TechSpot

Email sending spam to contacts

By stroslose
Jan 31, 2011
  1. Thank you for taking the time to investigate. My hotmail email account is sending spam email to all of my contacts. I have changed the password. I was wondering if there still appears to be malware or some sort of virus on my computer. I have posted the requested logs from the 8 step process. AVG runs clean.

    Here are the logs:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5648

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    1/31/2011 11:58:34 AM
    mbam-log-2011-01-31 (11-58-34).txt

    Scan type: Quick scan
    Objects scanned: 167584
    Time elapsed: 3 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ====================================================
    GMER log found nothing

    ====================================================
    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Breitzig Family at 14:04:32.01 on Mon 01/31/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6058 [GMT -5:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Norton Security Suite\AddOns\Norton AddOn Pack\Engine\4.7.0.10\ccProxy.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
    C:\Windows\System32\alg.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Breitzig Family\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    uWindow Title = Windows Internet Explorer provided by Comcast
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.comcast.net/
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: TBSB05974: {fcbccb87-9224-4b8d-b117-f56d924beb18} - TBSB05974 Class
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} -
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: acaptuser32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    mRunOnce-x64: [PCDrProfiler] "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\BREITZ~1\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: C:\Users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    FF - component: C:\Users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll
    FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Breitzig Family\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Users\Breitzig Family\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
    FF - plugin: C:\Users\Breitzig Family\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\Breitzig Family\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
    FF - plugin: C:\Users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: LoudMo Contextual Ad Assistant: {e283c447-b10b-4344-e22d-37d65dc1a78d} - C:\Program Files (x86)\Mozilla Firefox\extensions\{e283c447-b10b-4344-e22d-37d65dc1a78d}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
    FF - Ext: Zotero WinWord Integration: zoteroWinWordIntegration@zotero.org - %profile%\extensions\zoteroWinWordIntegration@zotero.org
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Breitzig Family\AppData\Roaming\Move Networks

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: yahoo.homepage.dontask - true
    FF - user.js: google.toolbar.linkdoctor.enabled - false

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-1-20 69152]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2010-10-26 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2010-10-26 221232]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-19 953904]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2010-10-26 615040]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110128.003\IDSviA64.sys [2011-1-28 476792]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2010-10-26 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2010-10-26 451120]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/07 21:42:36];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-11-7 146928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-5 203264]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
    R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-5-12 192512]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 1402272]
    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-20 1153368]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-5 988216]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-5 399416]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-5-7 1403208]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-8 7767552]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-8 279040]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-7-8 132656]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17440]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
    S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-11-21 21480]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-25 25832]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-10 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
    S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-18 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================

    2011-01-31 16:31:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-01-30 13:30:13 -------- d-----w- C:\VundoFix Backups
    2011-01-30 03:24:08 -------- d-----w- C:\Users\BREITZ~1\AppData\Roaming\AVG
    2011-01-30 01:19:50 -------- d-----w- C:\Users\BREITZ~1\AppData\Roaming\AVG10
    2011-01-30 01:18:24 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2011-01-30 01:17:02 -------- d-----w- C:\Windows\System32\drivers\AVG
    2011-01-30 01:17:02 -------- d-----w- C:\PROGRA~3\AVG10
    2011-01-30 01:15:38 -------- d-----w- C:\Program Files (x86)\AVG
    2011-01-28 20:23:49 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{44B0AD94-59A0-420A-A6BE-0B613342E49D}\mpengine.dll
    2011-01-28 02:32:57 -------- d-----w- C:\Program Files\iTunes
    2011-01-28 02:32:57 -------- d-----w- C:\Program Files\iPod
    2011-01-28 02:32:57 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-01-20 21:20:53 15880 ----a-w- C:\Windows\System32\lsdelete.exe
    2011-01-20 20:56:33 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2011-01-20 20:56:30 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-01-20 20:49:23 -------- d-----w- C:\Users\BREITZ~1\AppData\Local\Sunbelt Software
    2011-01-20 20:39:23 -------- dc-h--w- C:\PROGRA~3\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-20 20:39:17 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2011-01-20 20:07:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-01-20 20:07:15 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2011-01-20 19:42:38 -------- d-----w- C:\Users\BREITZ~1\AppData\Roaming\QuickScan
    2011-01-19 22:00:49 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
    2011-01-19 19:43:05 -------- d-----w- C:\Users\BREITZ~1\AppData\Roaming\SanDisk
    2011-01-18 21:08:49 -------- d--h--w- C:\Windows\AxInstSV
    2011-01-17 21:05:39 -------- d-----w- C:\Users\BREITZ~1\AppData\Local\Amazon
    2011-01-13 16:26:52 -------- d-----w- C:\PROGRA~3\!SASCORE
    2011-01-11 00:49:35 -------- d-----w- C:\Users\BREITZ~1\AppData\Roaming\Registry Mechanic
    2011-01-08 13:34:04 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    2011-01-08 13:33:52 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2011-01-08 13:33:48 151776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2011-01-08 13:33:31 100352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    2011-01-08 13:18:42 -------- d-----w- C:\Users\BREITZ~1\AppData\Local\Secunia PSI
    2011-01-08 13:18:33 -------- d-----w- C:\Program Files (x86)\Secunia

    ==================== Find3M ====================

    2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-08 09:12:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2010-12-01 14:42:47 724992 ----a-w- C:\Windows\iun6002.exe
    2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-29 11:31:18 1579520 ----a-w- C:\Windows\System32\drivers\athrx.sys
    2010-11-12 23:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-11-12 18:19:38 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    ============= FINISH: 14:05:23.10 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/5/2009 10:14:44 PM
    System Uptime: 1/31/2011 1:40:45 PM (1 hours ago)

    Motherboard: PEGATRON CORPORATION | | VIOLET3
    Processor: AMD Phenom(tm) II X4 910 Processor | CPU 1 | 2600/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 918 GiB total, 506.659 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.66 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    L: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP282: 12/10/2010 6:39:02 AM - Windows Update
    RP283: 12/10/2010 7:38:10 PM - Windows Update
    RP284: 12/13/2010 10:10:32 PM - HPSF Restore Point
    RP285: 12/14/2010 6:45:50 AM - Windows Update
    RP286: 12/14/2010 8:14:17 AM - Installed QuickTime
    RP287: 12/15/2010 10:28:54 PM - Windows Update
    RP288: 12/17/2010 6:22:26 AM - Windows Update
    RP289: 12/19/2010 6:19:37 PM - HPSF Applying updates
    RP290: 12/19/2010 6:24:52 PM - Installed HP Support Assistant
    RP291: 12/19/2010 6:29:20 PM - Windows Modules Installer
    RP292: 12/19/2010 6:30:28 PM - Windows Modules Installer
    RP293: 12/20/2010 11:46:06 PM - Windows Update
    RP294: 12/21/2010 6:44:07 AM - Windows Update
    RP295: 12/23/2010 5:09:57 PM - Windows Update
    RP296: 12/25/2010 1:08:10 PM - Windows Update
    RP297: 12/26/2010 12:24:06 PM - Windows Backup
    RP298: 12/28/2010 6:30:18 AM - Windows Update
    RP299: 12/30/2010 6:57:07 AM - Windows Update
    RP300: 12/31/2010 6:44:10 AM - Windows Update
    RP301: 1/2/2011 7:02:54 PM - Windows Backup
    RP302: 1/3/2011 2:16:30 PM - Installed Java(TM) 6 Update 23
    RP303: 1/4/2011 7:31:39 AM - Windows Update
    RP304: 1/7/2011 7:28:26 AM - Windows Update
    RP305: 1/9/2011 7:00:29 PM - Windows Backup
    RP306: 1/11/2011 6:34:58 AM - Windows Update
    RP307: 1/12/2011 8:48:02 PM - Windows Update
    RP308: 1/14/2011 6:49:36 AM - Windows Update
    RP309: 1/18/2011 9:14:44 AM - Windows Update
    RP310: 1/18/2011 4:11:58 PM - Windows Update
    RP311: 1/21/2011 6:43:41 AM - Windows Update
    RP312: 1/27/2011 5:19:42 PM - Windows Update
    RP313: 1/28/2011 3:19:58 PM - Windows Update
    RP314: 1/29/2011 8:14:38 PM - Installed AVG 2011
    RP315: 1/29/2011 8:15:57 PM - Installed AVG 2011
    RP316: 1/30/2011 7:00:44 PM - Windows Backup

    ==== Installed Programs ======================


    µTorrent
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Ad-Aware
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe Acrobat 9.4.1 - CPSID_83708
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Creative Suite 4 Deployment Toolkit
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Reader X
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    Amazon Kindle For PC
    Amazon MP3 Downloader 1.0.10
    Apple Application Support
    Apple Software Update
    Ashampoo Burning Studio 9.12
    Baseball Mogul 2011
    Bejeweled 2 Deluxe
    Brother MFL-Pro Suite
    Camtasia Studio 6
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC 8
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities MyCamera
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    ChemLab
    Cisco Network Magic
    Comcast High-Speed Internet Install Wizard
    Company of Heroes Online Launcher (THQ)
    Compatibility Pack for the 2007 Office system
    Connect
    CyberLink DVD Suite Deluxe
    D3DX10
    DAZ|Studio 1.4.16.0
    Default Manager
    Desktop Doctor
    DirectX for Managed Code Update (Summer 2004)
    Dragon Age: Origins
    dvdSanta 4.50
    Enhanced Multimedia Keyboard Solution
    erLT
    ExtractNow
    Facebook Plug-In
    Family Tree Maker 2009
    FileHippo.com Update Checker
    Google Earth
    Google Update Helper
    GPL Ghostscript 8.63
    Graphical Analysis 3.2 Minimal
    HijackThis 2.0.2
    Hoyle Casino 2010 (remove only)
    Hoyle Puzzle & Board Games 2010 (remove only)
    HP Advisor
    HP Customer Experience Enhancements
    HP Easy Backup
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Odometer
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Remote Solution
    HP Support Assistant
    HP Support Information
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    HydraVision
    iSEEK AnswerWorks English Runtime
    IZArc 4.1.2
    Java Auto Updater
    Java(TM) 6 Update 23
    Junk Mail filter update
    Kings Bounty Armored Princess
    kuler
    LabelPrint
    LameACM
    LEGO Digital Designer
    LightScribe System Software
    Major League Baseball 2K9
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works
    Microsoft WSE 3.0
    Move Media Player
    MozBackup 1.4.9
    Mozilla Firefox (3.6.13)
    MP3+G Toolz
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Network Magic
    No Trace 2.15
    Norton AddOn Pack
    Norton Security Suite
    NVIDIA PhysX
    Oblivion
    Pando Media Booster
    PC Wizard 2010.1.96
    PCSX2 - Playstation 2 Emulator
    Photoshop Camera Raw
    PictureMover
    Power2Go
    PowerDirector
    PowerISO
    Pure Networks Platform
    Python 2.6.1
    QuickBooks Pro 2007
    Quicken WillMaker Plus 2009
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    RollerCoaster Tycoon 2
    RollerCoaster Tycoon 2: Time Twister
    RollerCoaster Tycoon 2: Wacky Worlds
    Rosetta Stone V3
    Runtime
    Secunia PSI (2.0.0.2001)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SolSuite 2009 v9.5
    SpeedFan (remove only)
    Spelling Dictionaries Support For Adobe Reader 9
    SPORE™
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    StarCraft II Beta
    Suite Shared Configuration CS4
    SupportSoft Assisted Service
    Timez Attack
    Total Video Converter 3.71 100812
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    TurboTax 2009
    TurboTax 2009 wflcbpm
    TurboTax 2009 wfliper
    TurboTax 2009 WinBizFedFormset
    TurboTax 2009 WinBizReleaseEngine
    TurboTax 2009 WinBizTaxSupport
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax Business 2009
    UltraISO Premium V9.36
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2483110)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual Studio 2008 x64 Redistributables
    Windows 7 Upgrade Advisor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinPatrol
    Works Upgrade
    World of Warcraft
    Yahoo! BrowserPlus 2.9.8

    ==== Event Viewer Messages From Past Week ========

    1/31/2011 7:08:01 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.
    1/31/2011 10:04:18 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    1/31/2011 1:55:36 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    1/31/2011 1:51:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS sptd
    1/31/2011 1:51:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
    1/31/2011 1:51:19 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/31/2011 1:40:46 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    1/31/2011 1:38:29 PM, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    1/30/2011 7:44:49 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 7:44:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/30/2011 7:44:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/30/2011 7:44:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/30/2011 7:44:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/30/2011 7:44:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/30/2011 7:44:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/30/2011 7:44:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AFS Avgldx64 Avgmfx64 Avgtdia BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr sptd SRTSP SRTSPX SymIM SymIRON SYMTDIv Tcpip tdx vwififlt Wanarpv6 WfpLwf
    1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 7:44:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 7:44:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 7:44:00 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 7:44:00 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 7:44:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/27/2011 9:32:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    1/27/2011 9:31:17 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/27/2011 9:31:01 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================


    Thank you!
    Scott
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome back, Scott! I see Broni did a good job of cleaning the system up a few months ago.

    About web-based email> in your case, Hotmail You can't have email filters in place like you can with a client-based email program such as Outlook Express. So you are at the mercy of whatever filters the ISP may-or may note have in place. I see a lot of complaints about Hotmail being hacked.

    What you need to understand is that someone else who has your email address in their contacts could be the culprit- a mass mailing Worm that sends the spam to everyone in their contacts! But we will check you system and make sure it's clean first.
    ===============================================
    I notice that you have multiple antivirus programs running. You should decide which you want to keep and remove the others for the following reasons:
    • Multiple antivirus programs and/or firewalls can cause conflicts that may leave the system more vulnerable.
    • Multiple antivirus and firewalls can also slow down the system.
    So the first thing you need to do is decide which to keep and remove the others:
    Tools to help> download only the removal for the programs you aren't going to keep: Please reboot the computer when finished.
    ========================================
    While I finish reviewing these logs, please run the following:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ====================================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I notice that you have both AdAware AdWatch and Spybot Tea Timer running. Both of these run in Real Time and there is much overlap in what they do. To avoid a conflict that could make the system more vulnerable, I suggest you disable one of them.

    I'd like you to run the following also:

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    Having a lot of program that do the same thing isn't as good as having layered security.
    ==============================================
    After I check for malware, I will be suggesting you remove some of the programs and apps from the Startup menu. This will not uninstall the programs. I see many processes that don't need to start on boot and run in the background.
     
  4. stroslose

    stroslose TS Rookie Topic Starter Posts: 42

    Thank you Bobbye! Which AV program is recommended? Norton or AVG. I get Norton free through Comcast and have the free version of AVG.
     
  5. stroslose

    stroslose TS Rookie Topic Starter Posts: 42

    Eset scan log:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=0f4bd93be59df9469d662c3a37ce13f9
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-01-31 10:36:16
    # local_time=2011-01-31 05:36:16 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1032 16777214 0 1 0 0 0 0
    # compatibility_mode=3589 16777213 80 82 4396004 59785182 0 0
    # compatibility_mode=5893 16776574 100 94 0 48050337 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=383463
    # found=0
    # cleaned=0
    # scan_time=6489
     
  6. stroslose

    stroslose TS Rookie Topic Starter Posts: 42

    ComboFix Log:

    ComboFix 11-01-31.01 - Breitzig Family 01/31/2011 18:03:17.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.5894 [GMT -5:00]
    Running from: c:\users\Breitzig Family\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\basis.xml
    c:\program files (x86)\Search Toolbar\bg.bmp
    c:\program files (x86)\Search Toolbar\bing_logo.png
    c:\program files (x86)\Search Toolbar\celebrity.png
    c:\program files (x86)\Search Toolbar\drop_images.png
    c:\program files (x86)\Search Toolbar\drop_maps.png
    c:\program files (x86)\Search Toolbar\drop_news.png
    c:\program files (x86)\Search Toolbar\drop_videos.png
    c:\program files (x86)\Search Toolbar\drop_web.png
    c:\program files (x86)\Search Toolbar\facebook.png
    c:\program files (x86)\Search Toolbar\favicon.png
    c:\program files (x86)\Search Toolbar\games.png
    c:\program files (x86)\Search Toolbar\hotmail.png
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\images.png
    c:\program files (x86)\Search Toolbar\include.xml
    c:\program files (x86)\Search Toolbar\info.txt
    c:\program files (x86)\Search Toolbar\lifestyle.png
    c:\program files (x86)\Search Toolbar\maps.png
    c:\program files (x86)\Search Toolbar\messenger.png
    c:\program files (x86)\Search Toolbar\msn.png
    c:\program files (x86)\Search Toolbar\news.png
    c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files (x86)\Search Toolbar\twitter.png
    c:\program files (x86)\Search Toolbar\uninstall.exe
    c:\program files (x86)\Search Toolbar\update.exe
    c:\program files (x86)\Search Toolbar\version.txt
    c:\program files (x86)\Search Toolbar\video.png
    c:\program files (x86)\Search Toolbar\videos.png
    c:\program files (x86)\Search Toolbar\weather.png
    c:\program files (x86)\Search Toolbar\web.png

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))
    .

    2011-01-31 23:09 . 2011-01-31 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-31 20:42 . 2011-01-31 20:42 -------- d-----w- c:\program files (x86)\ESET
    2011-01-31 16:31 . 2011-01-31 16:31 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-01-30 13:30 . 2011-01-30 13:30 -------- d-----w- C:\VundoFix Backups
    2011-01-30 03:24 . 2011-01-30 03:24 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\AVG
    2011-01-30 01:17 . 2011-01-31 20:32 -------- d-----w- c:\programdata\AVG10
    2011-01-30 01:15 . 2011-01-30 03:24 -------- d-----w- c:\program files (x86)\AVG
    2011-01-28 20:23 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44B0AD94-59A0-420A-A6BE-0B613342E49D}\mpengine.dll
    2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files\iTunes
    2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files (x86)\iTunes
    2011-01-28 02:32 . 2011-01-28 02:32 -------- d-----w- c:\program files\iPod
    2011-01-20 21:20 . 2011-01-20 20:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2011-01-20 20:56 . 2010-12-03 09:05 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-01-20 20:56 . 2011-01-20 20:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-01-20 20:49 . 2011-01-20 20:49 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Sunbelt Software
    2011-01-20 20:39 . 2011-01-20 20:39 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-20 20:39 . 2011-01-20 20:56 -------- d-----w- c:\programdata\Lavasoft
    2011-01-20 20:39 . 2011-01-20 20:39 -------- d-----w- c:\program files (x86)\Lavasoft
    2011-01-20 20:07 . 2011-01-31 20:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-01-20 20:07 . 2011-01-20 20:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-01-20 19:42 . 2011-01-31 13:08 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\QuickScan
    2011-01-19 22:00 . 2011-01-19 22:04 -------- d-----w- c:\program files (x86)\SpywareBlaster
    2011-01-19 19:43 . 2011-01-19 19:43 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\SanDisk
    2011-01-18 21:08 . 2011-01-18 21:09 -------- d--h--w- c:\windows\AxInstSV
    2011-01-17 21:05 . 2011-01-17 21:05 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Amazon
    2011-01-13 16:26 . 2011-01-13 16:26 -------- d-----w- c:\programdata\!SASCORE
    2011-01-11 00:49 . 2011-01-11 00:49 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Registry Mechanic
    2011-01-08 13:34 . 2011-01-08 13:34 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2011-01-08 13:33 . 2011-01-08 13:33 151776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2011-01-08 13:33 . 2011-01-08 13:33 100352 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\real
    2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Secunia PSI
    2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\program files (x86)\Secunia
    2011-01-08 00:23 . 2011-01-08 00:23 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Move Networks

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 23:09 . 2010-07-06 02:13 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2009-09-07 01:55 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-01 14:42 . 2010-03-21 21:02 724992 ----a-w- c:\windows\iun6002.exe
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2010-11-29 11:31 . 2010-11-29 11:31 1579520 ----a-w- c:\windows\system32\drivers\athrx.sys
    2010-11-12 23:53 . 2010-10-10 05:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-11-04 06:35 . 2010-12-15 23:56 1194496 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 06:31 . 2010-12-15 23:56 57856 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 05:52 . 2010-12-15 23:56 978944 ----a-w- c:\windows\SysWow64\wininet.dll
    2010-11-04 05:48 . 2010-12-15 23:56 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2010-11-04 05:16 . 2010-12-15 23:56 482816 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:41 . 2010-12-15 23:56 386048 ----a-w- c:\windows\SysWow64\html.iec
    2010-11-04 04:35 . 2010-12-15 23:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-04 04:08 . 2010-12-15 23:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
    "PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    "KBD"=c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    "HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    "WinPatrol"=c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "NoTrace"="c:\program files (x86)\No Trace\NoTrace2.exe" -mini
    "TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot

    R0 AFS;AFS; [x]
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-21 828912]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
    R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-01-20 1402272]
    R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 69152]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [2009-10-15 433200]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [2010-04-22 221232]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2010-11-23 953904]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [2010-02-26 615040]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110128.003\IDSvia64.sys [2010-11-09 476792]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [2010-04-29 150064]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [2010-05-06 451120]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/07 21:42];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 19:50 146928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-05 988216]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-05 399416]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-05-07 1403208]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-11 132656]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - Lavasoft Kernexplorer
    *Deregistered* - SYMFW
    *Deregistered* - SYMNDISV
    *Deregistered* - SYMTDI
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

    2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

    2011-01-28 c:\windows\Tasks\HPCeeScheduleForBreitzig Family.job
    - c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-12 01:17]

    2011-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.comcast.net/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
    FF - ProfilePath - c:\users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: LoudMo Contextual Ad Assistant: {e283c447-b10b-4344-e22d-37d65dc1a78d} - c:\program files (x86)\Mozilla Firefox\extensions\{e283c447-b10b-4344-e22d-37d65dc1a78d}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
    FF - Ext: Zotero WinWord Integration: zoteroWinWordIntegration@zotero.org - %profile%\extensions\zoteroWinWordIntegration@zotero.org
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Breitzig Family\AppData\Roaming\Move Networks
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-31 18:12:07
    ComboFix-quarantined-files.txt 2011-01-31 23:12

    Pre-Run: 543,273,193,472 bytes free
    Post-Run: 544,011,923,456 bytes free

    - - End Of File - - A749118318B20B23D380ADD9637311C1
     
  7. stroslose

    stroslose TS Rookie Topic Starter Posts: 42

    Results of screen317's Security Check version 0.99.8
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Kings Bounty Armored Princess
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    MVPS Hosts File
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    Java(TM) 6 Update 23
    Adobe Flash Player 10.1.102.64
    Adobe Reader X
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    WinPatrol winpatrol.exe is disabled!
    Spybot Teatimer.exe is disabled!
    ``````````End of Log````````````
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    There are other options and I would recommend either of them instead> all of the follow are Free:

    [*]Have layered Security:
    • Antivirus Software(only one):Both of the following programs are free and known to be good:
      [o]Avira Free
      [o]Avast Home
    • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    • Antispyware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.

    I see all these running
    1. Secunia>> leave
      [*]Registry Mechanic> uninstall. Most of us don't recommend using a Registry Cleaner
      [*]TuneU Utilities> use with care. Don't renew as you can do most yourself
      [*]AVG 2010>> uninstall>> replace with either Avira or Avast
      [*]Norton Security> uninstall when subscription is up
      [*]Windows Defender> Okay to leave
      [*]Spybot and TT> Keep Spybot, don't run TeaTimer.
      [*]AdAware and AW> keep till expired, then uninstall. Don't run AdWatch
      [*]Desktop Doctor> from PCTools>> by Comcast. Troubleshoots connection problems. Useless to run unless you have frequent connection problems
      [*]Norton AddOn Pack>> Anti-spam - Parental Control - Ad Blocker | Norton Online Family>> things you can set yourself or use free in your browser.

      Windows Firewall Enabled! > stop if you're going to run another software firewall.
    2. µTorrent>> File sharing>> straight road to malware
      [*]Acrobat.com>> useless
      [*]Adobe Service Manager Extension>> It is used to install and manage extensions associated with various Adobe programs. Most likely a totally useless process.
      [*]Adobe Setup>> should have been removed when program was installed.
      [*]HijackThis 2.0.2> Outdated> uninstall. I'll have you run later, with link for new version.

    I see 3 separate installs for these:
    1. Cisco Network Magic
    2. Pure Networks Platform
    3. Network Magic

    Network Magic originally came from Put Networks. Cisco bought NM out so I think you have some duplication with as three of these installed:
    NOTE: there will be either 3 or 4 processes on startup for this that need to start on boot.

    Mbam is clean, GMER is clean, Eset scan is clean
    ======================================
    Handle the above and then I'll go over the Combofix log with script
     
  9. stroslose

    stroslose TS Rookie Topic Starter Posts: 42

    Thank you Bobbye,

    # Secunia>> leave
    # Registry Mechanic> could not find, only found a txt log file.
    # TuneU Utilities> won't renew
    # AVG 2010>> uninstalled and replaced with Avira
    # Norton Security> uninstalled
    # Windows Defender> Okay to leave
    # Spybot and TT> Turned off TT
    # AdAware and AW> uninstalled
    # Desktop Doctor> from PCTools>> uninstalled with Norton
    # Norton AddOn Pack>> uninstalled
    Windows Firewall Enabled! > stopped - installed Zone Alarm
    # µTorrent>> File sharing>> uninstalled
    # Acrobat.com>> uninstalled
    # Adobe Service Manager Extension>> No longer running under processes.
    # HijackThis 2.0.2> Outdated> uninstalled
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Very good! If everyone followed my suggestions as well as you, I might find myself out of my volunteer job! You might like to know that I have or had some of the programs I suggested you remove or modify. I gave you the suggestions I, myself, followed.
    ========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\iun6002.exe
    c:\program files\PeerBlock\pbfilter.sys
    
    Folder::
    C:\VundoFix Backups
    c:\users\Breitzig Family\AppData\Roaming\AVG
    c:\programdata\AVG10
    c:\program files (x86)\AVG
    c:\users\Breitzig Family\AppData\Roaming\Registry Mechanic
    DDS::
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "ddoctorv2"=-"
    
    Driver::
    AFS
    pbfilter
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    =====================================
    Finding the following is a matter of concern:
    c:\windows\iun6002.exe>> iun6002.exe is a Spyware.DsktopSurveil.Spyware.DsktopSurveil must be manually installed. Spyware.DsktopSurveil logs keystrokes, program use, and captures screenshots. It can run in hidden mode.
    iun6002.exe monitors user Internet activity and private information. It sends stolen data to a hacker site.>>>>>>

    You or someone else would have purposely installed this program. Were you aware of it? Did you install it? Did anyone else have access to the computer? It is possible that your email password might have been found through this source.
    ======================================
    Remove outdated Java plugin files from the Firefox plugins folder:
    Note: It is recommended that you do not copy Java plugins from other locations to the Firefox plugins folder. Outdated Java plugins can cause Java not to work if you update Java and then uninstall the older Java version, if plugins from the old Java version are still in the Firefox plugins folder.
    1. Open Firefox> Tools> Add-ons. The Add-ons window will open.
    2. In the Add-ons window> select the Plugins panel, to display a list of installed plugins.
    3. Select each Java plugin listed to make sure that all are enabled.
    4. Check if the Java plugins are correctly detected. All Java plugins listed in the Add-ons window should match the version number of the currently installed JRE. There should be no plugins for earlier versions of Java.
    5. Java plugin files that do not match your current version means that the Firefox plugins folder contains outdated Java plugin files which should be removed. This folder is typically in the following location: Use Windows Explorer to access> My Computer> Local Drive> Programs>>>
    C:\Program Files\Mozilla Firefox\plugins
    Java files from older versions in the Firefox plugins folder can prevent Java from running.
    While you are in this section, I recommend you remove th following extensions also:
    FF - Ext: Dr.Web anti-virus link checker:
    FF - Ext: BitDefender QuickScan
    FF - Ext: Norton IPS
    FF - Ext: Norton Toolbar

    ===============================
    Please go on to next reply when finished.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    After running the Combofix script, go on to this:

    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    When we have finished, I will direct you to finding and deleting the program folders for any programs or apps you uninstalled.
     
  12. stroslose

    stroslose TS Rookie Topic Starter Posts: 42

    Thanks Bobbye I appreciate your advice. I try to keep this computer as clean as possible, but I have a teen and a wife that click links before they read. Here is the

    I have removed outdated Java plug-ins, and suggested FF extensions.

    I am not sure how iun6002 was installed. Glad you found it though.

    =================================================================

    ComboFix log:

    ComboFix 11-01-31.02 - Breitzig Family 02/01/2011 13:52:20.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6726 [GMT -5:00]
    Running from: c:\users\Breitzig Family\Desktop\ComboFix.exe
    Command switches used :: c:\users\Breitzig Family\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FILE ::
    "c:\program files\PeerBlock\pbfilter.sys"
    "c:\windows\iun6002.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files (x86)\AVG
    c:\programdata\AVG10
    c:\users\Breitzig Family\AppData\Roaming\AVG
    c:\users\Breitzig Family\AppData\Roaming\Registry Mechanic
    c:\users\Breitzig Family\AppData\Roaming\Registry Mechanic\SystemReport.txt
    C:\VundoFix Backups
    c:\windows\iun6002.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_PBFILTER
    -------\Service_AFS
    -------\Service_pbfilter


    ((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
    .

    2011-02-01 18:58 . 2011-02-01 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-01 14:02 . 2011-02-01 14:02 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\CheckPoint
    2011-02-01 14:01 . 2011-02-01 14:01 -------- d-----w- c:\program files (x86)\Conduit
    2011-02-01 14:01 . 2011-02-01 14:01 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
    2011-02-01 14:01 . 2011-02-01 14:01 -------- d-----w- c:\program files\CheckPoint
    2011-02-01 13:59 . 2011-02-01 13:59 -------- d-----w- c:\programdata\CheckPoint
    2011-02-01 13:59 . 2011-02-01 19:00 -------- d-----w- c:\windows\Internet Logs
    2011-02-01 13:58 . 2011-02-01 13:58 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Avira
    2011-02-01 13:54 . 2010-12-13 13:40 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-01 13:54 . 2010-12-13 13:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-02-01 13:54 . 2011-02-01 13:54 -------- d-----w- c:\programdata\Avira
    2011-02-01 13:54 . 2011-02-01 13:54 -------- d-----w- c:\program files (x86)\Avira
    2011-01-31 16:31 . 2011-01-31 16:31 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-01-30 01:19 . 2011-01-30 01:19 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\AVG10
    2011-01-28 20:23 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44B0AD94-59A0-420A-A6BE-0B613342E49D}\mpengine.dll
    2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files\iTunes
    2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files (x86)\iTunes
    2011-01-28 02:32 . 2011-01-28 02:32 -------- d-----w- c:\program files\iPod
    2011-01-20 20:56 . 2011-01-20 20:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-01-20 20:49 . 2011-01-20 20:49 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Sunbelt Software
    2011-01-20 20:39 . 2011-02-01 13:00 -------- d-----w- c:\programdata\Lavasoft
    2011-01-20 20:07 . 2011-01-31 20:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-01-20 20:07 . 2011-01-20 20:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-01-20 19:42 . 2011-01-31 13:08 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\QuickScan
    2011-01-19 22:00 . 2011-02-01 13:03 -------- d-----w- c:\program files (x86)\SpywareBlaster
    2011-01-19 19:43 . 2011-01-19 19:43 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\SanDisk
    2011-01-18 21:08 . 2011-01-18 21:09 -------- d--h--w- c:\windows\AxInstSV
    2011-01-17 21:05 . 2011-01-17 21:05 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Amazon
    2011-01-13 16:26 . 2011-01-13 16:26 -------- d-----w- c:\programdata\!SASCORE
    2011-01-08 13:34 . 2011-01-08 13:34 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2011-01-08 13:33 . 2011-01-08 13:33 151776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2011-01-08 13:33 . 2011-01-08 13:33 100352 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\real
    2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Secunia PSI
    2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\program files (x86)\Secunia
    2011-01-08 00:23 . 2011-01-08 00:23 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Move Networks

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 23:09 . 2010-07-06 02:13 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2009-09-07 01:55 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2010-11-29 11:31 . 2010-11-29 11:31 1579520 ----a-w- c:\windows\system32\drivers\athrx.sys
    2010-11-12 23:53 . 2010-10-10 05:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-11-04 06:35 . 2010-12-15 23:56 1194496 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 06:31 . 2010-12-15 23:56 57856 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 05:52 . 2010-12-15 23:56 978944 ----a-w- c:\windows\SysWow64\wininet.dll
    2010-11-04 05:48 . 2010-12-15 23:56 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2010-11-04 05:16 . 2010-12-15 23:56 482816 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:41 . 2010-12-15 23:56 386048 ----a-w- c:\windows\SysWow64\html.iec
    2010-11-04 04:35 . 2010-12-15 23:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-04 04:08 . 2010-12-15 23:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .

    ((((((((((((((((((((((((((((( SnapShot@2011-01-31_23.10.10 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-02-01 14:01 . 2010-11-16 22:45 99328 c:\windows\SysWOW64\ZoneLabs\zlquarantine.dll
    + 2011-02-01 14:01 . 2010-11-16 22:46 70656 c:\windows\SysWOW64\ZoneLabs\zatray.exe
    + 2011-02-01 14:00 . 2010-11-16 22:46 21504 c:\windows\SysWOW64\ZoneLabs\lib\zsys.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 14336 c:\windows\SysWOW64\ZoneLabs\lib\zmenu.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 48640 c:\windows\SysWOW64\ZoneLabs\lib\zfde.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 85504 c:\windows\SysWOW64\ZoneLabs\lib\ZAlert.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 37376 c:\windows\SysWOW64\ZoneLabs\lib\UpdateUI.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 12800 c:\windows\SysWOW64\ZoneLabs\lib\oem_1488.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 12800 c:\windows\SysWOW64\ZoneLabs\lib\oem_1487.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 12800 c:\windows\SysWOW64\ZoneLabs\lib\oem_1486.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 20992 c:\windows\SysWOW64\ZoneLabs\lib\oem_1466.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 12800 c:\windows\SysWOW64\ZoneLabs\lib\oem_1460.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 10240 c:\windows\SysWOW64\ZoneLabs\lib\oem_1454.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 11264 c:\windows\SysWOW64\ZoneLabs\lib\oem_1445.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 14336 c:\windows\SysWOW64\ZoneLabs\lib\oem_1440.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 12288 c:\windows\SysWOW64\ZoneLabs\lib\oem_1413.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 11264 c:\windows\SysWOW64\ZoneLabs\lib\oem_1010.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 29184 c:\windows\SysWOW64\ZoneLabs\lib\NavBar.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 13312 c:\windows\SysWOW64\ZoneLabs\lib\MainLoop.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 35840 c:\windows\SysWOW64\ZoneLabs\lib\Alert.zip.dll
    + 2011-02-01 14:01 . 2010-11-16 22:45 38912 c:\windows\SysWOW64\ZoneLabs\featuremap.dll
    + 2011-02-01 14:01 . 2010-11-16 22:45 75776 c:\windows\SysWOW64\ZoneLabs\camupd.dll
    + 2011-02-01 14:00 . 2010-11-16 22:45 69120 c:\windows\SysWOW64\zlcomm.dll
    + 2011-02-01 14:00 . 2010-11-16 22:45 43008 c:\windows\SysWOW64\vswmi.dll
    + 2011-02-01 14:01 . 2010-11-16 22:45 58368 c:\windows\SysWOW64\vsregexp.dll
    - 2011-01-20 20:45 . 2011-01-31 20:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2011-01-20 20:45 . 2011-02-01 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 04:54 . 2011-01-31 20:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-02-01 18:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-01-31 20:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-01 18:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-01-31 20:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-01 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-11-06 14:08 . 2011-02-01 14:07 74310 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-02-01 19:01 43432 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-11-06 03:46 . 2011-02-01 19:01 17114 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-465570233-4148414345-125681747-1000_UserData.bin
    - 2009-07-14 05:30 . 2011-01-28 02:31 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2011-02-01 14:00 86016 c:\windows\system32\DriverStore\infpub.dat
    - 2009-11-06 01:07 . 2011-01-31 02:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-11-06 01:07 . 2011-02-01 14:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-01 14:05 . 2011-02-01 14:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-01-31 02:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-01 14:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-11-06 03:51 . 2011-02-01 19:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-06 03:51 . 2011-01-31 20:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2011-02-01 14:16 80560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-11-06 03:51 . 2011-02-01 19:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-11-06 03:51 . 2011-01-31 20:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-11-06 03:51 . 2011-01-31 20:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-11-06 03:51 . 2011-02-01 19:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-11-06 03:51 . 2011-02-01 19:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-06 03:51 . 2011-01-31 20:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-11-06 03:51 . 2011-02-01 19:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-11-06 03:51 . 2011-01-31 20:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-01-31 20:34 . 2011-01-31 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-02-01 18:59 . 2011-02-01 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-01-31 20:34 . 2011-01-31 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-02-01 18:59 . 2011-02-01 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-02-01 14:01 . 2010-11-16 22:45 141824 c:\windows\SysWOW64\ZoneLabs\zlupdate.dll
    + 2011-02-01 14:01 . 2010-11-16 22:45 173056 c:\windows\SysWOW64\ZoneLabs\vsvault.dll
    + 2011-02-01 13:59 . 2010-11-16 22:45 211456 c:\windows\SysWOW64\ZoneLabs\vsdb.dll
    + 2011-02-01 14:01 . 2007-10-11 21:51 832984 c:\windows\SysWOW64\ZoneLabs\updating.dll
    + 2011-02-01 14:00 . 2010-11-16 22:45 434688 c:\windows\SysWOW64\ZoneLabs\ssleay32.dll
    + 2011-02-01 14:01 . 2010-11-16 22:45 135680 c:\windows\SysWOW64\ZoneLabs\scheduler.dll
    + 2011-02-01 14:01 . 2009-07-14 04:58 722392 c:\windows\SysWOW64\ZoneLabs\qrbase.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 126976 c:\windows\SysWOW64\ZoneLabs\lib\zui.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 280064 c:\windows\SysWOW64\ZoneLabs\lib\TrayTest.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 225792 c:\windows\SysWOW64\ZoneLabs\lib\Overview.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 368640 c:\windows\SysWOW64\ZoneLabs\lib\LicenseUI.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 184832 c:\windows\SysWOW64\ZoneLabs\lib\DashBoard.zip.dll
    + 2011-02-01 14:00 . 2010-11-16 22:46 375296 c:\windows\SysWOW64\ZoneLabs\lib\ConfigWizard.zip.dll
    + 2011-02-01 13:59 . 2010-02-08 13:41 595432 c:\windows\SysWOW64\ZoneLabs\icslta.dll
    + 2011-02-01 14:02 . 2010-11-08 23:58 284136 c:\windows\SysWOW64\ZoneLabs\ffapi.dll
    + 2011-02-01 14:01 . 2010-11-16 22:45 169984 c:\windows\SysWOW64\ZoneLabs\fbl.dll
    + 2011-02-01 14:01 . 2008-03-17 21:52 813568 c:\windows\SysWOW64\ZoneLabs\dbghelp.dll
    + 2011-02-01 14:00 . 2010-11-16 22:45 104448 c:\windows\SysWOW64\zlcommdb.dll
    + 2011-02-01 14:00 . 2010-11-16 22:45 110080 c:\windows\SysWOW64\vsxml.dll
    + 2011-02-01 13:59 . 2010-11-16 22:45 715264 c:\windows\SysWOW64\vsutil.dll
    + 2011-02-01 14:00 . 2010-11-16 22:45 302592 c:\windows\SysWOW64\vspubapi.dll
    + 2011-02-01 14:00 . 2010-11-16 22:45 108032 c:\windows\SysWOW64\vsmonapi.dll
    + 2011-02-01 13:59 . 2010-11-16 22:45 228864 c:\windows\SysWOW64\vsinit.dll
    + 2011-02-01 14:00 . 2010-11-16 22:45 112128 c:\windows\SysWOW64\vsdata.dll
    + 2010-10-09 01:53 . 2011-02-01 18:23 357912 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    - 2009-07-14 05:30 . 2011-01-28 02:31 239616 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2011-02-01 14:00 239616 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2011-01-28 02:31 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2009-07-14 05:30 . 2011-02-01 14:00 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2011-02-01 14:00 . 2010-05-15 21:30 458840 c:\windows\system32\DriverStore\FileRepository\vsdatant.inf_amd64_neutral_f782e0172cdac971\vsdatant.sys
    + 2011-02-01 14:00 . 2010-05-15 21:30 458840 c:\windows\system32\drivers\vsdatant.sys
    + 2011-02-01 14:00 . 2010-04-09 11:06 374664 c:\windows\system32\drivers\netio.sys
    + 2009-07-14 05:01 . 2011-02-01 18:58 416696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-01-31 20:32 416696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-02-01 14:00 . 2010-11-16 22:45 1238528 c:\windows\SysWOW64\zpeng25.dll
    + 2011-02-01 14:00 . 2010-11-16 22:45 1790464 c:\windows\SysWOW64\ZoneLabs\vsruledb.dll
    + 2011-02-01 14:00 . 2010-11-16 22:47 2435592 c:\windows\SysWOW64\ZoneLabs\vsmon.exe
    + 2011-02-01 14:00 . 2010-11-16 22:46 1536512 c:\windows\SysWOW64\ZoneLabs\lib\zpy.zip.dll
    + 2009-07-14 04:45 . 2011-02-01 14:08 3838317 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2011-01-20 21:04 3838317 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 02:34 . 2011-01-31 20:51 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2011-02-01 18:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    2010-12-01 16:27 2735200 ----a-w- c:\program files (x86)\ZoneAlarm_Security\tbZone.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
    "ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
    "PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    "KBD"=c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    "HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    "WinPatrol"=c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "NoTrace"="c:\program files (x86)\No Trace\NoTrace2.exe" -mini
    "TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot

    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-21 828912]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
    R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/07 21:42];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 19:50 146928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
    S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 33528]
    S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 822264]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-05 988216]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-05 399416]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-05-07 1403208]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - EraserUtilRebootDrv
    *Deregistered* - IDSVia64
    *Deregistered* - SRTSPX
    *Deregistered* - SymEFA
    *Deregistered* - SymEvent
    *Deregistered* - SYMFW
    *Deregistered* - SYMNDISV
    *Deregistered* - SYMTDI
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

    2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

    2011-01-28 c:\windows\Tasks\HPCeeScheduleForBreitzig Family.job
    - c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-12 01:17]

    2011-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF20678.cfxxe" [X]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 1123320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = %SystemRoot%\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.comcast.net/
    mLocal Page = %SystemRoot%\system32\blank.htm
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
    FF - ProfilePath - c:\users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: LoudMo Contextual Ad Assistant: {e283c447-b10b-4344-e22d-37d65dc1a78d} - c:\program files (x86)\Mozilla Firefox\extensions\{e283c447-b10b-4344-e22d-37d65dc1a78d}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Breitzig Family\AppData\Roaming\Move Networks
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
    AddRemove-No_Trace_2.15 - c:\windows\iun6002.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-01 14:06:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-01 19:06
    ComboFix2.txt 2011-01-31 23:12

    Pre-Run: 536,993,132,544 bytes free
    Post-Run: 536,695,160,832 bytes free

    - - End Of File - - E17D1B3A238D8E45C340C227DE536ECA

    ===============================================================

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:39:33 PM, on 2/1/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\HijackThis\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} (WZIFLauncher Class) - http://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12916 bytes


    Thank you Bobbye!
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry for delay- internet was down from Tuesday night until this morning. Trying to catch up.

    Question: Are you using the Anti-Rootkit Engine from Sunbelt Software? Looks like there may be entry for that. Some users use4 Sunbelt to run Threatfire not realizing it's an AV program.

    Give me a few minutes to finish reviewing logs and I'll try to finish you up.
     
  14. stroslose

    stroslose TS Rookie Topic Starter Posts: 42

    No problem Bobbye, take your time. I appreciate your help.

    Not running Anti-Rootkit Engine from Sunbelt Software to my knowledge.
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, thanks. I'll add those entries in the script:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
    File::
    c:\users\Breitzig Family\AppData\Roaming\AVG10
    c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
    c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    c:\program files\PeerBlock\pbfilter.sys
    c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS
    c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS
    c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx64.sys
    c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys
    c:\windows\system32\drivers\SBREDrv.sys
    Folder::
    c:\users\Breitzig Family\AppData\Local\Sunbelt Software
    Extra::
    File::
    c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    Firefox::
    Firefox-: - Profile- c:\users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\ 
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"=-
    Driver::
    pbfilter
    Norton Security Suite
    DAUpdaterSvc
    pbfilte
    SymDS
    SymEFA
    BHDrvx64
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Uncheck all CyberLink related entries on Startup! There are 8 processes loading from the Registry!
    ================================================
    Please reopen Hijackthis to 'do system scan only.' Check each of the following, if present:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (file missing)
    O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
    O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)


    Close all Windows except HijackThis and click on "Fix Checked."

    Note about HJT: I can't go through all the Services you have running because HJT doesn't scan Services well on 64bit OS. . But you might want to review Black Viper's suggestion for Startup type for Services and their Dependencies.

    NOTE: For any program that you have uninstalled (not stopped, but uninstalled/removed from the system) use Windows Explorer to find and remove the program folder for each:
    Windows Key + E: Computer> Local Drive> Programs> do a right click> Delete on any program folder remaining for a program you have uninstalled.

    .
     
  16. stroslose

    stroslose TS Rookie Topic Starter Posts: 42

    Thanks Bobbye,

    When I use msconfig, I could not find a reference to Cyberlink running on startup. The only process I found related to Cyberlink was Lightscribe so I stopped that process from running since I do not use it.

    I ran Cyberlink and unchecked all automatic processes from the program itself. So it should not run unless I actually use the program.


    Here is the new ComboFix log,
    ComboFix log:

    ComboFix 11-01-31.02 - Breitzig Family 02/04/2011 9:11.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6260 [GMT -5:00]
    Running from: c:\users\Breitzig Family\Desktop\ComboFix.exe
    Command switches used :: c:\users\Breitzig Family\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FILE ::
    "c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe"
    "c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}"
    "c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}"
    "c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}"
    "c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe"
    "c:\program files\PeerBlock\pbfilter.sys"
    "c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx64.sys"
    "c:\users\Breitzig Family\AppData\Roaming\AVG10"
    "c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys"
    "c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS"
    "c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS"
    "c:\windows\system32\drivers\SBREDrv.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    c:\users\Breitzig Family\AppData\Local\Sunbelt Software

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BHDRVX64
    -------\Legacy_SYMDS
    -------\Legacy_SYMEFA
    -------\Service_DAUpdaterSvc


    ((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
    .

    2011-02-04 14:18 . 2011-02-04 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-04 12:03 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5832D13-5CAE-481E-BCAC-EAA9B22B5C6D}\mpengine.dll
    2011-02-03 20:33 . 2011-02-03 20:33 -------- d-----w- c:\program files\COMODO
    2011-02-03 20:31 . 2011-02-03 21:05 -------- d-----w- c:\programdata\Comodo
    2011-02-03 20:30 . 2011-02-03 20:30 -------- d-----w- c:\programdata\ZA_PreservedFiles
    2011-02-01 19:38 . 2011-02-01 19:38 -------- d-----w- C:\HijackThis
    2011-02-01 14:02 . 2011-02-01 14:02 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\CheckPoint
    2011-02-01 14:01 . 2011-02-01 14:01 -------- d-----w- c:\program files (x86)\Conduit
    2011-02-01 14:01 . 2011-02-01 14:01 -------- d-----w- c:\program files\CheckPoint
    2011-02-01 14:00 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-02-01 14:00 . 2010-05-15 21:30 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
    2011-02-01 13:59 . 2011-02-01 13:59 -------- d-----w- c:\programdata\CheckPoint
    2011-02-01 13:58 . 2011-02-01 13:58 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Avira
    2011-02-01 13:54 . 2010-12-13 13:40 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-01 13:54 . 2010-12-13 13:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-02-01 13:54 . 2011-02-01 13:54 -------- d-----w- c:\programdata\Avira
    2011-02-01 13:54 . 2011-02-01 13:54 -------- d-----w- c:\program files (x86)\Avira
    2011-01-31 16:31 . 2011-01-31 16:31 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-01-30 01:19 . 2011-01-30 01:19 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\AVG10
    2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files\iTunes
    2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files (x86)\iTunes
    2011-01-28 02:32 . 2011-01-28 02:32 -------- d-----w- c:\program files\iPod
    2011-01-20 20:56 . 2011-01-20 20:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-01-20 20:39 . 2011-02-01 13:00 -------- d-----w- c:\programdata\Lavasoft
    2011-01-20 20:07 . 2011-01-31 20:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-01-20 20:07 . 2011-01-20 20:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-01-20 19:42 . 2011-01-31 13:08 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\QuickScan
    2011-01-19 22:00 . 2011-02-03 18:35 -------- d-----w- c:\program files (x86)\SpywareBlaster
    2011-01-19 19:43 . 2011-01-19 19:43 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\SanDisk
    2011-01-18 21:08 . 2011-01-18 21:09 -------- d--h--w- c:\windows\AxInstSV
    2011-01-17 21:05 . 2011-01-17 21:05 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Amazon
    2011-01-13 16:26 . 2011-01-13 16:26 -------- d-----w- c:\programdata\!SASCORE
    2011-01-08 13:34 . 2011-01-08 13:34 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2011-01-08 13:33 . 2011-01-08 13:33 151776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2011-01-08 13:33 . 2011-01-08 13:33 100352 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\real
    2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Secunia PSI
    2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\program files (x86)\Secunia
    2011-01-08 00:23 . 2011-01-08 00:23 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Move Networks
    2011-01-06 22:37 . 2011-01-06 22:37 89840 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-01-06 22:37 . 2011-01-06 22:37 39888 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-01-06 22:36 . 2011-01-06 22:36 250008 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-01-06 22:36 . 2011-01-06 22:36 14184 ----a-w- c:\windows\system32\drivers\cmderd.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-29 06:42 . 2010-12-29 06:42 285480 ----a-w- c:\windows\SysWow64\guard32.dll
    2010-12-29 06:42 . 2010-12-29 06:42 362784 ----a-w- c:\windows\system32\guard64.dll
    2010-12-20 23:09 . 2010-07-06 02:13 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2009-09-07 01:55 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2010-11-29 11:31 . 2010-11-29 11:31 1579520 ----a-w- c:\windows\system32\drivers\athrx.sys
    2010-11-12 23:53 . 2010-10-10 05:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    .

    ((((((((((((((((((((((((((((( SnapShot_2011-02-01_19.00.27 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-20 20:45 . 2011-02-04 14:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2011-01-20 20:45 . 2011-02-01 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2011-02-04 14:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-02-01 18:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-02-01 18:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-04 14:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-02-01 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-04 14:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-11-06 14:08 . 2011-02-04 11:39 75852 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-02-04 14:22 44038 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-11-06 03:46 . 2011-02-04 14:22 17314 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-465570233-4148414345-125681747-1000_UserData.bin
    - 2009-07-14 05:30 . 2011-02-01 14:00 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2011-02-03 20:34 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2011-01-06 22:37 . 2011-01-06 22:37 89840 c:\windows\system32\DriverStore\FileRepository\inspect.inf_amd64_neutral_5379ce3149166da4\inspect.sys
    - 2009-11-06 01:07 . 2011-02-01 14:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-11-06 01:07 . 2011-02-04 14:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-01 14:05 . 2011-02-01 14:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-02-01 14:05 . 2011-02-04 14:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-02-01 14:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-04 14:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-11-06 03:51 . 2011-02-01 19:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-11-06 03:51 . 2011-02-04 14:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-06 03:51 . 2011-02-01 19:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-11-06 03:51 . 2011-02-04 14:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-11-06 03:51 . 2011-02-04 14:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-11-06 03:51 . 2011-02-01 19:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-11-06 03:51 . 2011-02-04 14:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-06 03:51 . 2011-02-01 19:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-11-06 03:51 . 2011-02-04 14:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-11-06 03:51 . 2011-02-01 19:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-02-01 18:59 . 2011-02-01 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-02-04 14:19 . 2011-02-04 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-02-04 14:19 . 2011-02-04 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-02-01 18:59 . 2011-02-01 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-10-09 01:53 . 2011-02-03 22:28 360248 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    - 2009-07-14 05:30 . 2011-02-01 14:00 239616 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2011-02-03 20:34 239616 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2011-02-03 20:34 143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30 . 2011-02-01 14:00 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2009-07-14 05:12 . 2011-02-04 14:19 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:12 . 2011-01-31 02:49 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:01 . 2011-02-01 18:58 416696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-02-04 14:18 416696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:34 . 2011-02-04 12:49 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2009-07-14 02:34 . 2011-02-01 18:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2011-02-03 20:31 . 2011-02-03 20:31 29910016 c:\windows\Installer\1f04881.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    "KBD"=c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    "HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    "WinPatrol"=c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "NoTrace"="c:\program files (x86)\No Trace\NoTrace2.exe" -mini
    "TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot

    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-21 828912]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
    R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-06 250008]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-06 39888]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/07 21:42];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 19:50 146928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
    S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-05 988216]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-05 399416]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-05-07 1403208]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - EraserUtilRebootDrv
    *Deregistered* - IDSVia64
    *Deregistered* - SRTSPX
    *Deregistered* - SymEvent
    *Deregistered* - SYMFW
    *Deregistered* - SYMNDISV
    *Deregistered* - SYMTDI
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

    2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

    2011-01-28 c:\windows\Tasks\HPCeeScheduleForBreitzig Family.job
    - c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-12 01:17]

    2011-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF24353.cfxxe" [X]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 8866120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\guard64.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = %SystemRoot%\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.comcast.net/
    mLocal Page = %SystemRoot%\system32\blank.htm
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: {BD5D0805-E5E7-4CE5-8B7C-615DC494A13B} = 156.154.70.22,156.154.71.22
    TCP: {EDC2B924-E5D6-47D0-A104-4FD93E326D22} = 156.154.70.22,156.154.71.22
    DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
    FF - ProfilePath - c:\users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: LoudMo Contextual Ad Assistant: {e283c447-b10b-4344-e22d-37d65dc1a78d} - c:\program files (x86)\Mozilla Firefox\extensions\{e283c447-b10b-4344-e22d-37d65dc1a78d}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Breitzig Family\AppData\Roaming\Move Networks
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-04 09:27:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-04 14:27
    ComboFix2.txt 2011-02-01 19:06
    ComboFix3.txt 2011-01-31 23:12

    Pre-Run: 526,031,839,232 bytes free
    Post-Run: 525,971,824,640 bytes free

    - - End Of File - - 664371F22AC4E02F90E3E619CCC703E8
     
  17. stroslose

    stroslose TS Rookie Topic Starter Posts: 42

    Quick question:

    HiJack This found:
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    Which is different from what you posted above. Should I still delete this one?
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Regarding Cyberlink: I did some searching and found the following Services:

    PCMService>>
    From answersthatwork. (edited)

    PDVDServ.exe>>>
    From danisweb & neuber

    Click on Start> Run> type in services.msc> enter> double click on each of the following> Change Startup type to Manual:
    PCMService
    PDVDServ.

    Exit Services
    ============================================
    Check for removal please.

    Edit: Whoops! Forgot one more: Use Windows explorer to get to this program file>>
    "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" (Product: RichVideo Module or Cyberlink RichVideo Service(CRVS))
    RichVideo.exe is installed in "CyberLink Install folder\Shared files". There is 3 more files in this folder:- Richvideoinstall.exe, RichvideoUninstall.exe,Richvideops.dll. You can remove richvideo.exe from memory by executing richvideouninstall.exe.
    C:\Program Files\CyberLink\Shared Files\richvideouninstall.exe to remove. This program also does not allow proper shutdown of Firefox!
    Process name: RichVideo Module
     
  19. stroslose

    stroslose TS Rookie Topic Starter Posts: 42

    Could not find RichvideoUninstall.exe in the listed path above. Only files present are RichVideo.exe, RichVideo.exe.manifest, and RichVideops.dll

    Also could not find PCM Service or PDVD Service using services.msc
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Regarding CyberLink: I included the Registry entires for this to load in the script below.
    Regarding Lightscribe: It is showing associated with HP. Just check the following Service and make sure Startup type is set to Manual. You do not need to disable or delete it. The Service may shows as > LightScribeService or LSSrvc.
    ==================================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    windows\system32\drivers\SBREDrv.sys
    Folder::
    c:\users\Breitzig Family\AppData\Roaming\AVG10
    Registry::
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "UpdateLBPShortCut"=-
    "UpdateP2GoShortCut"=-
    "UpdatePDIRShortCut"=-
    "UpdatePSTShortCut"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . No need to submit log unless there are questions.
    ====================
    If there are no more problems or questions, you can removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
      • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

        Creating a Restore Point in Windows 7:
        • Click on Start> right click on Computer> Properties
        • Select System Protection
        • Click on the Create button (near bottom)
        • Type a name for the Restore Point
        • Click on Create again to save the restore point.

        Deleting all but the most recent System Protection point in Windows 7
        1. Click Start> Computer> right click the C Drive and choose Properties> enter.
        2. Click Disk Cleanup from there.
          [​IMG]
        3. Click Clean up system files
          This restarts Disk Cleanup to run in elevated mode.
        4. Click the More Options tab
          [​IMG]
        5. Click the Clean up under System Restore and Shadow Copies.
        6. Click OK.
        7. You will get a confirmation screen> Just click Delete.
        8. Click OK on the Disk Cleanup Screen.
        9. Click Delete Files on the Confirmation screen.
        [​IMG]
        It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
        Images courtesy lytebyte.

        Empty the Recycle Bin

        Let me know if you have any more questions.
     
  21. stroslose

    stroslose TS Rookie Topic Starter Posts: 42

    Steps above are complete. I truly thank you Bobbye for your time and your expertise.
    Scott
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome Scot. I'm leaving some tip for you- a couple don't work on Windows 7, but all are good.
    Tips for added security and safer browsing:
    1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
      This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
    2. Have layered Security:
      • Antivirus Software(only one):Both of the following programs are free and known to be good:
        [o]Avira Free
        [o]Avast Home
      • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
        [o]Comodo
        [o]Zone Alarm
      • Antispyware: I recommend all of the following:
        [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
      [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
      For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
      IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
      Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
      [o]Replace the Host Files
      MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
    3. Stay current on updates:
      [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
      [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
      [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
    4. Reset Cookies to prevent Tracking Cookies:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
    5. Do regular Maintenance
      Remove Temporary Internet Files regularly:
      [o]ATF Cleaner by Atribune
      OR
      [o]TFC
      Disable and Enable System Restore:
      [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
    6. Practice Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Use a Site Advisor:
    The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.http://www.mywot.com/en/download
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...