869C000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA9B0F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xBA05E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xBA013000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA993A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA98DD000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA980B000 C:\WINDOWS\System32\Drivers\aswSP.SYS 135168 bytes (ALWIL Software, avast! self protection module)
0x80721000 ACPI_HAL 134400 bytes
0x80721000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7443000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7493000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9FE4000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0xF74B2000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7828000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF747B000 98304 bytes
0xA972B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7463000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9FCD000 C:\WINDOWS\System32\Drivers\ezplay.sys 94208 bytes (VSO Software, Helper driver to facilitate play of cd backups)
0xF7409000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9EB3000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9046000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 90112 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xA982C000 C:\Program Files\UltraISO\drivers\ISODrive.sys 90112 bytes (EZB Systems, Inc., ISO DVD/CD-ROM Device Driver)
0xA9304000 C:\WINDOWS\System32\Drivers\DefragFS.SYS 86016 bytes (Raxco Software, Inc., Defragmentation Support Driver)
0xF786F000 inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xA8A00000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xBA13E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB9FBA000 C:\WINDOWS\System32\Drivers\DlinkUDSMBus.sys 77824 bytes (Windows (R) Codename Longhorn DDK provider, KCodes Master Bus of USB Software Bus By TCP)
0xA9A7B000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7884000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF7431000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7420000 mrfoldr.sys 69632 bytes (Techsoft, MirrorFolder Real-time Mirroring Driver)
0xF7570000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9EA2000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA002000 C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys 69632 bytes (Microsoft Corporation, Virtual Machine Network Services Driver)
0xB9F5A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys 65536 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0xB9F8A000 C:\WINDOWS\System32\Drivers\oz776.sys 65536 bytes (O2Micro, O2Micro USB CCID SmartCard Reader)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA770000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA8BDD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA760000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA7A0000 C:\WINDOWS\system32\DRIVERS\wsimd.sys 57344 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7687000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7520000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7697000 C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys 49152 bytes (Logitech, Inc., Logitech PS/2 Mouse Filter Driver.)
0xF74E0000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF7500000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7540000 C:\WINDOWS\system32\drivers\surroundhp_kern_i386.sys 49152 bytes (-, SRS Labs Surround HP kernel DLL)
0xF7530000 C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys 49152 bytes (-, SRS Labs TruSurround HD 4 kernel DLL)
0xF7550000 C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys 45056 bytes (-, SRS Labs CSII Decoder Kernel DLL)
0xBA710000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7510000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA740000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA790000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7647000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7560000 C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys 40960 bytes (-, SRS WOW HD, TSXT, CSII, Mobile HD Standalone driver)
0xF74D0000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB9F6A000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7677000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA8832000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF74F0000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA730000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA979B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7657000 SahdIa32.sys 36864 bytes (Sonic Solutions, Disk Filter Driver)
0xBA720000 C:\WINDOWS\System32\Drivers\SaibVd32.sys 36864 bytes (Sonic Solutions, FileDisk Virtual Disk Driver)
0xBA750000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7767000 C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 32768 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xA93A1000 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 32768 bytes (Avanquest Software, BVRP NDIS 5.0 MPR Protocol Driver)
0xF7717000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF77D7000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB9EDA000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7727000 SaibIa32.sys 32768 bytes (Sonic Solutions, Disk Filter Driver)
0xF779F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7777000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77C7000 C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys 32768 bytes (SRS Labs, Inc., WOW HD kernel mode DLL for Windows)
0xB9F02000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF780F000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xF7797000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF778F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77EF000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF776F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB9EFA000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF775F000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 20480 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xB9ECA000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 20480 bytes (COMODO, COMODO Internet Security Helper Driver)
0xB9EEA000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xA9391000 C:\WINDOWS\system32\DRIVERS\pnarp.sys 20480 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0xB9ED2000 C:\WINDOWS\system32\DRIVERS\pnpcap.sys 20480 bytes (Cisco Systems, Inc., Packet Capture Protocol Driver)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xA9A12000 C:\WINDOWS\system32\DRIVERS\purendis.sys 20480 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0xF7807000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF771F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB9F12000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9D1D000 C:\WINDOWS\System32\drivers\aspi32.sys 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xA8149000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 16384 bytes (ALWIL Software, avast! TDI RDR Driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA046000 C:\WINDOWS\System32\Drivers\cdrbsvsd.SYS 16384 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0xF794B000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA9AEF000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xA9379000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xBA6E5000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA91FC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA7F0000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA9B03000 C:\WINDOWS\System32\Drivers\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA999C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA9AF7000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA9AE7000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7C4000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA7E4000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xBA036000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7943000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xA967F000 C:\Program Files\CyberLink\PowerDVD\000.fcl 8192 bytes (Cyberlink Corp., FCL Driver)
0xF79AB000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798B000 d346prt.sys 8192 bytes ( , SCSI miniport)
0xF79C3000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79A7000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79AF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79B3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7993000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7999000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79A3000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7AB9000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7A76000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7AB3000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A79000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes (PowerQuest Corporation, PowerQuest Boot Mode Driver.)
0xF7A7F000 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 4096 bytes (TuneUp Software, TuneUp Utilities Driver)
0x8AADC470 unknown_irp_handler 2960 bytes
0x8B600AC0 unknown_irp_handler 1344 bytes
0x8B4BDB20 unknown_irp_handler 1248 bytes
0x8B4C8B98 unknown_irp_handler 1128 bytes
0x8B669BC0 unknown_irp_handler 1088 bytes
0x8B666BC8 unknown_irp_handler 1080 bytes
0x8B802C60 unknown_irp_handler 928 bytes
0x8B35BD78 unknown_irp_handler 648 bytes
0x8B5D3DA0 unknown_irp_handler 608 bytes
0x8B56CE70 unknown_irp_handler 400 bytes
0x8B433E78 unknown_irp_handler 392 bytes
==============================================
>Stealth
==============================================
0x00DD0000 Hidden Image-->WDFMEIPC.dll [ EPROCESS 0x8A7BF020 ] PID: 3176, 102400 bytes
0x00C40000 Hidden Image-->WDFMEIPC.dll [ EPROCESS 0x8A7CC730 ] PID: 3024, 102400 bytes
0x054F0000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 126976 bytes
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\atapi.sys]
0x03980000 Hidden Image-->System.XML.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 2060288 bytes
0x045D0000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 266240 bytes
0x04360000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 270336 bytes
0x00D60000 Hidden Image-->msvcm90.dll [ EPROCESS 0x8A7BF020 ] PID: 3176, 270336 bytes
0x03D70000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x8A7BF020 ] PID: 3176, 270336 bytes
0x00BF0000 Hidden Image-->msvcm90.dll [ EPROCESS 0x8A7CC730 ] PID: 3024, 270336 bytes
0x00FB0000 Hidden Image-->log4net.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 282624 bytes
0x04000000 Hidden Image-->System.Data.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 2961408 bytes
0x03A20000 Hidden Image-->System.Data.dll [ EPROCESS 0x8A7BF020 ] PID: 3176, 2961408 bytes
0x04B30000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 307200 bytes
0x03360000 Hidden Image-->System.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 3158016 bytes
0x05400000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 421888 bytes
0x031A0000 Hidden Image-->System.configuration.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 438272 bytes
0x043D0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 479232 bytes
0x04D80000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 5033984 bytes
0x05360000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x8A8A8B30 ] PID: 4088, 634880 bytes
0x03F20000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x8A8A8B30 ] PID: 4088, 872448 bytes

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: 
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000414

Kernel Drivers (total 170):
0x804D7000 \WINDOWS\system32\TUKERNEL.EXE
0x80721000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75AF000 d346bus.sys
0xF7581000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7570000 pci.sys
0xF75F7000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B2000 pcmcia.sys
0xF7607000 MountMgr.sys
0xF7493000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF747B000 
0xF798B000 d346prt.sys
0xF7463000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7717000 cercsr6.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7443000 fltmgr.sys
0xF7431000 sr.sys
0xF7420000 mrfoldr.sys
0xF7647000 PxHelp20.sys
0xF7409000 KSecDD.sys
0xF7884000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF786F000 inspect.sys
0xF7842000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xF771F000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xF7727000 SaibIa32.sys
0xF7657000 SahdIa32.sys
0xF7828000 Mup.sys
0xF7677000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7943000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF794B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA152000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xBA13E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA116000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA082000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF776F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA05E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7687000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7697000 \SystemRoot\system32\DRIVERS\L8042pr2.Sys
0xF76A7000 \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
0xF778F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7797000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA7F0000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA7E4000 \??\C:\WINDOWS\system32\drivers\pfc.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA013000 \SystemRoot\system32\DRIVERS\ks.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA002000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
0xB9FE4000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xB9FCD000 \SystemRoot\System32\Drivers\ezplay.sys
0xB9FBA000 \SystemRoot\System32\Drivers\DlinkUDSMBus.sys
0xF7560000 \SystemRoot\system32\drivers\srs_sscfilter_i386.sys
0xF77C7000 \SystemRoot\system32\drivers\wowhd_kern_i386.sys
0xF7550000 \SystemRoot\system32\drivers\csiidecoder_kern_i386.sys
0xF7540000 \SystemRoot\system32\drivers\surroundhp_kern_i386.sys
0xF7530000 \SystemRoot\system32\drivers\tshd4_kern_i386.sys
0xF7AB9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7993000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF77D7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7520000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7C4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9EB3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7510000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7500000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB9EA2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF74F0000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7807000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF74E0000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF780F000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB9E72000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF74D0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7999000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9E14000 \SystemRoot\system32\DRIVERS\update.sys
0xBA6E5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9DD9000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0xBA7A0000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xBA790000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA9B33000 \SystemRoot\system32\drivers\sthda.sys
0xA9B0F000 \SystemRoot\system32\drivers\portcls.sys
0xBA770000 \SystemRoot\system32\drivers\drmk.sys
0xBA760000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA9AAE000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA046000 \SystemRoot\System32\Drivers\cdrbsvsd.SYS
0xF79A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AB3000 \SystemRoot\System32\Drivers\Null.SYS
0xF79AB000 \SystemRoot\System32\Drivers\Beep.SYS
0xB9F02000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB9EFA000 \SystemRoot\System32\drivers\vga.sys
0xF79AF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB9EEA000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB9EDA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA036000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9A7B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9A22000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB9ECA000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xA99AC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA750000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA740000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA995C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA993A000 \SystemRoot\System32\drivers\afd.sys
0xBA730000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA720000 \SystemRoot\System32\Drivers\SaibVd32.sys
0xA98FF000 \??\C:\WINDOWS\system32\Drivers\vmm.sys
0xA98DD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF77EF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA98B2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF7A79000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xA9842000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA982C000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0xBA710000 \SystemRoot\System32\Drivers\Fips.SYS
0xA980B000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB9D1D000 \SystemRoot\System32\drivers\aspi32.sys
0xF775F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB9F8A000 \SystemRoot\System32\Drivers\oz776.sys
0xA9B03000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xF779F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA9AF7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB9F6A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA9AEF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA9AE7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB9F5A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA972B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79C3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA999C000 \SystemRoot\System32\drivers\Dxapi.sys
0xB9F12000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A76000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9379000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xF7767000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xA9304000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xA93A1000 \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
0xA91FC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9391000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xB9ED2000 \SystemRoot\system32\DRIVERS\pnpcap.sys
0xA9A12000 \SystemRoot\system32\DRIVERS\purendis.sys
0xA9046000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA8A00000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8BDD000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8792000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xA86C0000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xA869C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8832000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA861D000 \SystemRoot\system32\DRIVERS\srv.sys
0xA83BE000 \??\C:\WINDOWS\system32\drivers\supersafer.sys
0xA967F000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
0xF7A7F000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0xA8149000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
1376 C:\WINDOWS\system32\smss.exe
1724 csrss.exe
1972 C:\WINDOWS\system32\winlogon.exe
340 C:\WINDOWS\system32\services.exe
352 C:\WINDOWS\system32\lsass.exe
680 C:\Program Files\Softex\OmniPass\OmniServ.exe
832 C:\WINDOWS\system32\svchost.exe
1060 svchost.exe
1148 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1292 C:\WINDOWS\system32\svchost.exe
1408 C:\WINDOWS\system32\svchost.exe
1768 svchost.exe
1888 svchost.exe
264 C:\WINDOWS\system32\WLTRYSVC.EXE
376 C:\WINDOWS\system32\BCMWLTRY.EXE
412 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
904 C:\Program Files\Alwil Software\Avast4\ashServ.exe
716 C:\WINDOWS\explorer.exe
1952 C:\Program Files\MImpPRO\MIProHst.exe
284 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
916 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
1108 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
1504 C:\Program Files\Softex\OmniPass\scureapp.exe
1764 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2252 C:\WINDOWS\system32\spoolsv.exe
3496 scardsvr.exe
3700 C:\WINDOWS\system32\CTSVCCDA.EXE
3752 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
4088 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
2312 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
204 C:\WINDOWS\system32\mfsyncsv.exe
2000 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
2748 C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
2984 C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
3060 C:\Program Files\CyberLink\Shared files\RichVideo.exe
1032 C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
3904 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
3348 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
3488 C:\Program Files\TeamViewer\Version5\TeamViewer.exe
160 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
3176 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
3024 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
1392 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
4072 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
3472 C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
1804 alg.exe
3712 C:\WINDOWS\system32\wuauclt.exe
3544 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
2308 C:\WINDOWS\system32\wscntfy.exe
3792 C:\Documents and Settings\Pete\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS721080G9SA00, Rev: MC4OC10H

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: 397480E03F82925B9B94EA2A54A75A78E81FD00F

Done!


----------



## jmw3 (Jul 23, 2007)

Hi

*Update Java Runtime*
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: *Java Runtime Environment Version 6 Update 21*.

Download the latest version of *Java Runtime Environment (JRE) 6* *Here*
Scroll down to where it says "*JDK 6 Update 21 (JDK or JRE)*" 
Click the orange *Download JRE* button to the right
Select the *Windows* platform from the dropdown menu
Read the License Agreement and then check the box that says: "_I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement_". Click on *Continue.*The page will refresh
Click on the link to download *Windows Offline Installation* & *save the file to your desktop*
Close any programs you may have running - especially your web browser
Go to *Start > Settings > Control Panel*, double-click on *Add/Remove Programs* & remove all older versions of Java
Check (_highlight_) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
Click the *Remove* or *Change/Remove* button.
Repeat as many times as necessary to remove each Java versions
Reboot your computer once all Java components are removed
Then from your desktop double-click on *jre-6u21-windows-i586.exe* to install the newest version

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the *Settings* button
Next, click on the Delete Files button
There are two options in the window to clear the cache - *Leave BOTH Checked*
*Applications and Applets
Trace and Log Files*

Click OK on Delete Temporary Files Window
*Note: This deletes ALL the Downloaded Applications and Applets from the CACHE*
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel

*Kaspersky Online Scan*
Do an online scan with *>Kaspersky Online Scanner<*

Read through the requirements and privacy statement and click on *Accept* button
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*
When the downloads have finished, click on *Settings*
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the *Save* button:
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*
Once the scan is complete, it will display the results. Click on *View Scan Report*
You will see a list of infected items there. Click on *Save Report As...*
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button
Please post this log in your next reply
Pictured tutorial if required.
This scan will take quite some time to update & scan, so be patient with it.

To post i next reply:
Kaspersky Online Scan log
Update on how the computer is running


----------



## bart2brett (Jun 29, 2005)

OK I took care of the Java. The Kaspersky online failed.

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.

Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: Scanning could not be started. [0x80004005]]

The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience. While you are waiting for the improved Online Scanner, why not take a free trial of Kaspersky Internet Security 2011, which has everything you need to keep your computer safe.


----------



## jmw3 (Jul 23, 2007)

The Kaspersky scanner is a good scanner, but appears to be a hit & miss at the moment. Try this one:

*ESET Online Scanner*
Go *here* to run an online scannner from ESET.

*Note:* You will need to use *Internet explorer* for this scan
 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is unticked and the *Scan Archives* option is ticked
Click on Advanced Settings, ensure the options *Scan for potentially unwanted applications*, *Scan for potentially unsafe applications*, and *Enable Anti-Stealth Technology* are ticked
Click *Scan*
Wait for the scan to finish
Use *notepad* to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic


----------



## bart2brett (Jun 29, 2005)

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1189c8e8d508e242aacc559ddd39d094
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-19 03:04:26
# local_time=2010-09-18 11:04:26 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 49785204 49785204 0 0
# compatibility_mode=769 16775141 100 98 0 220224771 0 0
# compatibility_mode=3073 16777213 80 92 0 919229 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=105146
# found=13
# cleaned=0
# scan_time=7450
C:\Documents and Settings\Pete\Desktop\desktop cleanup\passrec\ChromePass.exe	Win32/PSWTool.ChromePass.A application	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Desktop\desktop cleanup\passrec\netpass.exe	Win32/NetPass application	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Desktop\desktop cleanup\passrec\PstPassword.exe	Win32/PSWTool.PstPassword.112 application	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Desktop\desktop cleanup\passrec\VNCPassView.exe	Win32/PSWTool.VNCPassView.A application	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Desktop\desktop cleanup\passrec\WirelessKeyView.exe	a variant of Win32/WirelessKeyView.A application	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Desktop\desktop cleanup\PS2\ToxicDualLayerPatcher-v1.0\DLPatcher.exe	probably a variant of Win32/Agent.FDSUVWE trojan	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (pe 2ad\Sent items\342D2A86-000000AF.eml	a variant of Win32/HackTool.Patcher.A application	00000000000000000000000000000000	I
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL	Win32/Toolbar.AskSBar application	00000000000000000000000000000000	I
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL	Win32/Toolbar.AskSBar application	00000000000000000000000000000000	I
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL	Win32/Toolbar.MyWebSearch application	00000000000000000000000000000000	I
C:\Program Files\Ballance\Trainer.exe	probably a variant of Win32/Spy.Agent.LZWULWM trojan	00000000000000000000000000000000	I
C:\Program Files\Ballance\Bin\ballanceNOcd.exe	a variant of Win32/Tool.TPE.A application	00000000000000000000000000000000	I
C:\Program Files\Ballance\Crack\Trainer.exe	probably a variant of Win32/Spy.Agent.LZWULWM trojan	00000000000000000000000000000000	I
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1189c8e8d508e242aacc559ddd39d094
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-19 05:35:35
# local_time=2010-09-19 01:35:35 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 49844869 49844869 0 0
# compatibility_mode=769 16775141 100 98 0 220284436 0 0
# compatibility_mode=3073 16777213 80 92 0 978894 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=476
# found=0
# cleaned=0
# scan_time=54
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1189c8e8d508e242aacc559ddd39d094
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-19 08:29:30
# local_time=2010-09-19 04:29:30 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 49845058 49845058 0 0
# compatibility_mode=769 16775141 100 98 0 220284625 0 0
# compatibility_mode=3073 16777213 80 92 0 979083 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=190201
# found=18
# cleaned=0
# scan_time=10300
C:\Documents and Settings\Pete\Desktop\desktop cleanup\passrec\ChromePass.exe	Win32/PSWTool.ChromePass.A application	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Desktop\desktop cleanup\passrec\netpass.exe	Win32/NetPass application	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Desktop\desktop cleanup\passrec\PstPassword.exe	Win32/PSWTool.PstPassword.112 application	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Desktop\desktop cleanup\passrec\VNCPassView.exe	Win32/PSWTool.VNCPassView.A application	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Desktop\desktop cleanup\passrec\WirelessKeyView.exe	a variant of Win32/WirelessKeyView.A application	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Desktop\desktop cleanup\PS2\ToxicDualLayerPatcher-v1.0\DLPatcher.exe	probably a variant of Win32/Agent.FDSUVWE trojan	00000000000000000000000000000000	I
C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (pe 2ad\Sent items\342D2A86-000000AF.eml	a variant of Win32/HackTool.Patcher.A application	00000000000000000000000000000000	I
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL	Win32/Toolbar.AskSBar application	00000000000000000000000000000000	I
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL	Win32/Toolbar.AskSBar application	00000000000000000000000000000000	I
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL	Win32/Toolbar.MyWebSearch application	00000000000000000000000000000000	I
C:\Program Files\Ballance\Trainer.exe	probably a variant of Win32/Spy.Agent.LZWULWM trojan	00000000000000000000000000000000	I
C:\Program Files\Ballance\Bin\ballanceNOcd.exe	a variant of Win32/Tool.TPE.A application	00000000000000000000000000000000	I
C:\Program Files\Ballance\Crack\Trainer.exe	probably a variant of Win32/Spy.Agent.LZWULWM trojan	00000000000000000000000000000000	I
C:\Program Files\SRS Labs\Audio Sandbox\patch srs.exe	a variant of Win32/HackTool.Patcher.A application	00000000000000000000000000000000	I
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro_2.2.3_x64_patch.exe	Win32/HackTool.Patcher.A application	00000000000000000000000000000000	I
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro_2.2.3_x86_patch.exe	Win32/HackTool.Patcher.A application	00000000000000000000000000000000	I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sstsCJlm.ini.vir	Win32/Adware.Virtumonde.NEO application	00000000000000000000000000000000	I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sstsCJlm.ini2.vir	Win32/Adware.Virtumonde.NEO application	00000000000000000000000000000000	I


----------



## jmw3 (Jul 23, 2007)

*OTM*
Download *OTM* by OldTimer *Here* & save it to your desktop.

Double click on *OTM.exe* to run it
Copy & paste the contents of the Code box below into *Paste Instructions for Items to be Moved*
*Note:* Do not type it out to minimize the risk of typo error

```
:Files
C:\Program Files\AskTBar
C:\Program Files\Ballance
:Commands
[Purity]
[EmptyTemp]
[Reboot]
```

Click on *MoveIt!*
When done, click on *Exit*
*Note:* If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose *Yes*.
A log will be produced at *C:\_OTM\MovedFiles\date_time.log*, where *date_time* are numbers. Post this log in your next reply.

How's the computer running?


----------



## bart2brett (Jun 29, 2005)

All processes killed
========== FILES ==========
C:\Program Files\AskTBar\SrchAstt\1.bin folder moved successfully.
C:\Program Files\AskTBar\SrchAstt folder moved successfully.
C:\Program Files\AskTBar\bar\Settings folder moved successfully.
C:\Program Files\AskTBar\bar\History folder moved successfully.
C:\Program Files\AskTBar\bar\Cache folder moved successfully.
C:\Program Files\AskTBar\bar\1.bin folder moved successfully.
C:\Program Files\AskTBar\bar folder moved successfully.
C:\Program Files\AskTBar folder moved successfully.
C:\Program Files\Ballance\Textures\sky_low folder moved successfully.
C:\Program Files\Ballance\Textures\sky folder moved successfully.
C:\Program Files\Ballance\Textures folder moved successfully.
C:\Program Files\Ballance\Text folder moved successfully.
C:\Program Files\Ballance\Sounds_low folder moved successfully.
C:\Program Files\Ballance\Sounds folder moved successfully.
C:\Program Files\Ballance\Setup folder moved successfully.
C:\Program Files\Ballance\RenderEngines folder moved successfully.
C:\Program Files\Ballance\Plugins folder moved successfully.
C:\Program Files\Ballance\Managers folder moved successfully.
C:\Program Files\Ballance\help\help_images folder moved successfully.
C:\Program Files\Ballance\help folder moved successfully.
C:\Program Files\Ballance\Extras\DirectX folder moved successfully.
C:\Program Files\Ballance\Extras folder moved successfully.
C:\Program Files\Ballance\Crack folder moved successfully.
C:\Program Files\Ballance\BuildingBlocks folder moved successfully.
C:\Program Files\Ballance\Bin folder moved successfully.
C:\Program Files\Ballance\3D Entities\PH folder moved successfully.
C:\Program Files\Ballance\3D Entities\Level folder moved successfully.
C:\Program Files\Ballance\3D Entities folder moved successfully.
C:\Program Files\Ballance folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: LocalService

User: NetworkService

User: Pete
->Temp folder emptied: 134967835 bytes
->Temporary Internet Files folder emptied: 10052313 bytes
->Java cache emptied: 128101 bytes
->FireFox cache emptied: 96476153 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2580 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Windows Temp folder emptied: 10896857 bytes
RecycleBin emptied: 1387875847 bytes

Total Files Cleaned = 1,564.00 mb

OTM by OldTimer - Version 3.1.16.1 log created on 09192010_204738


----------



## bart2brett (Jun 29, 2005)

Laptop still gives me fits. It locks up and stops responding frequently.


----------



## jmw3 (Jul 23, 2007)

Hi

I can see nothing in the logs now to indicate malware. Hardware related maybe??

Could I see a new set of DDS logs & a new HijackThis log please?


----------



## bart2brett (Jun 29, 2005)

DDS (Ver_09-09-29.01) - NTFSx86 
Run by Pete at 11:45:35.92 on Mon 09/20/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2388 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100920-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MImpPRO\MIProHst.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\National Consumer Panel\NCP Internet Transporter\HSTrans.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\mfsyncsv.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pete\Desktop\dds.com
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB983583-x86.exe
g:\4c64cbd62cf2bd637e246d34fb\HotFixInstaller.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234498901&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D808798880&id=64855
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [MImpPro] c:\program files\mimppro\MIProHst.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MegaPanel] c:\program files\national consumer panel\ncp internet transporter\HSTrans.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open in Web Archives Viewer - c:\program files\webarchivesviewer\IEContext.htm
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227406791671
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257564424453
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53} = 10.9.60.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\fences\FencesMenu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\w8ha1gfu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\pete\application data\mozilla\firefox\profiles\w8ha1gfu.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\pete\application data\mozilla\firefox\profiles\w8ha1gfu.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2009-3-30 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2009-3-30 5248]
R0 mrfoldr;MirrorFolder real-time replication driver;c:\windows\system32\drivers\mrfoldr.sys [2009-3-5 77304]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-12-29 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-12-29 15856]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-2 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 25240]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-12-29 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67656]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-2 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-2 138680]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1901056]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-9-29 13088]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-19 304464]
R2 mfsyncsv;MirrorFolder Auto-synchronization Service;c:\windows\system32\mfsyncsv.exe [2009-3-5 127352]
R2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [2009-10-5 23344]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\common files\icwm\printer\RDIConverterService.exe [2008-10-1 64888]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2009-11-21 202280]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2009-7-28 354176]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-8 185640]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-7-6 1051968]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-2 352920]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [2008-11-11 74624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-19 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-26 54432]
S2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;\??\c:\program files\bvrp connection manager\bvrpndis.sys --> c:\program files\bvrp connection manager\BVRPNDIS.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-4 133104]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 CBMR Scheduler;CBMR Scheduler;c:\program files\cristie\cbmr\_BSSVC.EXE [2006-10-31 36864]
S3 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\mediacoder\sysinfo.sys --> c:\program files\mediacoder\SysInfo.sys [?]
S3 DataMirror Transformation Server Access Server;DataMirror Transformation Server Access Server;c:\program files\datamirror\transformation server access control\bin\dmaccessserver.exe [2008-2-29 90112]
S3 DataMirror Transformation Server Integration Server;DataMirror Transformation Server Integration Server;c:\program files\datamirror\transformation server access control\bin\dmintegrationserver.exe [2008-2-29 90112]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [2008-11-11 97664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-1-10 1527900]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2009-10-18 434176]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2009-10-18 27904]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2009-10-18 1190784]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2009-10-18 1187072]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 L6PODLV;PODxt Live Service;c:\windows\system32\drivers\L6PODLV.sys [2010-5-19 571136]
S3 NUVision;Pinnacle LINX;c:\windows\system32\drivers\Nuvision.sys [2010-3-27 136352]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-7-8 27064]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-7 25088]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-21 280344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-7-24 11520]
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
S4 TS EA Access Server;TS EA Access Server;c:\program files\datamirror\ts ea\dmservserv.exe [2006-1-27 57344]
S4 TS EA Integration Server;TS EA Integration Server;c:\program files\datamirror\ts ea\dmis.exe [2006-1-27 49152]

=============== Created Last 30 ================

2010-09-19 20:47 --d-----	C:\_OTM
2010-09-19 20:39	72,520	a-------	c:\windows\system32\drivers\ftser2k.sys
2010-09-19 20:39	206,144	a-------	c:\windows\system32\ftd2xx.dll
2010-09-19 20:39	120,136	a-------	c:\windows\system32\ftbusui.dll
2010-09-19 20:39	57,672	a-------	c:\windows\system32\drivers\ftdibus.sys
2010-09-19 20:38 --d-----	c:\program files\National Consumer Panel
2010-09-18 20:49 --d-----	c:\program files\ESET
2010-09-17 21:36 --d-----	c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-09-17 20:00	73,728	a-------	c:\windows\system32\javacpl.cpl
2010-09-17 19:34	0	a-------	c:\windows\system32\REN50.tmp
2010-09-17 19:34	0	a-------	c:\windows\system32\REN4F.tmp
2010-09-17 19:34	0	a-------	c:\windows\system32\REN4E.tmp
2010-09-17 14:07 --d-----	c:\program files\Siber Systems
2010-09-16 12:19	256,512	a-------	c:\windows\PEV.exe
2010-09-16 12:19	77,312	a-------	c:\windows\MBR.exe
2010-09-15 20:41 --d-----	c:\docume~1\pete\applic~1\RoboForm
2010-09-15 18:35	1,374	a-------	c:\windows\imsins.BAK
2010-09-15 10:18 --d-----	C:\VritualRoot
2010-09-15 10:05 --d-----	c:\program files\COMODO
2010-09-15 10:01 --d-----	c:\docume~1\alluse~1\applic~1\Comodo
2010-09-15 09:14 --d-----	c:\program files\DropMyRights
2010-09-15 07:41	280,692	a-------	c:\windows\sketch.jpg
2010-09-10 23:41	285,480	a-------	c:\windows\system32\guard32.dll
2010-09-10 23:40	239,240	a-------	c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 23:40	25,240	a-------	c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 23:40	15,592	a-------	c:\windows\system32\drivers\cmderd.sys

==================== Find3M ====================

2010-09-17 19:59	423,656	a-------	c:\windows\system32\deployJava1.dll
2010-08-17 09:17	58,880	a-------	c:\windows\system32\spoolsv.exe
2010-07-22 11:49	590,848	a-------	c:\windows\system32\rpcrt4.dll
2010-07-22 01:57	5,120	a-------	c:\windows\system32\xpsp4res.dll
2010-07-11 20:21	2,286,080	a-------	c:\windows\system32\TUKernel.exe
2010-07-06 07:57	30,528	a-------	c:\windows\system32\TURegOpt.exe
2010-07-06 07:52	30,016	a-------	c:\windows\system32\uxtuneup.dll
2010-06-30 08:31	149,504	a-------	c:\windows\system32\schannel.dll
2010-06-23 09:44	1,851,904	a-------	c:\windows\system32\win32k.sys
2010-05-21 21:13	256	a-------	c:\documents and settings\pete\pool.bin
2010-04-26 20:39	49,152	a--sh---	c:\program files\Thumbs.db
2010-01-06 21:35	94,208	a-------	c:\docume~1\pete\applic~1\ezplay.sys
2009-09-24 23:07	352,256	a-------	c:\program files\USBExtreme.exe
2009-07-23 14:49	72,569,774	a-------	c:\program files\3D_Driving-School_v3.1.exe
2009-02-03 18:08	13,227,453	-c------	c:\program files\PROCESSLIST.DB
2009-02-03 18:08	1,118,656	-c------	c:\program files\PROCESSLISTRELATED.DB
2008-12-14 19:47	47,360	-c------	c:\docume~1\pete\applic~1\pcouffin.sys
2008-11-30 20:44	81,920	a-------	c:\program files\sherlock.exe
2008-11-09 20:07	6,106,480	a-------	c:\program files\RiffMaster Pro 3.0.exe
2007-03-04 14:30	39,060	a-------	c:\program files\Buffering2.jpg
2007-03-04 14:30	39,047	a-------	c:\program files\Buffering5.jpg
2007-03-04 14:30	39,040	a-------	c:\program files\Buffering1.jpg
2007-03-04 14:30	39,038	a-------	c:\program files\Buffering6.jpg
2007-03-04 14:30	39,035	a-------	c:\program files\Buffering4.jpg
2007-03-04 14:30	39,033	a-------	c:\program files\Buffering3.jpg
2007-03-04 14:30	39,020	a-------	c:\program files\Buffering7.jpg
2006-03-23 15:17	114,688	--------	c:\program files\igfxzoom.exe
2004-05-24 23:05	536,631	--------	c:\program files\procexp.exe
2003-04-29 05:33	1,328,198	--------	c:\program files\TuMeDrum.exe
2000-11-12 16:48	220,160	--------	c:\program files\acpu.exe
2010-06-13 15:54	2	a--shrot	c:\windows\winstart.bat
2006-05-03 06:06	163,328	---shr--	c:\windows\system32\flvDX.dll
2007-02-21 07:47	31,232	---shr--	c:\windows\system32\msfDX.dll
2008-03-16 09:30	216,064	---shr--	c:\windows\system32\nbDX.dll
2009-02-08 00:57	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020720090208\index.dat
2009-02-08 01:25	32,768	-c-sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat

============= FINISH: 11:47:54.56 ===============


----------



## bart2brett (Jun 29, 2005)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/21/2008 8:19:05 PM
System Uptime: 9/20/2010 11:35:30 AM (0 hours ago)

Motherboard: Dell Inc. | | 0FT292
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 1664/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 12.465 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 699 GiB total, 473.048 GiB free.
K: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP38: 9/17/2010 12:39:35 PM - Software Distribution Service 3.0
RP39: 9/17/2010 2:02:10 PM - Revo Uninstaller Pro's restore point - AI RoboForm (All Users)
RP40: 9/17/2010 7:34:06 PM - Revo Uninstaller Pro's restore point - Java(TM) 6 Update 20
RP41: 9/17/2010 7:34:41 PM - Removed Java(TM) 6 Update 20
RP42: 9/17/2010 7:59:40 PM - Installed Java(TM) 6 Update 21
RP43: 9/19/2010 8:29:22 PM - Software Distribution Service 3.0
RP44: 9/19/2010 8:38:56 PM - Installed NCP Internet Transporter
RP45: 9/19/2010 9:36:23 PM - Software Distribution Service 3.0
RP46: 9/20/2010 11:45:21 AM - Software Distribution Service 3.0

==== Installed Programs ======================

5.0
Aaron's WebVacuum 2
Absolute Fretboard Trainer PRO
Absolute MP3 Splitter version 2.8.7
ACDSee Pro 3
Adobe Audition 3.0
Adobe Audition 3.0.1 Patch
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Shockwave Player 11.5
AI RoboForm (All Users)
Alchemy Deluxe
ALi USB2.0 Driver
Allstate Home Inventory 3.08
Amazing Adventures: The Lost Tomb
Amazon MP3 Downloader 1.0.5
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
AstroPop Deluxe
Atari: The 80 Classic Games
Atmosphere Deluxe v7.0
Atomica Deluxe
AudibleManager
avast! Antivirus
Avi2Dvd 0.5
Avidemux 2.4
AviSynth 2.5
Bejeweled 2 Deluxe 1.1
Bejeweled Deluxe
Bejeweled Twist 1.0.3.7482
Beyond Compare Version 2.5.3
Big Kahuna Reef
Big Money Deluxe
Bing Maps 3D
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry USB Drivers
BlindWrite 6
Bonjour
Bonnie's Bookstore Deluxe
Bookworm Adventures Deluxe
Bookworm Deluxe
Broadcom Gigabit Integrated Controller
Calculator Powertoy for Windows XP
Canopus Codec Option
CBMR 5.0.1
Chuzzle Deluxe
CinemaNow Media Manager
Cisco Network Magic
ClocX (1.5b2)
Collectorz.com Movie Collector
Combined Community Codec Pack 2007-07-22
COMODO Internet Security
ConvertXtoDVD 3.3.2.100
Cool MP3 Splitter 2.2
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - VSTA
Coupon Printer for Windows
Creative Element Power Tools
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
D'Accord Guitar Chord Dictionary 3.0
D-Link DWA-652 Xtreme N Notebook Adapter
DataMirror Enterprise Administrator
DataMirror Transformation Server Access Control
DataMirror Transformation Server Management Console
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Resource CD
Dell Wireless WLAN Card
Diner Dash 2
DirectX 9 Runtime
Disk Investigator 1.4
DivX Codec
DropMyRights
Duplicate File Remover
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVD to iPod Converter 4
DVDFab 6.0.6.0 (04/09/2009)
dvdSanta 4.50
Dynomite Deluxe
EA SPORTS online 2006
Easy File & Folder Protector v4.2
Easy WiFi Radar PRO 1.0.0
ebgcInfra
ebgcRes
ebgcSDK
emlOpenView 1.6
ESET Online Scanner v3
eWallet 6.1 for BlackBerry
EZ Guitar Tabs
Family Feud
Feeding Frenzy 2 Deluxe
Feeding Frenzy Deluxe
Fences
ffdshow [rev 2583] [2009-01-05]
FileZilla Client 3.2.7.1
Finale NotePad 2004
Firebird SQL Server - MAGIX Edition
FLV Converter 2.5
Folder Marker Home v 3.0
Foxit PDF Editor
Foxit PDF IFilter
Foxit Phantom
Foxit Reader
FranklinCovey PlanPlus for Windows
Garmin City Navigator North America NT 2010.10 Update
Garmin City Navigator North America NT 2010.30
Garmin City Navigator North America NT 2010.40
Garmin City Navigator North America NT 2011.10 Update
Garmin Communicator Plugin
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GCH Guitar academy
Giganews Accelerator
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GSM 1.1.4.2
GST 2.3.8.4
Guitar Chord Buster Pro 4.4.0
Guitar FX BOX 2.6
Guitar Pro 5.2
GuitarCourses.ws Fretboard Trainer 1.0
Haali Media Splitter
Hammer Heads Deluxe
Hauppauge WinTV 7
Heavy Weapon Deluxe
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows XP (KB954550-v5)
Hoyle Card Games 2010 (remove only)
HP OfficeJet/PSC Scrubber
IBM iSeries Access for Windows
Iggle Pop Deluxe
ImagXpress
Inpaint
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
InterCall Web Meeting
Internet Transporter - NCP Link
Inzomia Viewer 3.11
IrfanView (remove only)
ISO Recorder
IsoBuster 2.5.5
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Kate's Video Converter
LekuSoft Blu ray Ripper 5.50
LightZone 3.7
Line 6 Edit (remove only)
Line 6 Uninstaller
Logitech MouseWare 9.79 
Madden NFL 06
Magic Match
MAGIX Music Maker 15 Premium Download version 15.0.1.8 (US)
MAGIX Screenshare 4.3.6.1987 (US)
Mahjong Escape: Ancient Japan
Malwarebytes' Anti-Malware
MediaSPace
MessageViewer Pro 3.1.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chinese TTS 5.1
Microsoft Choice Guard
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2010
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
MirrorFolder 4.1.194.18 (Retail)
Mobile Broadband Generic Drivers
Move Media Player
Mozilla Firefox (3.6.10)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Mummy Maze Deluxe
MusicLab RealGuitar 2.0
Mystery Case Files: Huntsville
Mystery PI
Mystery Solitaire: Secret Island
n-Track Studio 6
NCP Internet Transporter
Nero 7 Ultra Edition
Nero ControlCenter
neroxml
Network Magic
Nevo Audio Splitter 2.1
NewsLeecher v3.9 Final
NingPo MahJong Deluxe
Noah's Ark Deluxe
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
OmniPass 7.00.08
Opera 9.64
OZ776 SCR Driver V1.1.4.204
Pacific Fighters
PartitionMagic
Pcsx2 0.9.6
Peggle Deluxe
PerfectDisk 10 Professional
PFConfig 1.0.278
PFPortChecker 1.0.32
Photo DVD Maker Professional 8.08
Photo Stamp Remover 2.0
PictureToTV 1.20
Pinnacle Studio LINX
Pixelus Deluxe
PizzaFrenzy
Platypus
PlayStation(R)Network Downloader
PlayStation(R)Store
PowerDVD
PowerDVD Ultra
PowerQuest PartitionMagic 8.0
Privacy Eraser Pro
Process Lasso
ProCoder 3
Product Key Explorer 2.4.3
Pure Networks Platform
QBeez 2
QFolder
QuickTime
Radioshack USB-to-Serial cable
RealPlayer
RealUpgrade 1.0
Replay Media Catcher 3.02
ResumeMaker Ultimate
Revo Uninstaller Pro 2.2.3
Road Runner Install
Road Runner Medic 6.1
Robot/CONSOLE 5
Robot/NETWORK 10
Robot/SCHEDULE 10
Rocket Mania Deluxe
Rollcage
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Burn Manager
Roxio Burn Manager CDB
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Content
Roxio Creator 2010 Pro
Roxio Disaster Recovery
Roxio File Backup
Roxio PhotoShow
Roxio Venue
Roxio Video Capture USB
RSA SecurID Software Token
Sandlot Games Client Services 1.2.2
SAPI Wrapper
Satellite TV PC Master v6.0
Save Flash 4.1
Security Task Manager 1.7f
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Setup
Seven Seas Deluxe
SharePort Network USB Utility
SigmaTel Audio
SmartSound Quicktracks Plugin
SmartSound Sonicfire Pro 5
SnagIt 8
Sony Media Manager for PSP 3.0
Sony Noise Reduction Plug-In 2.0h
SopCast 3.0.3
SpeakText v20090219
Speed Meter Pro
Spotmau 5.1.2.6407
SRS Audio Sandbox
Studio 8
SUPER © Version 2010.bld.37 (Jan 2, 2010)
Super Collapse 3
Super Internet TV v8.0 (Premium Edition)
System Explorer 1.5
Talismania Deluxe
TeamViewer 5
Text-To-Speech-Runtime
The KMPlayer (remove only)
TipTop Deluxe
Tradewinds Legends
TTS Wrapper
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Turbo Tax Audit Support Center 2.0
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TVUPlayer 2.4.9.1
TWC Customer Controls
Typer Shark Deluxe
U3Launcher
Ubee USB RNDIS and NDIS Driver 
UltraISO Premium V9.31
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Outlook 2007 Junk Email Filter (kb2291599)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Veetle TV 0.9.16
Venice Deluxe
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 0.9.4
VPN Client
VZAccess Manager
Water Bugs
WD SmartWare
WebArchivesViewer
WebEx Support Manager for Internet Explorer
WebFldrs XP
WinDirStat 1.1.2
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinRAR archiver
WinX HD Video Converter Deluxe 3.7
WM Recorder 12.1
Word Harmony Deluxe
Xilisoft Video Converter Ultimate 6
Xilisoft Video Cutter
Xvid 1.2.1 final uninstall
Zinio Reader
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

9/20/2010 11:38:44 AM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
9/17/2010 7:53:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/17/2010 7:48:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/17/2010 2:35:44 PM, error: Print [6161] - The document 2725 Kingdom Rd, Waterloo, ... owned by Pete failed to print on printer hp psc 2200 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 1492220. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\DELL. Win32 error code returned by the print processor: 5 (0x5). 
9/17/2010 2:26:01 PM, error: Print [6161] - The document Brick Schoolhouse Rd, Hilto... owned by Pete failed to print on printer hp psc 2200 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 10880408. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\DELL. Win32 error code returned by the print processor: 5 (0x5). 
9/17/2010 2:23:06 PM, error: Print [6161] - The document 2725 Kingdom Rd, Waterloo, ... owned by Pete failed to print on printer hp psc 2200 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 16425692. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\DELL. Win32 error code returned by the print processor: 5 (0x5). 
9/15/2010 8:13:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB983583).
9/15/2010 7:36:20 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2291599).
9/15/2010 6:52:46 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for the 2007 Microsoft Office System (KB2277947).
9/15/2010 6:06:09 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office Outlook 2007 (KB2288953).
9/15/2010 6:01:05 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office Word 2007 (KB2251419).
9/15/2010 6:01:05 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for <null> with the following error: Access is denied.
9/15/2010 6:01:05 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: Access is denied.
9/15/2010 6:01:04 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/15/2010 5:52:00 PM, error: guardian2 [0] - 
9/15/2010 5:51:54 PM, error: SCardSvr [610] - Smart Card Reader 'O2Micro CCID SC Reader 0' rejected IOCTL GET_STATE: The device has been removed.
9/15/2010 11:25:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/15/2010 11:24:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/15/2010 11:24:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD Aspi32 aswSP aswTdi cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip vmm
9/15/2010 11:24:10 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/15/2010 11:24:10 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/15/2010 11:24:10 AM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/15/2010 11:24:10 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/15/2010 11:24:10 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/15/2010 11:24:10 AM, error: Service Control Manager [7001] - The Cisco Systems, Inc. VPN Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/15/2010 10:58:13 AM, error: Service Control Manager [7034] - The WD File Management Shadow Engine service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:13 AM, error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:13 AM, error: Service Control Manager [7034] - The PDEngine service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The TeamViewer 5 service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (medicsp2) service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The RDI Document Conversion Helper service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The PDAgent service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The O2Micro Flash Memory Card Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The MirrorFolder Auto-synchronization Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:12 AM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:11 AM, error: Service Control Manager [7034] - The Softex OmniPass Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:58:11 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 10:21:21 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TuneUp.UtilitiesSvc service.
9/15/2010 10:20:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Atheros Configuration Service service to connect.
9/14/2010 11:38:02 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
9/14/2010 11:34:09 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/14/2010 11:33:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL vmm
9/14/2010 11:33:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.
9/14/2010 11:33:03 PM, error: Service Control Manager [7000] - The BVRPNDIS Protocol Driver U/I service failed to start due to the following error: The system cannot find the path specified.
9/14/2010 11:33:03 PM, error: Service Control Manager [7000] - The bsaspi32 service failed to start due to the following error: The system cannot find the file specified.
9/14/2010 11:30:04 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
9/14/2010 11:30:04 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/14/2010 11:30:04 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================


----------



## bart2brett (Jun 29, 2005)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:48 AM, on 9/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MImpPRO\MIProHst.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\mfsyncsv.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=...il.live.com/default.aspx?n=808798880&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [MImpPro] C:\Program Files\MImpPRO\MIProHst.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\National Consumer Panel\NCP Internet Transporter\HSTrans.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open in Web Archives Viewer - C:\Program Files\WebArchivesViewer\IEContext.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1227406791671
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1257564424453
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} (AxLoaderPassword Class) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} (AIRJ01FPlayer.Player) - http://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53}: NameServer = 10.9.60.1
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Fences\FencesMenu.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CBMR Scheduler - Unknown owner - C:\Program Files\Cristie\CBMR\_BSSVC.EXE
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DataMirror Transformation Server Access Server - Unknown owner - C:\Program Files\DataMirror\Transformation Server Access Control\bin\dmaccessserver.exe
O23 - Service: DataMirror Transformation Server Integration Server - Unknown owner - C:\Program Files\DataMirror\Transformation Server Access Control\bin\dmintegrationserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MirrorFolder Auto-synchronization Service (mfsyncsv) - Techsoft - C:\WINDOWS\system32\mfsyncsv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: RDI Document Conversion Helper (RDIConverterPrintHelper) - Web Meeting - C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 17736 bytes


----------



## jmw3 (Jul 23, 2007)

Hi

Those logs are clean, so the problems you're experiencing are not malware related.

It's possible ther is still some conflicts between your Anti-virus programs & Anti-spyware programs. I notice you have both Malwarebytes Anti-Malware & SUPERAntiSpyware running. Are they both the licenced versions running with real-time protection enabled. If that is case, then only *one* should be running with real-time protection.

I do however notice an error in your Attach log that makes me think the problems could also be hardware related:
*9/14/2010 11:30:04 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.*
You could run *chkdsk /r* by typing that into the *Run* box & clicking OK. It may or may not make a difference.

*Clean Up* 
*Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.*
*Remove ComboFix*
The following will implement some cleanup procedures as well as reset System Restore points:
Click *Start > Run* then copy/paste the following bolded text into the Run box and click OK:
*ComboFix /Uninstall*

Double-click *OTM* 
Click the *CleanUp!* button 
Select *Yes* when the *Begin cleanup Process?* prompt appears 
If you are prompted to Reboot during the cleanup, select *Yes* 
The tool will delete itself once it finishes, if not delete it yourself
You can delete the following from your desktop:
*DDS.scr
The Gmer.exe file (it will be randomly named .exe file)
Any logs that may have been saved to your desktop*
You can remove the Kaspersky & Eset Online Scanners. This can be done via *Add or Remove Programs*
You should also remove *HijackThis*. This can be done via *Add or Remove Programs*


----------



## bart2brett (Jun 29, 2005)

Thanks for all your help. It's been a pleasure.


----------



## jmw3 (Jul 23, 2007)

No problem at all... Glad I could help in some way. 

At this point I usually recommend a number of Security features to make your PC more secure, but I think in this instance it would only bog the machine down.

If you still have problems, it may be worth checking out a couple of the other forums here for some advice on some of the issues your having. Personally I'm leaning toward hardware issues, but then my thing is malware removal...

Any way Good Luck & Surf Safe


----------

