Inactive Possible virus is causing slow internet speed and download speed

mmeck · Dec 6, 2010

A few weeks ago i came home and attempted to access the internet via firefox, received a message that my proxy settings may have been changed, tired to adjust but to no avail. I then tried internet explorer and found the some problem. reset connections, rebooted, tried safe mode. nothing worked. I ran a MBAM scan and found several trojans, I removed them ,tried to reconnect and still nothing. Ran a full Scan with MBAM, and found a couple of more nasty critters. removed them and still no internet connection. I then attempted a system restore, restored to point of a week prior. This seemed to fix the issue of connecting to internet, but ever since the access speed has been slow, taking up to a minute or so to load a web page EX: My email zoominternet, very slow. I also noticed that my download speed was decreased from 1.2 mbit per second to at most 200 kbits per second.

Early this morning, i can across the program combo fix, I ran a scan and it detected a root kit it then rebooted my system and then proceeded to do a full scan, it found several files and deleted them. Here is the name of the root kit and the files deleted by ComboFix.

(Let me know if you want a copy of that combofix log) Please note i ran the combofix scan before coming to this forum.)

Root Kit Name: TDL3

Files that Combo Fix Deleted:

C:\desktop.ini
c:\documents and settings\Owner\Application Data\inst.exe
c:\program files\Antbar\Ant.com Toolbar\tbHElper.dll
C:\test.txt
c:\windows\jestertb.dll
c:\windows\system32\Thumbs.db
E:\autorun.inf

Here are the scans that you requested

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5256

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/6/2010 10:01:32 AM
mbam-log-2010-12-06 (10-01-32).txt

Scan type: Quick scan
Objects scanned: 164328
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-06 10:08:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JD-75HBB0 rev.08.02D08
Running: random named file.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgxoqkob.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAC7FEBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAC7FE9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAC7FEB0C]
Code 826E7A7F IoReportHalResourceUsage
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\IpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\TcpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\UdpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-12-05.01) - NTFSx86
Run by Owner at 10:11:07.53 on Mon 12/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1341 [GMT -5:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe acrobat speed launcher.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe gamma.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmstatus.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmartware.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\anttoolbar@ant.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Extension: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - Extension: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Extension: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Extension: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\extension@virtusdesigns.com
FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Extension: Nuri: {beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5}
FF - Extension: XboxFox: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
FF - Extension: Stratini Padded: {8479ade0-2eec-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
FF - Extension: Virtus Ask Search Plugin: opensearch@ask.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\opensearch@ask.com
FF - Extension: Firefox Zune: {e06bacc0-d6f8-11de-8a39-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{e06bacc0-d6f8-11de-8a39-0800200c9a66}
FF - Extension: Revelation: {586bd060-22d6-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
FF - Extension: Vista Red: {d4385b60-11f0-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{d4385b60-11f0-11de-8c30-0800200c9a66}
FF - Extension: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
FF - Extension: Office Black: Office2007Black@JBBS - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Office2007Black@JBBS
FF - Extension: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
FF - Extension: Alienware Invader v1.2: {5476e6b0-3de0-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
FF - Extension: StrataStripe: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
FF - Extension: XP on Vista: {07b2a769-ed19-4483-87ce-c643914caed1} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914caed1}
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Foxdie@tanjihay.com
FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Extension: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
FF - Extension: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HdThemeEnabler.exe [2008-7-7 102400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-9-17 10384]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-9-29 101904]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [2010-12-6 3584]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-3-10 16512]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-2-5 25704]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; [x]

=============== Created Last 30 ================

2010-12-06 14:53:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 14:52:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 14:18:49 38848 ----a-w- c:\windows\avastSS.scr
2010-12-06 14:18:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-06 11:44:47 -------- d-----w- c:\program files\windows media components
2010-12-06 10:35:10 -------- d-sha-r- C:\cmdcons
2010-12-06 10:31:52 98816 ----a-w- c:\windows\sed.exe
2010-12-06 10:31:52 89088 ----a-w- c:\windows\MBR.exe
2010-12-06 10:31:52 256512 ----a-w- c:\windows\PEV.exe
2010-12-06 10:31:52 161792 ----a-w- c:\windows\SWREG.exe
2010-12-06 01:58:20 -------- d-----w- c:\program files\common files\HP
2010-12-06 01:57:52 970752 ----a-w- c:\windows\system32\hpotiop6.dll
2010-12-06 01:57:52 729088 ----a-w- c:\windows\system32\hpowiax8.dll
2010-12-06 01:57:52 303104 ----a-w- c:\windows\system32\hpovst14.dll
2010-12-04 05:29:10 -------- d-----w- c:\docume~1\owner\applic~1\NeroDigital(TM)
2010-12-04 04:55:36 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero_AG
2010-12-04 04:52:09 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero
2010-12-02 17:24:59 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-12-02 17:24:59 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2010-12-02 17:24:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-12-02 17:24:59 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2010-12-02 17:24:59 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-12-02 17:24:59 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2010-12-02 17:24:58 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2010-12-02 13:36:47 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2010-12-02 13:36:47 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2010-12-02 13:36:47 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2010-12-02 13:36:47 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2010-12-02 13:36:47 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2010-12-02 13:36:47 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2010-12-02 13:36:47 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2010-12-02 12:54:49 16384 ----a-w- c:\windows\system32\FileOps.exe
2010-12-02 12:33:50 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2010-12-01 06:09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-21 11:10:33 -------- d-----w- c:\program files\Essentials Codec Pack
2010-11-21 10:45:25 -------- d-----w- c:\program files\NeroAACCodec-1.5.1
2010-11-11 06:45:40 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Western_Digital
2010-11-11 06:44:34 -------- d-----w- c:\docume~1\owner\applic~1\Western Digital
2010-11-11 06:44:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
2010-11-07 07:30:52 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Unity
2010-11-06 19:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 19:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-24 20:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 20:19:08 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-09-24 19:11:44 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-09-24 19:11:44 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-09-24 19:11:44 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-09-24 19:11:44 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-09-24 19:11:44 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-09-24 19:11:42 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
2010-09-24 19:11:42 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-09-24 19:11:42 111104 ----a-w- c:\windows\system32\ZuneIPTransport.dll
2010-09-24 18:31:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 19:10:18 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-15 04:35:31 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

============= FINISH: 10:11:57.59 ==============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x254023f800+1
Install Date: 9/1/2009 5:37:48 PM
System Uptime: 12/6/2010 9:46:43 AM (1 hours ago)

Motherboard: Dell Inc. | | 0KP561
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU | 1994/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 116.204 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 931 GiB total, 22.09 GiB free.
F: is CDROM (UDF)
G: is FIXED (NTFS) - 297 GiB total, 170.238 GiB free.
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-N USB Network Adapter
Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
Manufacturer: Marvell
Name: Wireless-N USB Network Adapter #7
PNP Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
Service: MRVW245

==== System Restore Points ===================

RP1: 12/6/2010 6:16:25 AM - System Checkpoint
RP2: 12/6/2010 6:16:55 AM - Revo Uninstaller's restore point - Akamai NetSession Interface
RP3: 12/6/2010 6:17:55 AM - Revo Uninstaller's restore point - Any Video Converter Professional 2.7.9
RP4: 12/6/2010 6:18:47 AM - Revo Uninstaller's restore point - DVDx 2
RP5: 12/6/2010 6:19:23 AM - Revo Uninstaller's restore point - GOM Encoder
RP6: 12/6/2010 6:19:32 AM - GOM Encoder Kaldirildi
RP7: 12/6/2010 6:19:59 AM - Revo Uninstaller's restore point - Dziobas Rar Player 0.009.39
RP8: 12/6/2010 6:20:53 AM - Revo Uninstaller's restore point - Microsoft Expression Studio 4
RP9: 12/6/2010 6:32:52 AM - Revo Uninstaller's restore point - Microsoft Expression Encoder 4 Screen Capture Codec
RP10: 12/6/2010 6:32:58 AM - Removed Microsoft Expression Encoder 4 Screen Capture Codec
RP11: 12/6/2010 6:33:25 AM - Revo Uninstaller's restore point - Microsoft Expression Blend 3 SDK
RP12: 12/6/2010 6:33:33 AM - Removed Microsoft Expression Blend 3 SDK
RP13: 12/6/2010 6:34:22 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for .NET 4
RP14: 12/6/2010 6:34:32 AM - Removed Microsoft Expression Blend SDK for .NET 4
RP15: 12/6/2010 6:35:31 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for Silverlight 4
RP16: 12/6/2010 6:35:38 AM - Removed Microsoft Expression Blend SDK for Silverlight 4
RP17: 12/6/2010 6:36:49 AM - Revo Uninstaller's restore point - Remote Control USB Driver
RP18: 12/6/2010 6:37:04 AM - Removed Remote Control USB Driver
RP19: 12/6/2010 6:38:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
RP20: 12/6/2010 6:39:16 AM - Revo Uninstaller's restore point - Windows Media Encoder 9 Series
RP21: 12/6/2010 6:44:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
RP22: 12/6/2010 6:46:04 AM - Revo Uninstaller's restore point - Ultra Video Joiner 5.1.1127
RP23: 12/6/2010 6:47:10 AM - Revo Uninstaller's restore point - Unity Web Player
RP24: 12/6/2010 6:47:44 AM - Revo Uninstaller's restore point - WPF Toolkit February 2010 (Version 3.5.50211.1)
RP25: 12/6/2010 6:47:53 AM - Removed WPF Toolkit February 2010 (Version 3.5.50211.1)
RP26: 12/6/2010 6:48:20 AM - Revo Uninstaller's restore point - XviD4PSP 5.0
RP27: 12/6/2010 6:49:36 AM - Revo Uninstaller's restore point - TitanTV Client components for ATI
RP28: 12/6/2010 6:49:55 AM - Removed TitanTV Client components for ATI
RP29: 12/6/2010 8:19:50 AM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware
RP30: 12/6/2010 9:18:44 AM - avast! Free Antivirus Setup

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7-Zip 4.65
Adobe Acrobat 5.0
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 9.4.1
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Problem Report Wizard
avast! Free Antivirus
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Copy
CustomerResearchQFolder
DAO
Data Lifeguard Diagnostic for Windows
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
erLT
eSupportQFolder
GOM Player
GPBaseService
Haemo
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB2158563)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Hyperdesk - Crysis Warhead
Hyperdesk - DarkMatter Gamma Ray
Hyperdesk - DarkMatter Solar Flare
Hyperdesk - DarkMatter Subspace
Hyperdesk - Sony Ericsson Onyx Series
Intel(R) Graphics Media Accelerator Driver
KhalInstallWrapper
LightScribe 1.4.31.1
Logitech Harmony Remote Software
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Microsoft XNA Game Studio 3.1 (ARP entry)
Microsoft XNA Game Studio 3.1 (Platformer)
Microsoft XNA Game Studio 3.1 (Redists)
Microsoft XNA Game Studio 3.1 (Shared Components)
Microsoft XNA Game Studio 3.1 (VCSExpress)
Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
Microsoft XNA Game Studio 3.1 Documentation
Mozilla Firefox (3.5.3)
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
neroxml
OCR Software by I.R.I.S. 10.0
PanoStandAlone
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
Revo Uninstaller 1.90
Royale Remixed Theme
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skins
SmartWebPrinting
SmnoduloTwe
SolutionCenter
SoundMAX
Sql Server Customer Experience Improvement Program
Status
Suite Specific
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
VCRedistSetup
VideoToolkit01
WD SmartWare
WebFldrs XP
WebReg
Windows Essentials Media Codec Pack 3.2
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
WinRAR archiver
Zune
Zune Desktop Theme
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)

==== Event Viewer Messages From Past Week ========

12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acledit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acctres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaaamon.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\a3d.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 4.12.1.2009.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\6to4svc.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5935.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520850.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520437.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
12/3/2010 2:34:35 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2435682).
12/3/2010 2:25:31 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/3/2010 11:32:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
12/3/2010 11:32:15 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/2/2010 12:57:14 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/2/2010 10:57:30 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 11:41:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:45:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:37:37 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:35:46 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 1:16:27 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(1)0x7e00-0x254023f800+1'. It has stopped monitoring the volume.
11/30/2010 11:13:40 PM, error: Service Control Manager [7034] - The Hyperdesk Theme Enabler service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

mmeck · Dec 6, 2010

Here Are The DDS Logs

DDS (Ver_10-12-05.01) - NTFSx86
Run by Owner at 10:11:07.53 on Mon 12/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1341 [GMT -5:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe acrobat speed launcher.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe gamma.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmstatus.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmartware.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\anttoolbar@ant.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Extension: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - Extension: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Extension: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Extension: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\extension@virtusdesigns.com
FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Extension: Nuri: {beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5}
FF - Extension: XboxFox: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
FF - Extension: Stratini Padded: {8479ade0-2eec-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
FF - Extension: Virtus Ask Search Plugin: opensearch@ask.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\opensearch@ask.com
FF - Extension: Firefox Zune: {e06bacc0-d6f8-11de-8a39-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{e06bacc0-d6f8-11de-8a39-0800200c9a66}
FF - Extension: Revelation: {586bd060-22d6-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
FF - Extension: Vista Red: {d4385b60-11f0-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{d4385b60-11f0-11de-8c30-0800200c9a66}
FF - Extension: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
FF - Extension: Office Black: Office2007Black@JBBS - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Office2007Black@JBBS
FF - Extension: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
FF - Extension: Alienware Invader v1.2: {5476e6b0-3de0-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
FF - Extension: StrataStripe: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
FF - Extension: XP on Vista: {07b2a769-ed19-4483-87ce-c643914caed1} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914caed1}
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Foxdie@tanjihay.com
FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Extension: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
FF - Extension: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HdThemeEnabler.exe [2008-7-7 102400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-9-17 10384]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-9-29 101904]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [2010-12-6 3584]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-3-10 16512]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-2-5 25704]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; [x]

=============== Created Last 30 ================

2010-12-06 14:53:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 14:52:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 14:18:49 38848 ----a-w- c:\windows\avastSS.scr
2010-12-06 14:18:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-06 11:44:47 -------- d-----w- c:\program files\windows media components
2010-12-06 10:35:10 -------- d-sha-r- C:\cmdcons
2010-12-06 10:31:52 98816 ----a-w- c:\windows\sed.exe
2010-12-06 10:31:52 89088 ----a-w- c:\windows\MBR.exe
2010-12-06 10:31:52 256512 ----a-w- c:\windows\PEV.exe
2010-12-06 10:31:52 161792 ----a-w- c:\windows\SWREG.exe
2010-12-06 01:58:20 -------- d-----w- c:\program files\common files\HP
2010-12-06 01:57:52 970752 ----a-w- c:\windows\system32\hpotiop6.dll
2010-12-06 01:57:52 729088 ----a-w- c:\windows\system32\hpowiax8.dll
2010-12-06 01:57:52 303104 ----a-w- c:\windows\system32\hpovst14.dll
2010-12-04 05:29:10 -------- d-----w- c:\docume~1\owner\applic~1\NeroDigital(TM)
2010-12-04 04:55:36 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero_AG
2010-12-04 04:52:09 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero
2010-12-02 17:24:59 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-12-02 17:24:59 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2010-12-02 17:24:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-12-02 17:24:59 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2010-12-02 17:24:59 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-12-02 17:24:59 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2010-12-02 17:24:58 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2010-12-02 13:36:47 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2010-12-02 13:36:47 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2010-12-02 13:36:47 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2010-12-02 13:36:47 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2010-12-02 13:36:47 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2010-12-02 13:36:47 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2010-12-02 13:36:47 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2010-12-02 12:54:49 16384 ----a-w- c:\windows\system32\FileOps.exe
2010-12-02 12:33:50 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2010-12-01 06:09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-21 11:10:33 -------- d-----w- c:\program files\Essentials Codec Pack
2010-11-21 10:45:25 -------- d-----w- c:\program files\NeroAACCodec-1.5.1
2010-11-11 06:45:40 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Western_Digital
2010-11-11 06:44:34 -------- d-----w- c:\docume~1\owner\applic~1\Western Digital
2010-11-11 06:44:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
2010-11-07 07:30:52 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Unity
2010-11-06 19:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 19:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-24 20:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 20:19:08 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-09-24 19:11:44 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-09-24 19:11:44 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-09-24 19:11:44 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-09-24 19:11:44 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-09-24 19:11:44 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-09-24 19:11:42 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
2010-09-24 19:11:42 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-09-24 19:11:42 111104 ----a-w- c:\windows\system32\ZuneIPTransport.dll
2010-09-24 18:31:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 19:10:18 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-15 04:35:31 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

============= FINISH: 10:11:57.59 ===============

The Attach File

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x254023f800+1
Install Date: 9/1/2009 5:37:48 PM
System Uptime: 12/6/2010 9:46:43 AM (1 hours ago)

Motherboard: Dell Inc. | | 0KP561
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU | 1994/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 116.204 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 931 GiB total, 22.09 GiB free.
F: is CDROM (UDF)
G: is FIXED (NTFS) - 297 GiB total, 170.238 GiB free.
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-N USB Network Adapter
Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
Manufacturer: Marvell
Name: Wireless-N USB Network Adapter #7
PNP Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
Service: MRVW245

==== System Restore Points ===================

RP1: 12/6/2010 6:16:25 AM - System Checkpoint
RP2: 12/6/2010 6:16:55 AM - Revo Uninstaller's restore point - Akamai NetSession Interface
RP3: 12/6/2010 6:17:55 AM - Revo Uninstaller's restore point - Any Video Converter Professional 2.7.9
RP4: 12/6/2010 6:18:47 AM - Revo Uninstaller's restore point - DVDx 2
RP5: 12/6/2010 6:19:23 AM - Revo Uninstaller's restore point - GOM Encoder
RP6: 12/6/2010 6:19:32 AM - GOM Encoder Kaldirildi
RP7: 12/6/2010 6:19:59 AM - Revo Uninstaller's restore point - Dziobas Rar Player 0.009.39
RP8: 12/6/2010 6:20:53 AM - Revo Uninstaller's restore point - Microsoft Expression Studio 4
RP9: 12/6/2010 6:32:52 AM - Revo Uninstaller's restore point - Microsoft Expression Encoder 4 Screen Capture Codec
RP10: 12/6/2010 6:32:58 AM - Removed Microsoft Expression Encoder 4 Screen Capture Codec
RP11: 12/6/2010 6:33:25 AM - Revo Uninstaller's restore point - Microsoft Expression Blend 3 SDK
RP12: 12/6/2010 6:33:33 AM - Removed Microsoft Expression Blend 3 SDK
RP13: 12/6/2010 6:34:22 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for .NET 4
RP14: 12/6/2010 6:34:32 AM - Removed Microsoft Expression Blend SDK for .NET 4
RP15: 12/6/2010 6:35:31 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for Silverlight 4
RP16: 12/6/2010 6:35:38 AM - Removed Microsoft Expression Blend SDK for Silverlight 4
RP17: 12/6/2010 6:36:49 AM - Revo Uninstaller's restore point - Remote Control USB Driver
RP18: 12/6/2010 6:37:04 AM - Removed Remote Control USB Driver
RP19: 12/6/2010 6:38:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
RP20: 12/6/2010 6:39:16 AM - Revo Uninstaller's restore point - Windows Media Encoder 9 Series
RP21: 12/6/2010 6:44:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
RP22: 12/6/2010 6:46:04 AM - Revo Uninstaller's restore point - Ultra Video Joiner 5.1.1127
RP23: 12/6/2010 6:47:10 AM - Revo Uninstaller's restore point - Unity Web Player
RP24: 12/6/2010 6:47:44 AM - Revo Uninstaller's restore point - WPF Toolkit February 2010 (Version 3.5.50211.1)
RP25: 12/6/2010 6:47:53 AM - Removed WPF Toolkit February 2010 (Version 3.5.50211.1)
RP26: 12/6/2010 6:48:20 AM - Revo Uninstaller's restore point - XviD4PSP 5.0
RP27: 12/6/2010 6:49:36 AM - Revo Uninstaller's restore point - TitanTV Client components for ATI
RP28: 12/6/2010 6:49:55 AM - Removed TitanTV Client components for ATI
RP29: 12/6/2010 8:19:50 AM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware
RP30: 12/6/2010 9:18:44 AM - avast! Free Antivirus Setup

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7-Zip 4.65
Adobe Acrobat 5.0
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 9.4.1
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Problem Report Wizard
avast! Free Antivirus
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Copy
CustomerResearchQFolder
DAO
Data Lifeguard Diagnostic for Windows
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
erLT
eSupportQFolder
GOM Player
GPBaseService
Haemo
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB2158563)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Hyperdesk - Crysis Warhead
Hyperdesk - DarkMatter Gamma Ray
Hyperdesk - DarkMatter Solar Flare
Hyperdesk - DarkMatter Subspace
Hyperdesk - Sony Ericsson Onyx Series
Intel(R) Graphics Media Accelerator Driver
KhalInstallWrapper
LightScribe 1.4.31.1
Logitech Harmony Remote Software
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Microsoft XNA Game Studio 3.1 (ARP entry)
Microsoft XNA Game Studio 3.1 (Platformer)
Microsoft XNA Game Studio 3.1 (Redists)
Microsoft XNA Game Studio 3.1 (Shared Components)
Microsoft XNA Game Studio 3.1 (VCSExpress)
Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
Microsoft XNA Game Studio 3.1 Documentation
Mozilla Firefox (3.5.3)
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
neroxml
OCR Software by I.R.I.S. 10.0
PanoStandAlone
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
Revo Uninstaller 1.90
Royale Remixed Theme
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skins
SmartWebPrinting
SmnoduloTwe
SolutionCenter
SoundMAX
Sql Server Customer Experience Improvement Program
Status
Suite Specific
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
VCRedistSetup
VideoToolkit01
WD SmartWare
WebFldrs XP
WebReg
Windows Essentials Media Codec Pack 3.2
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
WinRAR archiver
Zune
Zune Desktop Theme
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)

==== Event Viewer Messages From Past Week ========

12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acledit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acctres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaaamon.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\a3d.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 4.12.1.2009.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\6to4svc.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5935.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520850.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520437.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
12/3/2010 2:34:35 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2435682).
12/3/2010 2:25:31 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/3/2010 11:32:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
12/3/2010 11:32:15 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/2/2010 12:57:14 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/2/2010 10:57:30 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 11:41:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:45:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:37:37 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:35:46 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 1:16:27 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(1)0x7e00-0x254023f800+1'. It has stopped monitoring the volume.
11/30/2010 11:13:40 PM, error: Service Control Manager [7034] - The Hyperdesk Theme Enabler service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Bobbye · Dec 6, 2010

Welcome to TechSpot. I'll try to help determine the cause of the problem. I have some questions and comments:

1. There is extreme activity in the Restore Points on 12/6/2010> excess installing, followed by excess uninstalling. What is it you were trying to accomplish on that date?

2. Regarding you subject: "slow internet speed and download speed". Normally a malware infection isn't going to be the culprit for this-unless the system is heavily infested, which I do not see at this point. Have you contacted your ISP about this. because that should be where you start

3. The Combofix quarantine- which you already know your shouldn't have run the program-has one deletion that is usually from an infected flash drive. So if you are using one, stop. If will have to be disinfected.

4. Please don't use the Revo uninstaller or any other similar program while I am helping you.
While I review these logs, please run this scan:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the Active X control to install
Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
Click Scan
Wait for the scan to finish
Re-enable your Antivirus software.
A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

=======================================
Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

======================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2

Double click combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Query- Recovery Console image

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Click to expand...
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes it will open a text window. Please paste that log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

mmeck · Dec 6, 2010

I was removing old progams and ones i that i no longer us or like. When i use revo uninstaller it creates arestore point for every program that is removed. Also I recently had an issue with the passcore,mui driver, i installed a product from nero and it caused damage to one of the driver files for my HP printer, i had to unintsall the nero then uninstall the HP software and drivers then reinstall the HP stuff. I did not have the oringinal install disc so i had to download the set up exe from HP. i also had a ton of programs starting up during system start up.

I have not contacted my ISP There are 3 other PC's in the house that are doing just fine. What happened was that approx 2 - 3 weeks ago i left my PC on for about 24 hrs with having any use, i came home from work ans attempted to get on internet (Via Firefox, it could not load any pages and stated that the proxy settings had been changed or at least they may have been changed, Checked everything out and it seemed fine, checked IE and had the same issue no access., I i tried a system restore took it back a week or so an the issue seemed to be resolved i had access, but from that point on page loading has slowed emensly or sometimes the pages time out and i have to reload the tab, or they just sit continue trying to finish loading but all the info is on the page, The last issue that my download speed has dropped from 1.1, 1.2 mbits to max 250 - 300 kbits. After i did the system restore point i decided to run malware bytes, it picked up several trojans and infected files and deleted them, but everything stayed the same.no improvement, this moring when i found your site, i had already downloaded combo fix and ran it that's when the issue with the TDL3 rootkit came to light and combofix deleted several files., THe instructions in 8 step guide said to make sure my antivirus was up to date, so i attempted to updat AVIRA and all hell broke loose when i ried t install the update, it it wouldnt work, so i uninstalled it and decided to install AVAST, once i was done i ran a scan as directed and it deleted 2 trojans, if you wnat the scan i will be happy to post it.

Sorry about that combofix issue, wish i had found your site 1st., i will also be sure not to use revo nor any other tools unless you ask me to.

I was not able to run the eset scan through the browser, it told me to try IE i did it would not start kept getting timed out. downloaded it with firefox had to install and run it.

Here is the eset scan log:

C:\Documents and Settings\Owner\My Documents\Wondershare Video Converter Platinum v4.4.2\wondershare.video.converter.platinum.v4.4.2-patch.exe Win32/HackTool.Patcher.A application
C:\System Volume Information\_restore{C1046940-8BDF-4CCC-A657-F765E7554FF3}\RP30\A0004365.dll Win32/BHO.NWT trojan
C:\WINDOWS\Resources\Themes\Best_Vista_Theme_for_XP\VIPv3 (icon pack).exe Win32/PrcView application
E:\System Volume Information\_restore{C1046940-8BDF-4CCC-A657-F765E7554FF3}\RP30\A0004722.exe a variant of Win32/Injector.ASA trojan
E:\System Volume Information\_restore{C1046940-8BDF-4CCC-A657-F765E7554FF3}\RP30\A0004725.exe Win32/PrcView application

i just wanted to let you know that when i started combofix it sits idle for about 5 mins or so creates a new restore point the it states a root kit is detected it will not take long, it then says that combofix must reboot the machine, it does comes back on and then scans.

The name of the rootkit is :TDL3,

IT IS NOT MENTIONED ON THE COMBOFIX LOG FOR SOME REASON

Here is the combo Fix Log:

ComboFix 10-12-06.01 - Owner 12/06/2010 22:18:56.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1527 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
.

2010-12-06 15:51 . 2010-12-06 15:51 -------- d-----w- c:\program files\Common Files\Java
2010-12-06 15:51 . 2010-12-06 15:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-06 15:51 . 2010-12-06 15:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-06 15:51 . 2010-12-06 15:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-06 15:50 . 2010-12-06 15:50 -------- d-----w- c:\program files\Java
2010-12-06 15:45 . 2010-12-06 15:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2010-12-06 15:38 . 2010-12-06 15:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-12-06 15:37 . 2010-12-06 15:37 -------- d-----w- c:\windows\system32\winrm
2010-12-06 15:37 . 2010-12-06 15:37 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-12-06 15:36 . 2010-12-06 15:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2010-12-06 15:36 . 2010-12-06 15:36 -------- d-----w- c:\program files\Windows Desktop Search
2010-12-06 15:36 . 2010-12-06 15:36 -------- d-----w- c:\windows\system32\GroupPolicy
2010-12-06 15:35 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-12-06 15:35 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-12-06 15:35 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-12-06 14:53 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 14:52 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 14:19 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-06 14:19 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-06 14:19 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-06 14:19 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-06 14:19 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-06 14:19 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-06 14:19 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-06 14:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-06 14:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-06 14:18 . 2010-12-06 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-12-06 11:44 . 2010-12-06 11:44 -------- d-----w- c:\program files\windows media components
2010-12-06 01:59 . 2010-12-06 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-12-06 01:58 . 2010-12-06 01:58 -------- d-----w- c:\program files\Common Files\HP
2010-12-06 01:58 . 2010-12-06 01:58 -------- d-----w- c:\program files\Hewlett-Packard
2010-12-06 01:57 . 2007-10-31 00:22 729088 ----a-w- c:\windows\system32\hpowiax8.dll
2010-12-06 01:57 . 2007-10-31 00:22 303104 ----a-w- c:\windows\system32\hpovst14.dll
2010-12-06 01:57 . 2007-10-31 00:22 970752 ----a-w- c:\windows\system32\hpotiop6.dll
2010-12-04 05:29 . 2010-12-04 05:29 -------- d-----w- c:\documents and settings\Owner\Application Data\NeroDigital(TM)
2010-12-04 04:52 . 2010-12-04 07:59 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nero
2010-12-02 17:24 . 2010-12-02 17:24 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-12-02 17:24 . 2003-02-27 21:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-12-02 17:24 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-12-02 17:24 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-12-02 17:24 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-12-02 17:24 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-12-02 17:24 . 2010-12-02 17:27 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-12-02 13:36 . 2010-12-02 13:36 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-12-02 13:36 . 2010-12-02 13:36 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-12-02 13:36 . 2004-10-22 07:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-12-02 13:36 . 2004-10-22 07:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-12-02 13:36 . 2004-10-22 07:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-12-02 13:36 . 2004-10-22 07:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-12-02 13:36 . 2004-10-22 07:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-12-02 12:54 . 2004-08-17 01:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2010-12-02 12:35 . 2010-12-02 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-12-02 12:33 . 2010-12-02 12:33 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-12-01 06:09 . 2010-12-06 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-21 11:10 . 2010-11-21 11:11 -------- d-----w- c:\program files\Essentials Codec Pack
2010-11-21 10:45 . 2010-11-21 10:47 -------- d-----w- c:\program files\NeroAACCodec-1.5.1
2010-11-11 06:45 . 2010-11-11 06:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Western_Digital
2010-11-11 06:44 . 2010-11-11 06:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Western Digital
2010-11-11 06:44 . 2010-11-11 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2010-11-07 07:30 . 2010-12-06 11:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2010-09-24 20:25 . 2010-09-24 20:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2010-09-24 20:19 . 2010-09-24 20:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 20:19 . 2010-09-24 20:19 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-09-24 19:14 . 2010-09-24 19:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
2010-09-24 19:11 . 2010-09-24 19:11 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-09-24 19:11 . 2010-09-24 19:11 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-09-24 19:11 . 2010-09-24 19:11 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-09-24 19:11 . 2010-09-24 19:11 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-09-24 19:11 . 2010-09-24 19:11 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-09-24 19:11 . 2010-09-24 19:11 796672 ----a-w- c:\windows\system32\drivers\UMDF\ZuneDriver.dll
2010-09-24 19:11 . 2010-09-24 19:11 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
2010-09-24 19:11 . 2010-09-24 19:11 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-09-24 19:11 . 2010-09-24 19:11 111104 ----a-w- c:\windows\system32\ZuneIPTransport.dll
2010-09-24 19:06 . 2010-09-24 19:06 41472 ----a-w- c:\windows\system32\drivers\zumbus.sys
2010-09-24 18:31 . 2009-08-17 20:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-09-18 19:23 . 2002-09-03 16:41 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-03 16:41 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-03 16:41 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-03 16:41 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 19:10 . 2010-03-01 09:11 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-10 05:58 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-02 98304]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-12-2 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2006-04-03 04:07 389120 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 20:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IS360service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/6/2010 9:19 AM 165584]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 4:30 PM 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/6/2010 9:19 AM 17744]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/7/2008 11:58 AM 102400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/17/2009 12:22 PM 10384]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 5:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 12:58 PM 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/29/2010 4:22 AM 101904]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 3:16 PM 130384]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [3/10/2010 3:23 AM 16512]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 6:06 PM 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/3/2002 12:05 PM 14336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 3:19 PM 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 3:16 PM 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2/5/2010 7:34 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2/5/2010 7:34 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2/5/2010 7:34 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2/5/2010 7:34 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2/5/2010 7:35 PM 25704]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-12-06 c:\windows\Tasks\User_Feed_Synchronization-{9390C314-8374-4CD6-AF61-569D83F00604}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-12-07 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2010-09-27 08:30]
.
.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\anttoolbar@ant.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Extension: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - Extension: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Extension: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Extension: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\extension@virtusdesigns.com
FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Extension: Nuri: {beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5}
FF - Extension: XboxFox: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
FF - Extension: Stratini Padded: {8479ade0-2eec-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
FF - Extension: Virtus Ask Search Plugin: opensearch@ask.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\opensearch@ask.com
FF - Extension: Firefox Zune: {e06bacc0-d6f8-11de-8a39-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{e06bacc0-d6f8-11de-8a39-0800200c9a66}
FF - Extension: Revelation: {586bd060-22d6-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
FF - Extension: Vista Red: {d4385b60-11f0-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{d4385b60-11f0-11de-8c30-0800200c9a66}
FF - Extension: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
FF - Extension: Office Black: Office2007Black@JBBS - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\Office2007Black@JBBS
FF - Extension: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
FF - Extension: Alienware Invader v1.2: {5476e6b0-3de0-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
FF - Extension: StrataStripe: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
FF - Extension: XP on Vista: {07b2a769-ed19-4483-87ce-c643914caed1} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914caed1}
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\Foxdie@tanjihay.com
FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Extension: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
FF - Extension: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-hpqSRMon - (no file)

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,51,66,48,d2,f5,2f,4e,a2,aa,ae,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,51,66,48,d2,f5,2f,4e,a2,aa,ae,\

[HKEY_USERS\S-1-5-21-1757981266-1364589140-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-12-06 22:25:55
ComboFix-quarantined-files.txt 2010-12-07 03:25

Pre-Run: 125,850,677,248 bytes free
Post-Run: 125,843,144,704 bytes free

- - End Of File - - 50DEF7EAC1F5D60FC4E01013AAA03A63

Please note that my HP printer drivers are messing up again, it is saying that the needed file is not there and can not be found. this is the second time today, i have not even tried to print anything at all today

Bobbye · Dec 9, 2010

I'll go ahead and move these 2 files from the Eset scan, but when I ask for a log, I want a log- not entries from it. There is information available in log entries such as the date and time the scan was run. Sometimes, details such as that can make a difference in what I have you do.
There are only 2 active entries in Eset. System Volume is the restore point which I will have you remove at the end.

Please download OTMovit by Old Timer and save to your desktop.

Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:Processes	
:Files  
C:\Documents and Settings\Owner\My Documents\Wondershare Video Converter Platinum v4.4.2\wondershare.video.converter.platinum.v4.4.2-patch.exe 
C:\WINDOWS\Resources\Themes\Best_Vista_Theme_for_XP\VIPv3 (icon pack).exe 

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================================================
You are slow because you have Firefox dragging around 35 extentions! I will have to give you the prize for having the most extensions I've even seen! This doesn't count the plug-ins, home page and search pages.

You are also slow because you have HP processes running that don't need to run. The Image Director should only load when you call it up to use.

it is saying that the needed file is not there

This is because you have the printer set to start on boot and a process it needs isn't running. The fix?? Take the printer and all the HP processes off of the Startup menu, including those for the HP Digital Imaging. The HP printer or all-in-one loads more processes than you can count and puts them all on the Startup Menu>>>>NONE<<<< need to be on Startup. When you want to print> Click on File> Priint. If the printer has been installed properly, it will start right up. I have the HP AIO. I have no HP processes loading on Boot, none on Strtup, no HP Service running.

This is the HP file your printer is looking for:

hpqSRMon.exe Related to HP digital imaging Related to HP digital imaging products. This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources.

I note you had a lot of activity on 12/6 and have to wonder why. You were alredy having a problem with the system- why add more to it?
========================================
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.

Code:

File::
d:\pcicon.sys
c:\windows\TEMP\drv1.tmp
c:\windows\sed.exe
c:\windows\MBR.exe
c:\windows\PEV.exe
c:\windows\SWREG.exe

DDS::
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe gamma.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Folder::
c:\windows\system32\winrm

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IS360service"=-
HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-1757981266-1364589140-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
Driver::
PciCon

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Folloiw with Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

Extract it to a directory on your hard drive called c:\HijackThis.
Then navigate to that directory and double-click on the hijackthis.exe file.
When started click on the Scan button and then the Save Log button to create a log of your information.
The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

mmeck · Dec 9, 2010

here r the logs you requested.

note: when i ran the script in combofix it starts it is still saying it detects a rootkit TDL3 it does a system reboot then restarts and begins the run combofix scan i then get an error message saying that 4 of the items are part of combofix and that the script will not be processed, it continues on with the the scan and generates a report.

All processes killed
========== PROCESSES ==========
========== FILES ==========
File/Folder C:\Documents and Settings\Owner\My Documents\Wondershare Video Converter Platinum v4.4.2\wondershare.video.converter.platinum.v4.4.2-patch.exe not found.
File/Folder C:\WINDOWS\Resources\Themes\Best_Vista_Theme_for_XP\VIPv3 (icon pack).exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.MARKSOPT-PRAJGD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner
->Temp folder emptied: 1806 bytes
->Temporary Internet Files folder emptied: 98438 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56540188 bytes
->Flash cache emptied: 1661 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71698 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 12092010_190309

Files moved on Reboot...
File C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

ComboFix 10-12-08.04 - Owner 12/09/2010 19:53:06.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1539 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.

2010-12-10 00:03 . 2010-12-10 00:03 -------- d-----w- C:\_OTM
2010-12-07 17:30 . 2010-12-07 17:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2010-12-06 15:51 . 2010-12-06 15:51 -------- d-----w- c:\program files\Common Files\Java
2010-12-06 15:51 . 2010-12-06 15:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-06 15:51 . 2010-12-06 15:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-06 15:51 . 2010-12-06 15:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-06 15:50 . 2010-12-06 15:50 -------- d-----w- c:\program files\Java
2010-12-06 15:45 . 2010-12-06 15:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2010-12-06 15:38 . 2010-12-06 15:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-12-06 15:37 . 2010-12-06 15:37 -------- d-----w- c:\windows\system32\winrm
2010-12-06 15:37 . 2010-12-06 15:37 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-12-06 15:36 . 2010-12-06 15:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2010-12-06 15:36 . 2010-12-07 04:58 -------- d-----w- c:\program files\Windows Desktop Search
2010-12-06 15:36 . 2010-12-06 15:36 -------- d-----w- c:\windows\system32\GroupPolicy
2010-12-06 15:35 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-12-06 15:35 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-12-06 15:35 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-12-06 14:53 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 14:52 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 14:19 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-06 14:19 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-06 14:19 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-06 14:19 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-06 14:19 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-06 14:19 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-06 14:19 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-06 14:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-06 14:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-06 14:18 . 2010-12-06 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-12-06 11:44 . 2010-12-06 11:44 -------- d-----w- c:\program files\windows media components
2010-12-06 01:59 . 2010-12-06 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-12-06 01:58 . 2010-12-06 01:58 -------- d-----w- c:\program files\Common Files\HP
2010-12-06 01:58 . 2010-12-06 01:58 -------- d-----w- c:\program files\Hewlett-Packard
2010-12-06 01:57 . 2007-10-31 00:22 729088 ----a-w- c:\windows\system32\hpowiax8.dll
2010-12-06 01:57 . 2007-10-31 00:22 303104 ----a-w- c:\windows\system32\hpovst14.dll
2010-12-06 01:57 . 2007-10-31 00:22 970752 ----a-w- c:\windows\system32\hpotiop6.dll
2010-12-04 05:29 . 2010-12-04 05:29 -------- d-----w- c:\documents and settings\Owner\Application Data\NeroDigital(TM)
2010-12-04 04:52 . 2010-12-04 07:59 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nero
2010-12-02 17:24 . 2010-12-02 17:24 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-12-02 17:24 . 2003-02-27 21:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-12-02 17:24 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-12-02 17:24 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-12-02 17:24 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-12-02 17:24 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-12-02 17:24 . 2010-12-02 17:27 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-12-02 13:36 . 2010-12-02 13:36 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-12-02 13:36 . 2010-12-02 13:36 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-12-02 13:36 . 2004-10-22 07:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-12-02 13:36 . 2004-10-22 07:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-12-02 13:36 . 2004-10-22 07:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-12-02 13:36 . 2004-10-22 07:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-12-02 13:36 . 2004-10-22 07:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-12-02 12:54 . 2004-08-17 01:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2010-12-02 12:35 . 2010-12-02 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-12-02 12:33 . 2010-12-02 12:33 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-12-01 06:09 . 2010-12-06 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-21 11:10 . 2010-11-21 11:11 -------- d-----w- c:\program files\Essentials Codec Pack
2010-11-21 10:45 . 2010-11-21 10:47 -------- d-----w- c:\program files\NeroAACCodec-1.5.1
2010-11-11 06:45 . 2010-11-11 06:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Western_Digital
2010-11-11 06:44 . 2010-11-11 06:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Western Digital
2010-11-11 06:44 . 2010-11-11 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2010-09-24 20:25 . 2010-09-24 20:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2010-09-24 20:19 . 2010-09-24 20:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 20:19 . 2010-09-24 20:19 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-09-24 19:14 . 2010-09-24 19:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
2010-09-24 19:11 . 2010-09-24 19:11 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-09-24 19:11 . 2010-09-24 19:11 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-09-24 19:11 . 2010-09-24 19:11 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-09-24 19:11 . 2010-09-24 19:11 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-09-24 19:11 . 2010-09-24 19:11 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-09-24 19:11 . 2010-09-24 19:11 796672 ----a-w- c:\windows\system32\drivers\UMDF\ZuneDriver.dll
2010-09-24 19:11 . 2010-09-24 19:11 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
2010-09-24 19:11 . 2010-09-24 19:11 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-09-24 19:11 . 2010-09-24 19:11 111104 ----a-w- c:\windows\system32\ZuneIPTransport.dll
2010-09-24 19:06 . 2010-09-24 19:06 41472 ----a-w- c:\windows\system32\drivers\zumbus.sys
2010-09-24 18:31 . 2009-08-17 20:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-09-18 19:23 . 2002-09-03 16:41 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-03 16:41 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-03 16:41 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-03 16:41 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 19:10 . 2010-03-01 09:11 24576 ----a-w- c:\windows\system32\msxml3a.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-10_00.40.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-10 00:50 . 2010-12-10 00:50 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-02 98304]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-12-2 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2006-04-03 04:07 389120 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 20:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IS360service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/6/2010 9:19 AM 165584]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 4:30 PM 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/6/2010 9:19 AM 17744]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/7/2008 11:58 AM 102400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/17/2009 12:22 PM 10384]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 5:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 12:58 PM 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/29/2010 4:22 AM 101904]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 3:16 PM 130384]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [3/10/2010 3:23 AM 16512]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 6:06 PM 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/3/2002 12:05 PM 14336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 3:19 PM 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 3:16 PM 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2/5/2010 7:34 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2/5/2010 7:34 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2/5/2010 7:34 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2/5/2010 7:34 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2/5/2010 7:35 PM 25704]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{9390C314-8374-4CD6-AF61-569D83F00604}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-12-10 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2010-09-27 08:30]
.
.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\anttoolbar@ant.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Extension: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - Extension: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Extension: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Extension: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\extension@virtusdesigns.com
FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Extension: Nuri: {beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5}
FF - Extension: XboxFox: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
FF - Extension: Stratini Padded: {8479ade0-2eec-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
FF - Extension: Virtus Ask Search Plugin: opensearch@ask.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\opensearch@ask.com
FF - Extension: Firefox Zune: {e06bacc0-d6f8-11de-8a39-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{e06bacc0-d6f8-11de-8a39-0800200c9a66}
FF - Extension: Revelation: {586bd060-22d6-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
FF - Extension: Vista Red: {d4385b60-11f0-11de-8c30-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{d4385b60-11f0-11de-8c30-0800200c9a66}
FF - Extension: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
FF - Extension: Office Black: Office2007Black@JBBS - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\Office2007Black@JBBS
FF - Extension: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
FF - Extension: Alienware Invader v1.2: {5476e6b0-3de0-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
FF - Extension: StrataStripe: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
FF - Extension: XP on Vista: {07b2a769-ed19-4483-87ce-c643914caed1} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914caed1}
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\Foxdie@tanjihay.com
FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Extension: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
FF - Extension: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9u88kuq.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,51,66,48,d2,f5,2f,4e,a2,aa,ae,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,51,66,48,d2,f5,2f,4e,a2,aa,ae,\

[HKEY_USERS\S-1-5-21-1757981266-1364589140-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1372)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-12-09 19:59:58
ComboFix-quarantined-files.txt 2010-12-10 00:59

Pre-Run: 120,570,195,968 bytes free
Post-Run: 120,554,233,856 bytes free

- - End Of File - - 1E545A483E34266BB421B967F40DDEDD

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:20 PM, on 12/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 8483 bytes

mmeck · Dec 12, 2010

Bump no reply in 3 days

Bobbye · Dec 14, 2010

Sorry, I was out of town.
Please print this list. You will need to refer to it.

Please reopen HijackThis to ;'do system scan only.' Check each of the following, if present: Note: None of these are malware. But they do not need to be running unless you're actively using the program. None of them need to start on boot and none of the Services need to be set to Automatic

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Close all open Windows except HijackThis and click on "Fix Checked."

Boot into Safe Mode

Restart your computer and start pressing the F8 key on your keyboard.
Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Click on Start> Run> type in services.msc> double click on the Services shows in each 023 entry and set thee Startup Type to Manual

Use the msconfig utility to uncheck the corresponding processes on the Startup Menu:
Uncheck all processes related to entries in the HJT log that you check to remove or stop,
To remove entries from Startup using the msconfig utility:

Click on Start> Run> type in msconfig> enter>
Click on Selective Startup
Choose the Startup tab:
This is where you UNCHECK the Startup items. This does not remove the item or uninstall anything> it just stops it from starting on boot. It can be rechecked at any time if wanted.
To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
Click on Apply> OK when finished.

When finished, boot into Normal Mode.

NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.'
Once you make changes to the Startup menu, you must remain in Selective Startup to retain those changed. If you go back to Normal Startup, everything you unchecked will be checked again and start on boot.

Review the extensions you have on Firefox. Remove some for added speed.
Update the Adobe Reader to v9.xx> Visit this Adobe Reader site Uninstall v7 as it is a vulnerabilities.

Inactive Possible virus is causing slow internet speed and download speed

mmeck

mmeck

Bobbye

Posts: 16,313 +36

mmeck

Bobbye

Posts: 16,313 +36

mmeck

mmeck

Bobbye

Posts: 16,313 +36

Similar threads

Latest posts