Possible virus is causing slow internet speed and download speed

Inactive
By mmeck
Dec 6, 2010
Topic Status:
Not open for further replies.
  1. A few weeks ago i came home and attempted to access the internet via firefox, received a message that my proxy settings may have been changed, tired to adjust but to no avail. I then tried internet explorer and found the some problem. reset connections, rebooted, tried safe mode. nothing worked. I ran a MBAM scan and found several trojans, I removed them ,tried to reconnect and still nothing. Ran a full Scan with MBAM, and found a couple of more nasty critters. removed them and still no internet connection. I then attempted a system restore, restored to point of a week prior. This seemed to fix the issue of connecting to internet, but ever since the access speed has been slow, taking up to a minute or so to load a web page EX: My email zoominternet, very slow. I also noticed that my download speed was decreased from 1.2 mbit per second to at most 200 kbits per second.

    Early this morning, i can across the program combo fix, I ran a scan and it detected a root kit it then rebooted my system and then proceeded to do a full scan, it found several files and deleted them. Here is the name of the root kit and the files deleted by ComboFix.

    (Let me know if you want a copy of that combofix log) Please note i ran the combofix scan before coming to this forum.)

    Root Kit Name: TDL3

    Files that Combo Fix Deleted:

    C:\desktop.ini
    c:\documents and settings\Owner\Application Data\inst.exe
    c:\program files\Antbar\Ant.com Toolbar\tbHElper.dll
    C:\test.txt
    c:\windows\jestertb.dll
    c:\windows\system32\Thumbs.db
    E:\autorun.inf


    Here are the scans that you requested

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5256

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/6/2010 10:01:32 AM
    mbam-log-2010-12-06 (10-01-32).txt

    Scan type: Quick scan
    Objects scanned: 164328
    Time elapsed: 7 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-06 10:08:59
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JD-75HBB0 rev.08.02D08
    Running: random named file.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgxoqkob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAC7FEBAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAC7FE9D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAC7FEB0C]
    Code 826E7A7F IoReportHalResourceUsage
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device aswSP.SYS (avast! self protection module/AVAST Software)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\IpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\TcpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\UdpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-12-05.01) - NTFSx86
    Run by Owner at 10:11:07.53 on Mon 12/06/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1341 [GMT -5:00]

    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe acrobat speed launcher.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe gamma.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmstatus.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmartware.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
    IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: DirectAnimation Java Classes
    DPF: Microsoft XML Parser for Java
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
    FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\anttoolbar@ant.com
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Extension: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
    FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Extension: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    FF - Extension: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    FF - Extension: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
    FF - Extension: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
    FF - Extension: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    FF - Extension: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
    FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\extension@virtusdesigns.com
    FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    FF - Extension: Nuri: {beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5}
    FF - Extension: XboxFox: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
    FF - Extension: Stratini Padded: {8479ade0-2eec-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
    FF - Extension: Virtus Ask Search Plugin: opensearch@ask.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\opensearch@ask.com
    FF - Extension: Firefox Zune: {e06bacc0-d6f8-11de-8a39-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{e06bacc0-d6f8-11de-8a39-0800200c9a66}
    FF - Extension: Revelation: {586bd060-22d6-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
    FF - Extension: Vista Red: {d4385b60-11f0-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{d4385b60-11f0-11de-8c30-0800200c9a66}
    FF - Extension: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
    FF - Extension: Office Black: Office2007Black@JBBS - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Office2007Black@JBBS
    FF - Extension: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
    FF - Extension: Alienware Invader v1.2: {5476e6b0-3de0-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
    FF - Extension: StrataStripe: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
    FF - Extension: XP on Vista: {07b2a769-ed19-4483-87ce-c643914caed1} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914caed1}
    FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\foxdie_ext_ocelot@foxdie.us
    FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Foxdie@tanjihay.com
    FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
    FF - Extension: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
    FF - Extension: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HdThemeEnabler.exe [2008-7-7 102400]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-9-17 10384]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-9-29 101904]
    R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [2010-12-6 3584]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-3-10 16512]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
    S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-5 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-2-5 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-2-5 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-2-5 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-2-5 25704]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; [x]

    =============== Created Last 30 ================

    2010-12-06 14:53:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 14:52:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-06 14:18:49 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-06 14:18:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-12-06 11:44:47 -------- d-----w- c:\program files\windows media components
    2010-12-06 10:35:10 -------- d-sha-r- C:\cmdcons
    2010-12-06 10:31:52 98816 ----a-w- c:\windows\sed.exe
    2010-12-06 10:31:52 89088 ----a-w- c:\windows\MBR.exe
    2010-12-06 10:31:52 256512 ----a-w- c:\windows\PEV.exe
    2010-12-06 10:31:52 161792 ----a-w- c:\windows\SWREG.exe
    2010-12-06 01:58:20 -------- d-----w- c:\program files\common files\HP
    2010-12-06 01:57:52 970752 ----a-w- c:\windows\system32\hpotiop6.dll
    2010-12-06 01:57:52 729088 ----a-w- c:\windows\system32\hpowiax8.dll
    2010-12-06 01:57:52 303104 ----a-w- c:\windows\system32\hpovst14.dll
    2010-12-04 05:29:10 -------- d-----w- c:\docume~1\owner\applic~1\NeroDigital(TM)
    2010-12-04 04:55:36 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero_AG
    2010-12-04 04:52:09 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero
    2010-12-02 17:24:59 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
    2010-12-02 17:24:59 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
    2010-12-02 17:24:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2010-12-02 17:24:59 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
    2010-12-02 17:24:59 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
    2010-12-02 17:24:59 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
    2010-12-02 17:24:58 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
    2010-12-02 13:36:47 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
    2010-12-02 13:36:47 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
    2010-12-02 13:36:47 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
    2010-12-02 13:36:47 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
    2010-12-02 13:36:47 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
    2010-12-02 13:36:47 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
    2010-12-02 13:36:47 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
    2010-12-02 12:54:49 16384 ----a-w- c:\windows\system32\FileOps.exe
    2010-12-02 12:33:50 -------- d-----w- c:\program files\common files\Adobe Systems Shared
    2010-12-01 06:09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-21 11:10:33 -------- d-----w- c:\program files\Essentials Codec Pack
    2010-11-21 10:45:25 -------- d-----w- c:\program files\NeroAACCodec-1.5.1
    2010-11-11 06:45:40 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Western_Digital
    2010-11-11 06:44:34 -------- d-----w- c:\docume~1\owner\applic~1\Western Digital
    2010-11-11 06:44:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
    2010-11-07 07:30:52 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Unity
    2010-11-06 19:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-11-06 19:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-09-24 20:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 20:19:08 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
    2010-09-24 19:11:44 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
    2010-09-24 19:11:44 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
    2010-09-24 19:11:44 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
    2010-09-24 19:11:44 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
    2010-09-24 19:11:44 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
    2010-09-24 19:11:42 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
    2010-09-24 19:11:42 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
    2010-09-24 19:11:42 111104 ----a-w- c:\windows\system32\ZuneIPTransport.dll
    2010-09-24 18:31:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 19:10:18 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2010-09-15 04:35:31 0 ----a-w- c:\windows\ativpsrm.bin
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

    ============= FINISH: 10:11:57.59 ==============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x254023f800+1
    Install Date: 9/1/2009 5:37:48 PM
    System Uptime: 12/6/2010 9:46:43 AM (1 hours ago)

    Motherboard: Dell Inc. | | 0KP561
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU | 1994/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 116.204 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 931 GiB total, 22.09 GiB free.
    F: is CDROM (UDF)
    G: is FIXED (NTFS) - 297 GiB total, 170.238 GiB free.
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetXtreme 57xx Gigabit Controller
    Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
    Manufacturer: Broadcom
    Name: Broadcom NetXtreme 57xx Gigabit Controller
    PNP Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
    Service: b57w2k

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Wireless-N USB Network Adapter
    Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
    Manufacturer: Marvell
    Name: Wireless-N USB Network Adapter #7
    PNP Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
    Service: MRVW245

    ==== System Restore Points ===================

    RP1: 12/6/2010 6:16:25 AM - System Checkpoint
    RP2: 12/6/2010 6:16:55 AM - Revo Uninstaller's restore point - Akamai NetSession Interface
    RP3: 12/6/2010 6:17:55 AM - Revo Uninstaller's restore point - Any Video Converter Professional 2.7.9
    RP4: 12/6/2010 6:18:47 AM - Revo Uninstaller's restore point - DVDx 2
    RP5: 12/6/2010 6:19:23 AM - Revo Uninstaller's restore point - GOM Encoder
    RP6: 12/6/2010 6:19:32 AM - GOM Encoder Kaldirildi
    RP7: 12/6/2010 6:19:59 AM - Revo Uninstaller's restore point - Dziobas Rar Player 0.009.39
    RP8: 12/6/2010 6:20:53 AM - Revo Uninstaller's restore point - Microsoft Expression Studio 4
    RP9: 12/6/2010 6:32:52 AM - Revo Uninstaller's restore point - Microsoft Expression Encoder 4 Screen Capture Codec
    RP10: 12/6/2010 6:32:58 AM - Removed Microsoft Expression Encoder 4 Screen Capture Codec
    RP11: 12/6/2010 6:33:25 AM - Revo Uninstaller's restore point - Microsoft Expression Blend 3 SDK
    RP12: 12/6/2010 6:33:33 AM - Removed Microsoft Expression Blend 3 SDK
    RP13: 12/6/2010 6:34:22 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for .NET 4
    RP14: 12/6/2010 6:34:32 AM - Removed Microsoft Expression Blend SDK for .NET 4
    RP15: 12/6/2010 6:35:31 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for Silverlight 4
    RP16: 12/6/2010 6:35:38 AM - Removed Microsoft Expression Blend SDK for Silverlight 4
    RP17: 12/6/2010 6:36:49 AM - Revo Uninstaller's restore point - Remote Control USB Driver
    RP18: 12/6/2010 6:37:04 AM - Removed Remote Control USB Driver
    RP19: 12/6/2010 6:38:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
    RP20: 12/6/2010 6:39:16 AM - Revo Uninstaller's restore point - Windows Media Encoder 9 Series
    RP21: 12/6/2010 6:44:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
    RP22: 12/6/2010 6:46:04 AM - Revo Uninstaller's restore point - Ultra Video Joiner 5.1.1127
    RP23: 12/6/2010 6:47:10 AM - Revo Uninstaller's restore point - Unity Web Player
    RP24: 12/6/2010 6:47:44 AM - Revo Uninstaller's restore point - WPF Toolkit February 2010 (Version 3.5.50211.1)
    RP25: 12/6/2010 6:47:53 AM - Removed WPF Toolkit February 2010 (Version 3.5.50211.1)
    RP26: 12/6/2010 6:48:20 AM - Revo Uninstaller's restore point - XviD4PSP 5.0
    RP27: 12/6/2010 6:49:36 AM - Revo Uninstaller's restore point - TitanTV Client components for ATI
    RP28: 12/6/2010 6:49:55 AM - Removed TitanTV Client components for ATI
    RP29: 12/6/2010 8:19:50 AM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware
    RP30: 12/6/2010 9:18:44 AM - avast! Free Antivirus Setup

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    7-Zip 4.65
    Adobe Acrobat 5.0
    Adobe Acrobat 7.0 Professional
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Creative Suite 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe GoLive CS2
    Adobe Help Center 1.0
    Adobe Illustrator CS2
    Adobe InDesign CS2
    Adobe Photoshop CS2
    Adobe Reader 9.4.1
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    Adobe Version Cue CS2
    ATI AVIVO Codecs
    ATI Catalyst Control Center
    ATI Display Driver
    ATI Problem Report Wizard
    avast! Free Antivirus
    Broadcom ASF Management Applications
    Broadcom Gigabit Integrated Controller
    Broadcom Management Programs
    BufferChm
    C4400
    C4400_Help
    Cards_Calendar_OrderGift_DoMorePlugout
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Copy
    CustomerResearchQFolder
    DAO
    Data Lifeguard Diagnostic for Windows
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    erLT
    eSupportQFolder
    GOM Player
    GPBaseService
    Haemo
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows XP (KB2158563)
    HP Customer Participation Program 10.0
    HP Imaging Device Functions 10.0
    HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
    HP Photosmart Essential 2.5
    HP Smart Web Printing 4.60
    HP Solution Center 10.0
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    Hyperdesk - Crysis Warhead
    Hyperdesk - DarkMatter Gamma Ray
    Hyperdesk - DarkMatter Solar Flare
    Hyperdesk - DarkMatter Subspace
    Hyperdesk - Sony Ericsson Onyx Series
    Intel(R) Graphics Media Accelerator Driver
    KhalInstallWrapper
    LightScribe 1.4.31.1
    Logitech Harmony Remote Software
    Logitech Harmony Remote Software 7
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office Small Business Edition 2003
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows Media Video 9 VCM
    Microsoft XNA Game Studio 3.1 (ARP entry)
    Microsoft XNA Game Studio 3.1 (Platformer)
    Microsoft XNA Game Studio 3.1 (Redists)
    Microsoft XNA Game Studio 3.1 (Shared Components)
    Microsoft XNA Game Studio 3.1 (VCSExpress)
    Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
    Microsoft XNA Game Studio 3.1 Documentation
    Mozilla Firefox (3.5.3)
    MSVCSetup
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    neroxml
    OCR Software by I.R.I.S. 10.0
    PanoStandAlone
    PS_AIO_03_C4400_ProductContext
    PS_AIO_03_C4400_Software
    PS_AIO_03_C4400_Software_Min
    PSSWCORE
    Revo Uninstaller 1.90
    Royale Remixed Theme
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shop for HP Supplies
    Skins
    SmartWebPrinting
    SmnoduloTwe
    SolutionCenter
    SoundMAX
    Sql Server Customer Experience Improvement Program
    Status
    Suite Specific
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    VCRedistSetup
    VideoToolkit01
    WD SmartWare
    WebFldrs XP
    WebReg
    Windows Essentials Media Codec Pack 3.2
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Mobile Device Updater Component
    WinRAR archiver
    Zune
    Zune Desktop Theme
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)

    ==== Event Viewer Messages From Past Week ========

    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
    12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
    12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
    12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acledit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acctres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
    12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaaamon.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\a3d.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 4.12.1.2009.
    12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\6to4svc.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5935.
    12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520850.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
    12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520437.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
    12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
    12/3/2010 2:34:35 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2435682).
    12/3/2010 2:25:31 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    12/3/2010 11:32:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
    12/3/2010 11:32:15 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    12/2/2010 12:57:14 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    12/2/2010 10:57:30 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 11:41:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 10:45:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 10:37:37 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 10:35:46 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 1:16:27 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(1)0x7e00-0x254023f800+1'. It has stopped monitoring the volume.
    11/30/2010 11:13:40 PM, error: Service Control Manager [7034] - The Hyperdesk Theme Enabler service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
  2. mmeck

    mmeck Newcomer, in training Topic Starter

    Here Are The DDS Logs


    DDS (Ver_10-12-05.01) - NTFSx86
    Run by Owner at 10:11:07.53 on Mon 12/06/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1341 [GMT -5:00]

    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe acrobat speed launcher.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe gamma.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmstatus.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmartware.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
    IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: DirectAnimation Java Classes
    DPF: Microsoft XML Parser for Java
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
    FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\anttoolbar@ant.com
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Extension: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
    FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Extension: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    FF - Extension: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    FF - Extension: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
    FF - Extension: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
    FF - Extension: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    FF - Extension: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
    FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\extension@virtusdesigns.com
    FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    FF - Extension: Nuri: {beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5}
    FF - Extension: XboxFox: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
    FF - Extension: Stratini Padded: {8479ade0-2eec-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
    FF - Extension: Virtus Ask Search Plugin: opensearch@ask.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\opensearch@ask.com
    FF - Extension: Firefox Zune: {e06bacc0-d6f8-11de-8a39-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{e06bacc0-d6f8-11de-8a39-0800200c9a66}
    FF - Extension: Revelation: {586bd060-22d6-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
    FF - Extension: Vista Red: {d4385b60-11f0-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{d4385b60-11f0-11de-8c30-0800200c9a66}
    FF - Extension: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
    FF - Extension: Office Black: Office2007Black@JBBS - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Office2007Black@JBBS
    FF - Extension: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
    FF - Extension: Alienware Invader v1.2: {5476e6b0-3de0-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
    FF - Extension: StrataStripe: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
    FF - Extension: XP on Vista: {07b2a769-ed19-4483-87ce-c643914caed1} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914caed1}
    FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\foxdie_ext_ocelot@foxdie.us
    FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Foxdie@tanjihay.com
    FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
    FF - Extension: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
    FF - Extension: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HdThemeEnabler.exe [2008-7-7 102400]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-9-17 10384]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-9-29 101904]
    R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [2010-12-6 3584]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-3-10 16512]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
    S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-5 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-2-5 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-2-5 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-2-5 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-2-5 25704]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; [x]

    =============== Created Last 30 ================

    2010-12-06 14:53:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 14:52:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-06 14:18:49 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-06 14:18:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-12-06 11:44:47 -------- d-----w- c:\program files\windows media components
    2010-12-06 10:35:10 -------- d-sha-r- C:\cmdcons
    2010-12-06 10:31:52 98816 ----a-w- c:\windows\sed.exe
    2010-12-06 10:31:52 89088 ----a-w- c:\windows\MBR.exe
    2010-12-06 10:31:52 256512 ----a-w- c:\windows\PEV.exe
    2010-12-06 10:31:52 161792 ----a-w- c:\windows\SWREG.exe
    2010-12-06 01:58:20 -------- d-----w- c:\program files\common files\HP
    2010-12-06 01:57:52 970752 ----a-w- c:\windows\system32\hpotiop6.dll
    2010-12-06 01:57:52 729088 ----a-w- c:\windows\system32\hpowiax8.dll
    2010-12-06 01:57:52 303104 ----a-w- c:\windows\system32\hpovst14.dll
    2010-12-04 05:29:10 -------- d-----w- c:\docume~1\owner\applic~1\NeroDigital(TM)
    2010-12-04 04:55:36 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero_AG
    2010-12-04 04:52:09 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero
    2010-12-02 17:24:59 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
    2010-12-02 17:24:59 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
    2010-12-02 17:24:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2010-12-02 17:24:59 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
    2010-12-02 17:24:59 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
    2010-12-02 17:24:59 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
    2010-12-02 17:24:58 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
    2010-12-02 13:36:47 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
    2010-12-02 13:36:47 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
    2010-12-02 13:36:47 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
    2010-12-02 13:36:47 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
    2010-12-02 13:36:47 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
    2010-12-02 13:36:47 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
    2010-12-02 13:36:47 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
    2010-12-02 12:54:49 16384 ----a-w- c:\windows\system32\FileOps.exe
    2010-12-02 12:33:50 -------- d-----w- c:\program files\common files\Adobe Systems Shared
    2010-12-01 06:09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-21 11:10:33 -------- d-----w- c:\program files\Essentials Codec Pack
    2010-11-21 10:45:25 -------- d-----w- c:\program files\NeroAACCodec-1.5.1
    2010-11-11 06:45:40 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Western_Digital
    2010-11-11 06:44:34 -------- d-----w- c:\docume~1\owner\applic~1\Western Digital
    2010-11-11 06:44:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
    2010-11-07 07:30:52 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Unity
    2010-11-06 19:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-11-06 19:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-09-24 20:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 20:19:08 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
    2010-09-24 19:11:44 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
    2010-09-24 19:11:44 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
    2010-09-24 19:11:44 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
    2010-09-24 19:11:44 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
    2010-09-24 19:11:44 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
    2010-09-24 19:11:42 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
    2010-09-24 19:11:42 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
    2010-09-24 19:11:42 111104 ----a-w- c:\windows\system32\ZuneIPTransport.dll
    2010-09-24 18:31:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 19:10:18 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2010-09-15 04:35:31 0 ----a-w- c:\windows\ativpsrm.bin
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

    ============= FINISH: 10:11:57.59 ===============


    The Attach File


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x254023f800+1
    Install Date: 9/1/2009 5:37:48 PM
    System Uptime: 12/6/2010 9:46:43 AM (1 hours ago)

    Motherboard: Dell Inc. | | 0KP561
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU | 1994/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 116.204 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 931 GiB total, 22.09 GiB free.
    F: is CDROM (UDF)
    G: is FIXED (NTFS) - 297 GiB total, 170.238 GiB free.
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetXtreme 57xx Gigabit Controller
    Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
    Manufacturer: Broadcom
    Name: Broadcom NetXtreme 57xx Gigabit Controller
    PNP Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
    Service: b57w2k

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Wireless-N USB Network Adapter
    Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
    Manufacturer: Marvell
    Name: Wireless-N USB Network Adapter #7
    PNP Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
    Service: MRVW245

    ==== System Restore Points ===================

    RP1: 12/6/2010 6:16:25 AM - System Checkpoint
    RP2: 12/6/2010 6:16:55 AM - Revo Uninstaller's restore point - Akamai NetSession Interface
    RP3: 12/6/2010 6:17:55 AM - Revo Uninstaller's restore point - Any Video Converter Professional 2.7.9
    RP4: 12/6/2010 6:18:47 AM - Revo Uninstaller's restore point - DVDx 2
    RP5: 12/6/2010 6:19:23 AM - Revo Uninstaller's restore point - GOM Encoder
    RP6: 12/6/2010 6:19:32 AM - GOM Encoder Kaldirildi
    RP7: 12/6/2010 6:19:59 AM - Revo Uninstaller's restore point - Dziobas Rar Player 0.009.39
    RP8: 12/6/2010 6:20:53 AM - Revo Uninstaller's restore point - Microsoft Expression Studio 4
    RP9: 12/6/2010 6:32:52 AM - Revo Uninstaller's restore point - Microsoft Expression Encoder 4 Screen Capture Codec
    RP10: 12/6/2010 6:32:58 AM - Removed Microsoft Expression Encoder 4 Screen Capture Codec
    RP11: 12/6/2010 6:33:25 AM - Revo Uninstaller's restore point - Microsoft Expression Blend 3 SDK
    RP12: 12/6/2010 6:33:33 AM - Removed Microsoft Expression Blend 3 SDK
    RP13: 12/6/2010 6:34:22 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for .NET 4
    RP14: 12/6/2010 6:34:32 AM - Removed Microsoft Expression Blend SDK for .NET 4
    RP15: 12/6/2010 6:35:31 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for Silverlight 4
    RP16: 12/6/2010 6:35:38 AM - Removed Microsoft Expression Blend SDK for Silverlight 4
    RP17: 12/6/2010 6:36:49 AM - Revo Uninstaller's restore point - Remote Control USB Driver
    RP18: 12/6/2010 6:37:04 AM - Removed Remote Control USB Driver
    RP19: 12/6/2010 6:38:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
    RP20: 12/6/2010 6:39:16 AM - Revo Uninstaller's restore point - Windows Media Encoder 9 Series
    RP21: 12/6/2010 6:44:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
    RP22: 12/6/2010 6:46:04 AM - Revo Uninstaller's restore point - Ultra Video Joiner 5.1.1127
    RP23: 12/6/2010 6:47:10 AM - Revo Uninstaller's restore point - Unity Web Player
    RP24: 12/6/2010 6:47:44 AM - Revo Uninstaller's restore point - WPF Toolkit February 2010 (Version 3.5.50211.1)
    RP25: 12/6/2010 6:47:53 AM - Removed WPF Toolkit February 2010 (Version 3.5.50211.1)
    RP26: 12/6/2010 6:48:20 AM - Revo Uninstaller's restore point - XviD4PSP 5.0
    RP27: 12/6/2010 6:49:36 AM - Revo Uninstaller's restore point - TitanTV Client components for ATI
    RP28: 12/6/2010 6:49:55 AM - Removed TitanTV Client components for ATI
    RP29: 12/6/2010 8:19:50 AM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware
    RP30: 12/6/2010 9:18:44 AM - avast! Free Antivirus Setup

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    7-Zip 4.65
    Adobe Acrobat 5.0
    Adobe Acrobat 7.0 Professional
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Creative Suite 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe GoLive CS2
    Adobe Help Center 1.0
    Adobe Illustrator CS2
    Adobe InDesign CS2
    Adobe Photoshop CS2
    Adobe Reader 9.4.1
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    Adobe Version Cue CS2
    ATI AVIVO Codecs
    ATI Catalyst Control Center
    ATI Display Driver
    ATI Problem Report Wizard
    avast! Free Antivirus
    Broadcom ASF Management Applications
    Broadcom Gigabit Integrated Controller
    Broadcom Management Programs
    BufferChm
    C4400
    C4400_Help
    Cards_Calendar_OrderGift_DoMorePlugout
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Copy
    CustomerResearchQFolder
    DAO
    Data Lifeguard Diagnostic for Windows
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    erLT
    eSupportQFolder
    GOM Player
    GPBaseService
    Haemo
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows XP (KB2158563)
    HP Customer Participation Program 10.0
    HP Imaging Device Functions 10.0
    HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
    HP Photosmart Essential 2.5
    HP Smart Web Printing 4.60
    HP Solution Center 10.0
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    Hyperdesk - Crysis Warhead
    Hyperdesk - DarkMatter Gamma Ray
    Hyperdesk - DarkMatter Solar Flare
    Hyperdesk - DarkMatter Subspace
    Hyperdesk - Sony Ericsson Onyx Series
    Intel(R) Graphics Media Accelerator Driver
    KhalInstallWrapper
    LightScribe 1.4.31.1
    Logitech Harmony Remote Software
    Logitech Harmony Remote Software 7
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office Small Business Edition 2003
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows Media Video 9 VCM
    Microsoft XNA Game Studio 3.1 (ARP entry)
    Microsoft XNA Game Studio 3.1 (Platformer)
    Microsoft XNA Game Studio 3.1 (Redists)
    Microsoft XNA Game Studio 3.1 (Shared Components)
    Microsoft XNA Game Studio 3.1 (VCSExpress)
    Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
    Microsoft XNA Game Studio 3.1 Documentation
    Mozilla Firefox (3.5.3)
    MSVCSetup
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    neroxml
    OCR Software by I.R.I.S. 10.0
    PanoStandAlone
    PS_AIO_03_C4400_ProductContext
    PS_AIO_03_C4400_Software
    PS_AIO_03_C4400_Software_Min
    PSSWCORE
    Revo Uninstaller 1.90
    Royale Remixed Theme
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shop for HP Supplies
    Skins
    SmartWebPrinting
    SmnoduloTwe
    SolutionCenter
    SoundMAX
    Sql Server Customer Experience Improvement Program
    Status
    Suite Specific
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    VCRedistSetup
    VideoToolkit01
    WD SmartWare
    WebFldrs XP
    WebReg
    Windows Essentials Media Codec Pack 3.2
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Mobile Device Updater Component
    WinRAR archiver
    Zune
    Zune Desktop Theme
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)

    ==== Event Viewer Messages From Past Week ========

    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).
    12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
    12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
    12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
    12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acledit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acctres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
    12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaaamon.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\a3d.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 4.12.1.2009.
    12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\6to4svc.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5935.
    12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520850.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
    12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520437.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
    12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
    12/3/2010 2:34:35 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2435682).
    12/3/2010 2:25:31 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    12/3/2010 11:32:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
    12/3/2010 11:32:15 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    12/2/2010 12:57:14 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    12/2/2010 10:57:30 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 11:41:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 10:45:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 10:37:37 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 10:35:46 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/1/2010 1:16:27 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(1)0x7e00-0x254023f800+1'. It has stopped monitoring the volume.
    11/30/2010 11:13:40 PM, error: Service Control Manager [7034] - The Hyperdesk Theme Enabler service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot. I'll try to help determine the cause of the problem. I have some questions and comments:

    1. There is extreme activity in the Restore Points on 12/6/2010> excess installing, followed by excess uninstalling. What is it you were trying to accomplish on that date?

    2. Regarding you subject: "slow internet speed and download speed". Normally a malware infection isn't going to be the culprit for this-unless the system is heavily infested, which I do not see at this point. Have you contacted your ISP about this. because that should be where you start

    3. The Combofix quarantine- which you already know your shouldn't have run the program-has one deletion that is usually from an infected flash drive. So if you are using one, stop. If will have to be disinfected.

    4. Please don't use the Revo uninstaller or any other similar program while I am helping you.
    While I review these logs, please run this scan:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =======================================
    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    ======================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  4. mmeck

    mmeck Newcomer, in training Topic Starter

    I was removing old progams and ones i that i no longer us or like. When i use revo uninstaller it creates arestore point for every program that is removed. Also I recently had an issue with the passcore,mui driver, i installed a product from nero and it caused damage to one of the driver files for my HP printer, i had to unintsall the nero then uninstall the HP software and drivers then reinstall the HP stuff. I did not have the oringinal install disc so i had to download the set up exe from HP. i also had a ton of programs starting up during system start up.

    I have not contacted my ISP There are 3 other PC's in the house that are doing just fine. What happened was that approx 2 - 3 weeks ago i left my PC on for about 24 hrs with having any use, i came home from work ans attempted to get on internet (Via Firefox, it could not load any pages and stated that the proxy settings had been changed or at least they may have been changed, Checked everything out and it seemed fine, checked IE and had the same issue no access., I i tried a system restore took it back a week or so an the issue seemed to be resolved i had access, but from that point on page loading has slowed emensly or sometimes the pages time out and i have to reload the tab, or they just sit continue trying to finish loading but all the info is on the page, The last issue that my download speed has dropped from 1.1, 1.2 mbits to max 250 - 300 kbits. After i did the system restore point i decided to run malware bytes, it picked up several trojans and infected files and deleted them, but everything stayed the same.no improvement, this moring when i found your site, i had already downloaded combo fix and ran it that's when the issue with the TDL3 rootkit came to light and combofix deleted several files., THe instructions in 8 step guide said to make sure my antivirus was up to date, so i attempted to updat AVIRA and all hell broke loose when i ried t install the update, it it wouldnt work, so i uninstalled it and decided to install AVAST, once i was done i ran a scan as directed and it deleted 2 trojans, if you wnat the scan i will be happy to post it.

    Sorry about that combofix issue, wish i had found your site 1st., i will also be sure not to use revo nor any other tools unless you ask me to.

    I was not able to run the eset scan through the browser, it told me to try IE i did it would not start kept getting timed out. downloaded it with firefox had to install and run it.

    Here is the eset scan log:

    C:\Documents and Settings\Owner\My Documents\Wondershare Video Converter Platinum v4.4.2\wondershare.video.converter.platinum.v4.4.2-patch.exe Win32/HackTool.Patcher.A application
    C:\System Volume Information\_restore{C1046940-8BDF-4CCC-A657-F765E7554FF3}\RP30\A0004365.dll Win32/BHO.NWT trojan
    C:\WINDOWS\Resources\Themes\Best_Vista_Theme_for_XP\VIPv3 (icon pack).exe Win32/PrcView application
    E:\System Volume Information\_restore{C1046940-8BDF-4CCC-A657-F765E7554FF3}\RP30\A0004722.exe a variant of Win32/Injector.ASA trojan
    E:\System Volume Information\_restore{C1046940-8BDF-4CCC-A657-F765E7554FF3}\RP30\A0004725.exe Win32/PrcView application

    i just wanted to let you know that when i started combofix it sits idle for about 5 mins or so creates a new restore point the it states a root kit is detected it will not take long, it then says that combofix must reboot the machine, it does comes back on and then scans.

    The name of the rootkit is :TDL3,

    IT IS NOT MENTIONED ON THE COMBOFIX LOG FOR SOME REASON

    Here is the combo Fix Log:

    ComboFix 10-12-06.01 - Owner 12/06/2010 22:18:56.4.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1527 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\Thumbs.db

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
    .

    2010-12-06 15:51 . 2010-12-06 15:51 -------- d-----w- c:\program files\Common Files\Java
    2010-12-06 15:51 . 2010-12-06 15:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-12-06 15:51 . 2010-12-06 15:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-06 15:51 . 2010-12-06 15:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-06 15:50 . 2010-12-06 15:50 -------- d-----w- c:\program files\Java
    2010-12-06 15:45 . 2010-12-06 15:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
    2010-12-06 15:38 . 2010-12-06 15:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-12-06 15:37 . 2010-12-06 15:37 -------- d-----w- c:\windows\system32\winrm
    2010-12-06 15:37 . 2010-12-06 15:37 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2010-12-06 15:36 . 2010-12-06 15:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
    2010-12-06 15:36 . 2010-12-06 15:36 -------- d-----w- c:\program files\Windows Desktop Search
    2010-12-06 15:36 . 2010-12-06 15:36 -------- d-----w- c:\windows\system32\GroupPolicy
    2010-12-06 15:35 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2010-12-06 15:35 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2010-12-06 15:35 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2010-12-06 14:53 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 14:52 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-06 14:19 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-06 14:19 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-12-06 14:19 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-12-06 14:19 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-12-06 14:19 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-12-06 14:19 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-12-06 14:19 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-12-06 14:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-06 14:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-06 14:18 . 2010-12-06 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-12-06 11:44 . 2010-12-06 11:44 -------- d-----w- c:\program files\windows media components
    2010-12-06 01:59 . 2010-12-06 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
    2010-12-06 01:58 . 2010-12-06 01:58 -------- d-----w- c:\program files\Common Files\HP
    2010-12-06 01:58 . 2010-12-06 01:58 -------- d-----w- c:\program files\Hewlett-Packard
    2010-12-06 01:57 . 2007-10-31 00:22 729088 ----a-w- c:\windows\system32\hpowiax8.dll
    2010-12-06 01:57 . 2007-10-31 00:22 303104 ----a-w- c:\windows\system32\hpovst14.dll
    2010-12-06 01:57 . 2007-10-31 00:22 970752 ----a-w- c:\windows\system32\hpotiop6.dll
    2010-12-04 05:29 . 2010-12-04 05:29 -------- d-----w- c:\documents and settings\Owner\Application Data\NeroDigital(TM)
    2010-12-04 04:52 . 2010-12-04 07:59 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nero
    2010-12-02 17:24 . 2010-12-02 17:24 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2010-12-02 17:24 . 2003-02-27 21:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2010-12-02 17:24 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2010-12-02 17:24 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2010-12-02 17:24 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2010-12-02 17:24 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2010-12-02 17:24 . 2010-12-02 17:27 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2010-12-02 13:36 . 2010-12-02 13:36 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2010-12-02 13:36 . 2010-12-02 13:36 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2010-12-02 13:36 . 2004-10-22 07:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2010-12-02 13:36 . 2004-10-22 07:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2010-12-02 13:36 . 2004-10-22 07:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2010-12-02 13:36 . 2004-10-22 07:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2010-12-02 13:36 . 2004-10-22 07:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
    2010-12-02 12:54 . 2004-08-17 01:40 16384 ----a-w- c:\windows\system32\FileOps.exe
    2010-12-02 12:35 . 2010-12-02 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
    2010-12-02 12:33 . 2010-12-02 12:33 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
    2010-12-01 06:09 . 2010-12-06 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-21 11:10 . 2010-11-21 11:11 -------- d-----w- c:\program files\Essentials Codec Pack
    2010-11-21 10:45 . 2010-11-21 10:47 -------- d-----w- c:\program files\NeroAACCodec-1.5.1
    2010-11-11 06:45 . 2010-11-11 06:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Western_Digital
    2010-11-11 06:44 . 2010-11-11 06:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Western Digital
    2010-11-11 06:44 . 2010-11-11 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
    2010-11-07 07:30 . 2010-12-06 11:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
    2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
    2010-09-24 20:25 . 2010-09-24 20:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
    2010-09-24 20:19 . 2010-09-24 20:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 20:19 . 2010-09-24 20:19 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
    2010-09-24 19:14 . 2010-09-24 19:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
    2010-09-24 19:11 . 2010-09-24 19:11 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
    2010-09-24 19:11 . 2010-09-24 19:11 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
    2010-09-24 19:11 . 2010-09-24 19:11 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
    2010-09-24 19:11 . 2010-09-24 19:11 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
    2010-09-24 19:11 . 2010-09-24 19:11 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
    2010-09-24 19:11 . 2010-09-24 19:11 796672 ----a-w- c:\windows\system32\drivers\UMDF\ZuneDriver.dll
    2010-09-24 19:11 . 2010-09-24 19:11 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
    2010-09-24 19:11 . 2010-09-24 19:11 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
    2010-09-24 19:11 . 2010-09-24 19:11 111104 ----a-w- c:\windows\system32\ZuneIPTransport.dll
    2010-09-24 19:06 . 2010-09-24 19:06 41472 ----a-w- c:\windows\system32\drivers\zumbus.sys
    2010-09-24 18:31 . 2009-08-17 20:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-09-18 19:23 . 2002-09-03 16:41 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2002-09-03 16:41 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2002-09-03 16:41 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2002-09-03 16:41 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 19:10 . 2010-03-01 09:11 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2010-09-10 05:58 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-02 98304]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-12-2 25214]
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
    WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
    2006-04-03 04:07 389120 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-09-24 20:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "IS360service"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1035:TCP"= 1035:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/6/2010 9:19 AM 165584]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 4:30 PM 79168]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/6/2010 9:19 AM 17744]
    R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/7/2008 11:58 AM 102400]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/17/2009 12:22 PM 10384]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 5:31 PM 98304]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 12:58 PM 20480]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/29/2010 4:22 AM 101904]
    R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 3:16 PM 130384]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [3/10/2010 3:23 AM 16512]
    S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 6:06 PM 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/3/2002 12:05 PM 14336]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 3:19 PM 268528]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 3:16 PM 753504]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2/5/2010 7:34 PM 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2/5/2010 7:34 PM 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2/5/2010 7:34 PM 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2/5/2010 7:34 PM 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2/5/2010 7:35 PM 25704]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; [x]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-06 c:\windows\Tasks\User_Feed_Synchronization-{9390C314-8374-4CD6-AF61-569D83F00604}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

    2010-12-07 c:\windows\Tasks\Windows Codec Update Service.job
    - c:\program files\Essentials Codec Pack\WECPUpdate.exe [2010-09-27 08:30]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    DPF: DirectAnimation Java Classes
    DPF: Microsoft XML Parser for Java
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\anttoolbar@ant.com
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Extension: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
    FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Extension: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    FF - Extension: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    FF - Extension: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
    FF - Extension: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
    FF - Extension: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    FF - Extension: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
    FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\extension@virtusdesigns.com
    FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    FF - Extension: Nuri: {beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5}
    FF - Extension: XboxFox: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
    FF - Extension: Stratini Padded: {8479ade0-2eec-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
    FF - Extension: Virtus Ask Search Plugin: opensearch@ask.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\opensearch@ask.com
    FF - Extension: Firefox Zune: {e06bacc0-d6f8-11de-8a39-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{e06bacc0-d6f8-11de-8a39-0800200c9a66}
    FF - Extension: Revelation: {586bd060-22d6-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
    FF - Extension: Vista Red: {d4385b60-11f0-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{d4385b60-11f0-11de-8c30-0800200c9a66}
    FF - Extension: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
    FF - Extension: Office Black: Office2007Black@JBBS - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\Office2007Black@JBBS
    FF - Extension: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
    FF - Extension: Alienware Invader v1.2: {5476e6b0-3de0-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
    FF - Extension: StrataStripe: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
    FF - Extension: XP on Vista: {07b2a769-ed19-4483-87ce-c643914caed1} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914caed1}
    FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\foxdie_ext_ocelot@foxdie.us
    FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\Foxdie@tanjihay.com
    FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
    FF - Extension: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
    FF - Extension: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-hpqSRMon - (no file)



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
    "ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,51,66,48,d2,f5,2f,4e,a2,aa,ae,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,51,66,48,d2,f5,2f,4e,a2,aa,ae,\

    [HKEY_USERS\S-1-5-21-1757981266-1364589140-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1008)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-12-06 22:25:55
    ComboFix-quarantined-files.txt 2010-12-07 03:25

    Pre-Run: 125,850,677,248 bytes free
    Post-Run: 125,843,144,704 bytes free

    - - End Of File - - 50DEF7EAC1F5D60FC4E01013AAA03A63


    Please note that my HP printer drivers are messing up again, it is saying that the needed file is not there and can not be found. this is the second time today, i have not even tried to print anything at all today
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I'll go ahead and move these 2 files from the Eset scan, but when I ask for a log, I want a log- not entries from it. There is information available in log entries such as the date and time the scan was run. Sometimes, details such as that can make a difference in what I have you do.
    There are only 2 active entries in Eset. System Volume is the restore point which I will have you remove at the end.

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Processes	
      :Files  
      C:\Documents and Settings\Owner\My Documents\Wondershare Video Converter Platinum v4.4.2\wondershare.video.converter.platinum.v4.4.2-patch.exe 
      C:\WINDOWS\Resources\Themes\Best_Vista_Theme_for_XP\VIPv3 (icon pack).exe 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ================================================
    You are slow because you have Firefox dragging around 35 extentions! I will have to give you the prize for having the most extensions I've even seen! This doesn't count the plug-ins, home page and search pages.

    You are also slow because you have HP processes running that don't need to run. The Image Director should only load when you call it up to use.

    This is because you have the printer set to start on boot and a process it needs isn't running. The fix?? Take the printer and all the HP processes off of the Startup menu, including those for the HP Digital Imaging. The HP printer or all-in-one loads more processes than you can count and puts them all on the Startup Menu>>>>NONE<<<< need to be on Startup. When you want to print> Click on File> Priint. If the printer has been installed properly, it will start right up. I have the HP AIO. I have no HP processes loading on Boot, none on Strtup, no HP Service running.

    This is the HP file your printer is looking for:
    I note you had a lot of activity on 12/6 and have to wonder why. You were alredy having a problem with the system- why add more to it?
    ========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    File::
    d:\pcicon.sys
    c:\windows\TEMP\drv1.tmp
    c:\windows\sed.exe
    c:\windows\MBR.exe
    c:\windows\PEV.exe
    c:\windows\SWREG.exe
    
    DDS::
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe gamma.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Folder::
    c:\windows\system32\winrm
    
    Registry::
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
    "ImagePath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "IS360service"=-
    HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    [HKEY_USERS\S-1-5-21-1757981266-1364589140-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    Driver::
    PciCon
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Folloiw with Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
  6. mmeck

    mmeck Newcomer, in training Topic Starter

    here r the logs you requested.

    note: when i ran the script in combofix it starts it is still saying it detects a rootkit TDL3 it does a system reboot then restarts and begins the run combofix scan i then get an error message saying that 4 of the items are part of combofix and that the script will not be processed, it continues on with the the scan and generates a report.

    All processes killed
    ========== PROCESSES ==========
    ========== FILES ==========
    File/Folder C:\Documents and Settings\Owner\My Documents\Wondershare Video Converter Platinum v4.4.2\wondershare.video.converter.platinum.v4.4.2-patch.exe not found.
    File/Folder C:\WINDOWS\Resources\Themes\Best_Vista_Theme_for_XP\VIPv3 (icon pack).exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.MARKSOPT-PRAJGD
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Owner
    ->Temp folder emptied: 1806 bytes
    ->Temporary Internet Files folder emptied: 98438 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 56540188 bytes
    ->Flash cache emptied: 1661 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 71698 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 54.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 12092010_190309

    Files moved on Reboot...
    File C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

    Registry entries deleted on Reboot...


    ComboFix 10-12-08.04 - Owner 12/09/2010 19:53:06.7.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1539 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
    .

    2010-12-10 00:03 . 2010-12-10 00:03 -------- d-----w- C:\_OTM
    2010-12-07 17:30 . 2010-12-07 17:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
    2010-12-06 15:51 . 2010-12-06 15:51 -------- d-----w- c:\program files\Common Files\Java
    2010-12-06 15:51 . 2010-12-06 15:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-12-06 15:51 . 2010-12-06 15:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-06 15:51 . 2010-12-06 15:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-06 15:50 . 2010-12-06 15:50 -------- d-----w- c:\program files\Java
    2010-12-06 15:45 . 2010-12-06 15:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
    2010-12-06 15:38 . 2010-12-06 15:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-12-06 15:37 . 2010-12-06 15:37 -------- d-----w- c:\windows\system32\winrm
    2010-12-06 15:37 . 2010-12-06 15:37 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2010-12-06 15:36 . 2010-12-06 15:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
    2010-12-06 15:36 . 2010-12-07 04:58 -------- d-----w- c:\program files\Windows Desktop Search
    2010-12-06 15:36 . 2010-12-06 15:36 -------- d-----w- c:\windows\system32\GroupPolicy
    2010-12-06 15:35 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2010-12-06 15:35 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2010-12-06 15:35 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2010-12-06 14:53 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 14:52 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-06 14:19 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-06 14:19 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-12-06 14:19 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-12-06 14:19 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-12-06 14:19 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-12-06 14:19 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-12-06 14:19 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-12-06 14:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-06 14:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-06 14:18 . 2010-12-06 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-12-06 11:44 . 2010-12-06 11:44 -------- d-----w- c:\program files\windows media components
    2010-12-06 01:59 . 2010-12-06 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
    2010-12-06 01:58 . 2010-12-06 01:58 -------- d-----w- c:\program files\Common Files\HP
    2010-12-06 01:58 . 2010-12-06 01:58 -------- d-----w- c:\program files\Hewlett-Packard
    2010-12-06 01:57 . 2007-10-31 00:22 729088 ----a-w- c:\windows\system32\hpowiax8.dll
    2010-12-06 01:57 . 2007-10-31 00:22 303104 ----a-w- c:\windows\system32\hpovst14.dll
    2010-12-06 01:57 . 2007-10-31 00:22 970752 ----a-w- c:\windows\system32\hpotiop6.dll
    2010-12-04 05:29 . 2010-12-04 05:29 -------- d-----w- c:\documents and settings\Owner\Application Data\NeroDigital(TM)
    2010-12-04 04:52 . 2010-12-04 07:59 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nero
    2010-12-02 17:24 . 2010-12-02 17:24 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2010-12-02 17:24 . 2003-02-27 21:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2010-12-02 17:24 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2010-12-02 17:24 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2010-12-02 17:24 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2010-12-02 17:24 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2010-12-02 17:24 . 2010-12-02 17:27 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2010-12-02 13:36 . 2010-12-02 13:36 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2010-12-02 13:36 . 2010-12-02 13:36 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2010-12-02 13:36 . 2004-10-22 07:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2010-12-02 13:36 . 2004-10-22 07:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2010-12-02 13:36 . 2004-10-22 07:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2010-12-02 13:36 . 2004-10-22 07:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2010-12-02 13:36 . 2004-10-22 07:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
    2010-12-02 12:54 . 2004-08-17 01:40 16384 ----a-w- c:\windows\system32\FileOps.exe
    2010-12-02 12:35 . 2010-12-02 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
    2010-12-02 12:33 . 2010-12-02 12:33 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
    2010-12-01 06:09 . 2010-12-06 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-21 11:10 . 2010-11-21 11:11 -------- d-----w- c:\program files\Essentials Codec Pack
    2010-11-21 10:45 . 2010-11-21 10:47 -------- d-----w- c:\program files\NeroAACCodec-1.5.1
    2010-11-11 06:45 . 2010-11-11 06:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Western_Digital
    2010-11-11 06:44 . 2010-11-11 06:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Western Digital
    2010-11-11 06:44 . 2010-11-11 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
    2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
    2010-09-24 20:25 . 2010-09-24 20:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
    2010-09-24 20:19 . 2010-09-24 20:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 20:19 . 2010-09-24 20:19 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
    2010-09-24 19:14 . 2010-09-24 19:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
    2010-09-24 19:11 . 2010-09-24 19:11 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
    2010-09-24 19:11 . 2010-09-24 19:11 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
    2010-09-24 19:11 . 2010-09-24 19:11 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
    2010-09-24 19:11 . 2010-09-24 19:11 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
    2010-09-24 19:11 . 2010-09-24 19:11 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
    2010-09-24 19:11 . 2010-09-24 19:11 796672 ----a-w- c:\windows\system32\drivers\UMDF\ZuneDriver.dll
    2010-09-24 19:11 . 2010-09-24 19:11 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
    2010-09-24 19:11 . 2010-09-24 19:11 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
    2010-09-24 19:11 . 2010-09-24 19:11 111104 ----a-w- c:\windows\system32\ZuneIPTransport.dll
    2010-09-24 19:06 . 2010-09-24 19:06 41472 ----a-w- c:\windows\system32\drivers\zumbus.sys
    2010-09-24 18:31 . 2009-08-17 20:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-09-18 19:23 . 2002-09-03 16:41 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2002-09-03 16:41 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2002-09-03 16:41 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2002-09-03 16:41 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 19:10 . 2010-03-01 09:11 24576 ----a-w- c:\windows\system32\msxml3a.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-12-10_00.40.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-10 00:50 . 2010-12-10 00:50 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-02 98304]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-12-2 25214]
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
    WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
    2006-04-03 04:07 389120 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-09-24 20:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "IS360service"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1035:TCP"= 1035:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/6/2010 9:19 AM 165584]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 4:30 PM 79168]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/6/2010 9:19 AM 17744]
    R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/7/2008 11:58 AM 102400]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/17/2009 12:22 PM 10384]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 5:31 PM 98304]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 12:58 PM 20480]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/29/2010 4:22 AM 101904]
    R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 3:16 PM 130384]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [3/10/2010 3:23 AM 16512]
    S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 6:06 PM 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/3/2002 12:05 PM 14336]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 3:19 PM 268528]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 3:16 PM 753504]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2/5/2010 7:34 PM 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2/5/2010 7:34 PM 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2/5/2010 7:34 PM 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2/5/2010 7:34 PM 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2/5/2010 7:35 PM 25704]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; [x]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{9390C314-8374-4CD6-AF61-569D83F00604}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

    2010-12-10 c:\windows\Tasks\Windows Codec Update Service.job
    - c:\program files\Essentials Codec Pack\WECPUpdate.exe [2010-09-27 08:30]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    DPF: DirectAnimation Java Classes
    DPF: Microsoft XML Parser for Java
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\anttoolbar@ant.com
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Extension: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
    FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Extension: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    FF - Extension: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    FF - Extension: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
    FF - Extension: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
    FF - Extension: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    FF - Extension: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
    FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\extension@virtusdesigns.com
    FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    FF - Extension: Nuri: {beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5}
    FF - Extension: XboxFox: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
    FF - Extension: Stratini Padded: {8479ade0-2eec-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
    FF - Extension: Virtus Ask Search Plugin: opensearch@ask.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\opensearch@ask.com
    FF - Extension: Firefox Zune: {e06bacc0-d6f8-11de-8a39-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{e06bacc0-d6f8-11de-8a39-0800200c9a66}
    FF - Extension: Revelation: {586bd060-22d6-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
    FF - Extension: Vista Red: {d4385b60-11f0-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{d4385b60-11f0-11de-8c30-0800200c9a66}
    FF - Extension: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
    FF - Extension: Office Black: Office2007Black@JBBS - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\Office2007Black@JBBS
    FF - Extension: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
    FF - Extension: Alienware Invader v1.2: {5476e6b0-3de0-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
    FF - Extension: StrataStripe: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
    FF - Extension: XP on Vista: {07b2a769-ed19-4483-87ce-c643914caed1} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914caed1}
    FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\foxdie_ext_ocelot@foxdie.us
    FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\Foxdie@tanjihay.com
    FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
    FF - Extension: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
    FF - Extension: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .

    **************************************************************************

    disk not found C:\

    please note that you need administrator rights to perform deep scan
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
    "ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,51,66,48,d2,f5,2f,4e,a2,aa,ae,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,51,66,48,d2,f5,2f,4e,a2,aa,ae,\

    [HKEY_USERS\S-1-5-21-1757981266-1364589140-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1372)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-12-09 19:59:58
    ComboFix-quarantined-files.txt 2010-12-10 00:59

    Pre-Run: 120,570,195,968 bytes free
    Post-Run: 120,554,233,856 bytes free

    - - End Of File - - 1E545A483E34266BB421B967F40DDEDD


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:01:20 PM, on 12/9/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

    --
    End of file - 8483 bytes
  7. mmeck

    mmeck Newcomer, in training Topic Starter

    Bump no reply in 3 days
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Sorry, I was out of town.
    Please print this list. You will need to refer to it.

    Please reopen HijackThis to ;'do system scan only.' Check each of the following, if present: Note: None of these are malware. But they do not need to be running unless you're actively using the program. None of them need to start on boot and none of the Services need to be set to Automatic

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


    Close all open Windows except HijackThis and click on "Fix Checked."

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    Click on Start> Run> type in services.msc> double click on the Services shows in each 023 entry and set thee Startup Type to Manual

    Use the msconfig utility to uncheck the corresponding processes on the Startup Menu:
    Uncheck all processes related to entries in the HJT log that you check to remove or stop,
    To remove entries from Startup using the msconfig utility:
    • Click on Start> Run> type in msconfig> enter>
    • Click on Selective Startup
    • Choose the Startup tab:
      This is where you UNCHECK the Startup items. This does not remove the item or uninstall anything> it just stops it from starting on boot. It can be rechecked at any time if wanted.
    • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
    • Click on Apply> OK when finished.

    When finished, boot into Normal Mode.

    NOTE:
    When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.'
    Once you make changes to the Startup menu, you must remain in Selective Startup to retain those changed. If you go back to Normal Startup, everything you unchecked will be checked again and start on boot.

    Review the extensions you have on Firefox. Remove some for added speed.
    Update the Adobe Reader to v9.xx> Visit this Adobe Reader site Uninstall v7 as it is a vulnerabilities.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.