Solved Email sending spam to contacts

Status
Not open for further replies.

stroslose

Posts: 42   +0
Thank you for taking the time to investigate. My hotmail email account is sending spam email to all of my contacts. I have changed the password. I was wondering if there still appears to be malware or some sort of virus on my computer. I have posted the requested logs from the 8 step process. AVG runs clean.

Here are the logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5648

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/31/2011 11:58:34 AM
mbam-log-2011-01-31 (11-58-34).txt

Scan type: Quick scan
Objects scanned: 167584
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

====================================================
GMER log found nothing

====================================================
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Breitzig Family at 14:04:32.01 on Mon 01/31/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6058 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton Security Suite\AddOns\Norton AddOn Pack\Engine\4.7.0.10\ccProxy.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Breitzig Family\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uWindow Title = Windows Internet Explorer provided by Comcast
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: TBSB05974: {fcbccb87-9224-4b8d-b117-f56d924beb18} - TBSB05974 Class
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} -
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRunOnce-x64: [PCDrProfiler] "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\BREITZ~1\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: C:\Users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Breitzig Family\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Breitzig Family\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
FF - plugin: C:\Users\Breitzig Family\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Breitzig Family\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: C:\Users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {e283c447-b10b-4344-e22d-37d65dc1a78d} - C:\Program Files (x86)\Mozilla Firefox\extensions\{e283c447-b10b-4344-e22d-37d65dc1a78d}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: Zotero WinWord Integration: zoteroWinWordIntegration@zotero.org - %profile%\extensions\zoteroWinWordIntegration@zotero.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Breitzig Family\AppData\Roaming\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-1-20 69152]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2010-10-26 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2010-10-26 221232]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-19 953904]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2010-10-26 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110128.003\IDSviA64.sys [2011-1-28 476792]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2010-10-26 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2010-10-26 451120]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/07 21:42:36];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-11-7 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-5 203264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-5-12 192512]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 1402272]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-20 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-5 988216]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-5 399416]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-5-7 1403208]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-8 7767552]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-8 279040]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-7-8 132656]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-11-21 21480]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-25 25832]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-10 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-01-31 16:31:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-01-30 13:30:13 -------- d-----w- C:\VundoFix Backups
2011-01-30 03:24:08 -------- d-----w- C:\Users\BREITZ~1\AppData\Roaming\AVG
2011-01-30 01:19:50 -------- d-----w- C:\Users\BREITZ~1\AppData\Roaming\AVG10
2011-01-30 01:18:24 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-01-30 01:17:02 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-01-30 01:17:02 -------- d-----w- C:\PROGRA~3\AVG10
2011-01-30 01:15:38 -------- d-----w- C:\Program Files (x86)\AVG
2011-01-28 20:23:49 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{44B0AD94-59A0-420A-A6BE-0B613342E49D}\mpengine.dll
2011-01-28 02:32:57 -------- d-----w- C:\Program Files\iTunes
2011-01-28 02:32:57 -------- d-----w- C:\Program Files\iPod
2011-01-28 02:32:57 -------- d-----w- C:\Program Files (x86)\iTunes
2011-01-20 21:20:53 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2011-01-20 20:56:33 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-01-20 20:56:30 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-01-20 20:49:23 -------- d-----w- C:\Users\BREITZ~1\AppData\Local\Sunbelt Software
2011-01-20 20:39:23 -------- dc-h--w- C:\PROGRA~3\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-20 20:39:17 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-01-20 20:07:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-01-20 20:07:15 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-01-20 19:42:38 -------- d-----w- C:\Users\BREITZ~1\AppData\Roaming\QuickScan
2011-01-19 22:00:49 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-01-19 19:43:05 -------- d-----w- C:\Users\BREITZ~1\AppData\Roaming\SanDisk
2011-01-18 21:08:49 -------- d--h--w- C:\Windows\AxInstSV
2011-01-17 21:05:39 -------- d-----w- C:\Users\BREITZ~1\AppData\Local\Amazon
2011-01-13 16:26:52 -------- d-----w- C:\PROGRA~3\!SASCORE
2011-01-11 00:49:35 -------- d-----w- C:\Users\BREITZ~1\AppData\Roaming\Registry Mechanic
2011-01-08 13:34:04 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-01-08 13:33:52 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-01-08 13:33:48 151776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-01-08 13:33:31 100352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-01-08 13:18:42 -------- d-----w- C:\Users\BREITZ~1\AppData\Local\Secunia PSI
2011-01-08 13:18:33 -------- d-----w- C:\Program Files (x86)\Secunia

==================== Find3M ====================

2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-08 09:12:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-12-01 14:42:47 724992 ----a-w- C:\Windows\iun6002.exe
2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-29 11:31:18 1579520 ----a-w- C:\Windows\System32\drivers\athrx.sys
2010-11-12 23:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-12 18:19:38 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 14:05:23.10 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2009 10:14:44 PM
System Uptime: 1/31/2011 1:40:45 PM (1 hours ago)

Motherboard: PEGATRON CORPORATION | | VIOLET3
Processor: AMD Phenom(tm) II X4 910 Processor | CPU 1 | 2600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 918 GiB total, 506.659 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.66 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP282: 12/10/2010 6:39:02 AM - Windows Update
RP283: 12/10/2010 7:38:10 PM - Windows Update
RP284: 12/13/2010 10:10:32 PM - HPSF Restore Point
RP285: 12/14/2010 6:45:50 AM - Windows Update
RP286: 12/14/2010 8:14:17 AM - Installed QuickTime
RP287: 12/15/2010 10:28:54 PM - Windows Update
RP288: 12/17/2010 6:22:26 AM - Windows Update
RP289: 12/19/2010 6:19:37 PM - HPSF Applying updates
RP290: 12/19/2010 6:24:52 PM - Installed HP Support Assistant
RP291: 12/19/2010 6:29:20 PM - Windows Modules Installer
RP292: 12/19/2010 6:30:28 PM - Windows Modules Installer
RP293: 12/20/2010 11:46:06 PM - Windows Update
RP294: 12/21/2010 6:44:07 AM - Windows Update
RP295: 12/23/2010 5:09:57 PM - Windows Update
RP296: 12/25/2010 1:08:10 PM - Windows Update
RP297: 12/26/2010 12:24:06 PM - Windows Backup
RP298: 12/28/2010 6:30:18 AM - Windows Update
RP299: 12/30/2010 6:57:07 AM - Windows Update
RP300: 12/31/2010 6:44:10 AM - Windows Update
RP301: 1/2/2011 7:02:54 PM - Windows Backup
RP302: 1/3/2011 2:16:30 PM - Installed Java(TM) 6 Update 23
RP303: 1/4/2011 7:31:39 AM - Windows Update
RP304: 1/7/2011 7:28:26 AM - Windows Update
RP305: 1/9/2011 7:00:29 PM - Windows Backup
RP306: 1/11/2011 6:34:58 AM - Windows Update
RP307: 1/12/2011 8:48:02 PM - Windows Update
RP308: 1/14/2011 6:49:36 AM - Windows Update
RP309: 1/18/2011 9:14:44 AM - Windows Update
RP310: 1/18/2011 4:11:58 PM - Windows Update
RP311: 1/21/2011 6:43:41 AM - Windows Update
RP312: 1/27/2011 5:19:42 PM - Windows Update
RP313: 1/28/2011 3:19:58 PM - Windows Update
RP314: 1/29/2011 8:14:38 PM - Installed AVG 2011
RP315: 1/29/2011 8:15:57 PM - Installed AVG 2011
RP316: 1/30/2011 7:00:44 PM - Windows Backup

==== Installed Programs ======================


µTorrent
Acrobat.com
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.4.1 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Creative Suite 4 Deployment Toolkit
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader X
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Amazon Kindle For PC
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 9.12
Baseball Mogul 2011
Bejeweled 2 Deluxe
Brother MFL-Pro Suite
Camtasia Studio 6
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ChemLab
Cisco Network Magic
Comcast High-Speed Internet Install Wizard
Company of Heroes Online Launcher (THQ)
Compatibility Pack for the 2007 Office system
Connect
CyberLink DVD Suite Deluxe
D3DX10
DAZ|Studio 1.4.16.0
Default Manager
Desktop Doctor
DirectX for Managed Code Update (Summer 2004)
Dragon Age: Origins
dvdSanta 4.50
Enhanced Multimedia Keyboard Solution
erLT
ExtractNow
Facebook Plug-In
Family Tree Maker 2009
FileHippo.com Update Checker
Google Earth
Google Update Helper
GPL Ghostscript 8.63
Graphical Analysis 3.2 Minimal
HijackThis 2.0.2
Hoyle Casino 2010 (remove only)
Hoyle Puzzle & Board Games 2010 (remove only)
HP Advisor
HP Customer Experience Enhancements
HP Easy Backup
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Remote Solution
HP Support Assistant
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
HydraVision
iSEEK AnswerWorks English Runtime
IZArc 4.1.2
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
Kings Bounty Armored Princess
kuler
LabelPrint
LameACM
LEGO Digital Designer
LightScribe System Software
Major League Baseball 2K9
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Microsoft WSE 3.0
Move Media Player
MozBackup 1.4.9
Mozilla Firefox (3.6.13)
MP3+G Toolz
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network Magic
No Trace 2.15
Norton AddOn Pack
Norton Security Suite
NVIDIA PhysX
Oblivion
Pando Media Booster
PC Wizard 2010.1.96
PCSX2 - Playstation 2 Emulator
Photoshop Camera Raw
PictureMover
Power2Go
PowerDirector
PowerISO
Pure Networks Platform
Python 2.6.1
QuickBooks Pro 2007
Quicken WillMaker Plus 2009
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister
RollerCoaster Tycoon 2: Wacky Worlds
Rosetta Stone V3
Runtime
Secunia PSI (2.0.0.2001)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SolSuite 2009 v9.5
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
SPORE™
Spybot - Search & Destroy
SpywareBlaster 4.4
StarCraft II Beta
Suite Shared Configuration CS4
SupportSoft Assisted Service
Timez Attack
Total Video Converter 3.71 100812
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
TurboTax 2009
TurboTax 2009 wflcbpm
TurboTax 2009 wfliper
TurboTax 2009 WinBizFedFormset
TurboTax 2009 WinBizReleaseEngine
TurboTax 2009 WinBizTaxSupport
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax Business 2009
UltraISO Premium V9.36
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2008 x64 Redistributables
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Upload Tool
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPatrol
Works Upgrade
World of Warcraft
Yahoo! BrowserPlus 2.9.8

==== Event Viewer Messages From Past Week ========

1/31/2011 7:08:01 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.
1/31/2011 10:04:18 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
1/31/2011 1:55:36 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
1/31/2011 1:51:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS sptd
1/31/2011 1:51:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
1/31/2011 1:51:19 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/31/2011 1:40:46 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
1/31/2011 1:38:29 PM, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/30/2011 7:44:49 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 7:44:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/30/2011 7:44:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/30/2011 7:44:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/30/2011 7:44:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/30/2011 7:44:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/30/2011 7:44:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/30/2011 7:44:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AFS Avgldx64 Avgmfx64 Avgtdia BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr sptd SRTSP SRTSPX SymIM SymIRON SYMTDIv Tcpip tdx vwififlt Wanarpv6 WfpLwf
1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 7:44:05 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 7:44:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 7:44:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 7:44:00 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 7:44:00 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 7:44:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2011 9:32:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
1/27/2011 9:31:17 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/27/2011 9:31:01 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================


Thank you!
Scott
 
Welcome back, Scott! I see Broni did a good job of cleaning the system up a few months ago.

About web-based email> in your case, Hotmail You can't have email filters in place like you can with a client-based email program such as Outlook Express. So you are at the mercy of whatever filters the ISP may-or may note have in place. I see a lot of complaints about Hotmail being hacked.

What you need to understand is that someone else who has your email address in their contacts could be the culprit- a mass mailing Worm that sends the spam to everyone in their contacts! But we will check you system and make sure it's clean first.
===============================================
I notice that you have multiple antivirus programs running. You should decide which you want to keep and remove the others for the following reasons:
  • Multiple antivirus programs and/or firewalls can cause conflicts that may leave the system more vulnerable.
  • Multiple antivirus and firewalls can also slow down the system.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated*
AV: Norton Security Suite *Disabled/Updated* {
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated*
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
So the first thing you need to do is decide which to keep and remove the others:
Tools to help> download only the removal for the programs you aren't going to keep: Please reboot the computer when finished.
========================================
While I finish reviewing these logs, please run the following:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
====================================
Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
I notice that you have both AdAware AdWatch and Spybot Tea Timer running. Both of these run in Real Time and there is much overlap in what they do. To avoid a conflict that could make the system more vulnerable, I suggest you disable one of them.

I'd like you to run the following also:

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Having a lot of program that do the same thing isn't as good as having layered security.
==============================================
After I check for malware, I will be suggesting you remove some of the programs and apps from the Startup menu. This will not uninstall the programs. I see many processes that don't need to start on boot and run in the background.
 
Thank you Bobbye! Which AV program is recommended? Norton or AVG. I get Norton free through Comcast and have the free version of AVG.
 
Eset scan log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=0f4bd93be59df9469d662c3a37ce13f9
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-31 10:36:16
# local_time=2011-01-31 05:36:16 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777214 0 1 0 0 0 0
# compatibility_mode=3589 16777213 80 82 4396004 59785182 0 0
# compatibility_mode=5893 16776574 100 94 0 48050337 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=383463
# found=0
# cleaned=0
# scan_time=6489
 
ComboFix Log:

ComboFix 11-01-31.01 - Breitzig Family 01/31/2011 18:03:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.5894 [GMT -5:00]
Running from: c:\users\Breitzig Family\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\basis.xml
c:\program files (x86)\Search Toolbar\bg.bmp
c:\program files (x86)\Search Toolbar\bing_logo.png
c:\program files (x86)\Search Toolbar\celebrity.png
c:\program files (x86)\Search Toolbar\drop_images.png
c:\program files (x86)\Search Toolbar\drop_maps.png
c:\program files (x86)\Search Toolbar\drop_news.png
c:\program files (x86)\Search Toolbar\drop_videos.png
c:\program files (x86)\Search Toolbar\drop_web.png
c:\program files (x86)\Search Toolbar\facebook.png
c:\program files (x86)\Search Toolbar\favicon.png
c:\program files (x86)\Search Toolbar\games.png
c:\program files (x86)\Search Toolbar\hotmail.png
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\images.png
c:\program files (x86)\Search Toolbar\include.xml
c:\program files (x86)\Search Toolbar\info.txt
c:\program files (x86)\Search Toolbar\lifestyle.png
c:\program files (x86)\Search Toolbar\maps.png
c:\program files (x86)\Search Toolbar\messenger.png
c:\program files (x86)\Search Toolbar\msn.png
c:\program files (x86)\Search Toolbar\news.png
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\twitter.png
c:\program files (x86)\Search Toolbar\uninstall.exe
c:\program files (x86)\Search Toolbar\update.exe
c:\program files (x86)\Search Toolbar\version.txt
c:\program files (x86)\Search Toolbar\video.png
c:\program files (x86)\Search Toolbar\videos.png
c:\program files (x86)\Search Toolbar\weather.png
c:\program files (x86)\Search Toolbar\web.png

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))
.

2011-01-31 23:09 . 2011-01-31 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-31 20:42 . 2011-01-31 20:42 -------- d-----w- c:\program files (x86)\ESET
2011-01-31 16:31 . 2011-01-31 16:31 -------- d-----w- c:\program files (x86)\Trend Micro
2011-01-30 13:30 . 2011-01-30 13:30 -------- d-----w- C:\VundoFix Backups
2011-01-30 03:24 . 2011-01-30 03:24 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\AVG
2011-01-30 01:17 . 2011-01-31 20:32 -------- d-----w- c:\programdata\AVG10
2011-01-30 01:15 . 2011-01-30 03:24 -------- d-----w- c:\program files (x86)\AVG
2011-01-28 20:23 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44B0AD94-59A0-420A-A6BE-0B613342E49D}\mpengine.dll
2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files\iTunes
2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files (x86)\iTunes
2011-01-28 02:32 . 2011-01-28 02:32 -------- d-----w- c:\program files\iPod
2011-01-20 21:20 . 2011-01-20 20:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-01-20 20:56 . 2010-12-03 09:05 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-01-20 20:56 . 2011-01-20 20:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-20 20:49 . 2011-01-20 20:49 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Sunbelt Software
2011-01-20 20:39 . 2011-01-20 20:39 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-20 20:39 . 2011-01-20 20:56 -------- d-----w- c:\programdata\Lavasoft
2011-01-20 20:39 . 2011-01-20 20:39 -------- d-----w- c:\program files (x86)\Lavasoft
2011-01-20 20:07 . 2011-01-31 20:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-20 20:07 . 2011-01-20 20:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-01-20 19:42 . 2011-01-31 13:08 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\QuickScan
2011-01-19 22:00 . 2011-01-19 22:04 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-01-19 19:43 . 2011-01-19 19:43 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\SanDisk
2011-01-18 21:08 . 2011-01-18 21:09 -------- d--h--w- c:\windows\AxInstSV
2011-01-17 21:05 . 2011-01-17 21:05 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Amazon
2011-01-13 16:26 . 2011-01-13 16:26 -------- d-----w- c:\programdata\!SASCORE
2011-01-11 00:49 . 2011-01-11 00:49 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Registry Mechanic
2011-01-08 13:34 . 2011-01-08 13:34 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-01-08 13:33 . 2011-01-08 13:33 151776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-01-08 13:33 . 2011-01-08 13:33 100352 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\real
2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Secunia PSI
2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\program files (x86)\Secunia
2011-01-08 00:23 . 2011-01-08 00:23 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-07-06 02:13 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-09-07 01:55 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-01 14:42 . 2010-03-21 21:02 724992 ----a-w- c:\windows\iun6002.exe
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-29 11:31 . 2010-11-29 11:31 1579520 ----a-w- c:\windows\system32\drivers\athrx.sys
2010-11-12 23:53 . 2010-10-10 05:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-04 06:35 . 2010-12-15 23:56 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 23:56 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 23:56 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 23:56 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 23:56 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 23:56 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 23:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 23:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
"PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
"KBD"=c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"WinPatrol"=c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"NoTrace"="c:\program files (x86)\No Trace\NoTrace2.exe" -mini
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot

R0 AFS;AFS; [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-21 828912]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-01-20 1402272]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 69152]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [2009-10-15 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [2010-04-22 221232]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2010-11-23 953904]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [2010-02-26 615040]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110128.003\IDSvia64.sys [2010-11-09 476792]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [2010-04-29 150064]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [2010-05-06 451120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/07 21:42];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 19:50 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-05 988216]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-05 399416]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-05-07 1403208]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-11 132656]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


--- Other Services/Drivers In Memory ---

*Deregistered* - Lavasoft Kernexplorer
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

2011-01-28 c:\windows\Tasks\HPCeeScheduleForBreitzig Family.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-12 01:17]

2011-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.comcast.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
FF - ProfilePath - c:\users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {e283c447-b10b-4344-e22d-37d65dc1a78d} - c:\program files (x86)\Mozilla Firefox\extensions\{e283c447-b10b-4344-e22d-37d65dc1a78d}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: Zotero WinWord Integration: zoteroWinWordIntegration@zotero.org - %profile%\extensions\zoteroWinWordIntegration@zotero.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Breitzig Family\AppData\Roaming\Move Networks
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-31 18:12:07
ComboFix-quarantined-files.txt 2011-01-31 23:12

Pre-Run: 543,273,193,472 bytes free
Post-Run: 544,011,923,456 bytes free

- - End Of File - - A749118318B20B23D380ADD9637311C1
 
Results of screen317's Security Check version 0.99.8
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Kings Bounty Armored Princess
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
MVPS Hosts File
Malwarebytes' Anti-Malware
HijackThis 2.0.2
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 23
Adobe Flash Player 10.1.102.64
Adobe Reader X
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
WinPatrol winpatrol.exe is disabled!
Spybot Teatimer.exe is disabled!
``````````End of Log````````````
 
Thank you Bobbye! Which AV program is recommended? Norton or AVG. I get Norton free through Comcast and have the free version of AVG.
There are other options and I would recommend either of them instead> all of the follow are Free:

[*]Have layered Security:
  • Antivirus Software(only one):Both of the following programs are free and known to be good:
    [o]Avira Free
    [o]Avast Home
  • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
  • Antispyware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.

I see all these running
  1. Secunia>> leave
    [*]Registry Mechanic> uninstall. Most of us don't recommend using a Registry Cleaner
    [*]TuneU Utilities> use with care. Don't renew as you can do most yourself
    [*]AVG 2010>> uninstall>> replace with either Avira or Avast
    [*]Norton Security> uninstall when subscription is up
    [*]Windows Defender> Okay to leave
    [*]Spybot and TT> Keep Spybot, don't run TeaTimer.
    [*]AdAware and AW> keep till expired, then uninstall. Don't run AdWatch
    [*]Desktop Doctor> from PCTools>> by Comcast. Troubleshoots connection problems. Useless to run unless you have frequent connection problems
    [*]Norton AddOn Pack>> Anti-spam - Parental Control - Ad Blocker | Norton Online Family>> things you can set yourself or use free in your browser.

    Windows Firewall Enabled! > stop if you're going to run another software firewall.
  2. µTorrent>> File sharing>> straight road to malware
    [*]Acrobat.com>> useless
    [*]Adobe Service Manager Extension>> It is used to install and manage extensions associated with various Adobe programs. Most likely a totally useless process.
    [*]Adobe Setup>> should have been removed when program was installed.
    [*]HijackThis 2.0.2> Outdated> uninstall. I'll have you run later, with link for new version.

I see 3 separate installs for these:
  1. Cisco Network Magic
  2. Pure Networks Platform
  3. Network Magic

Network Magic originally came from Put Networks. Cisco bought NM out so I think you have some duplication with as three of these installed:
NOTE: there will be either 3 or 4 processes on startup for this that need to start on boot.

Mbam is clean, GMER is clean, Eset scan is clean
======================================
Handle the above and then I'll go over the Combofix log with script
 
Thank you Bobbye,

# Secunia>> leave
# Registry Mechanic> could not find, only found a txt log file.
# TuneU Utilities> won't renew
# AVG 2010>> uninstalled and replaced with Avira
# Norton Security> uninstalled
# Windows Defender> Okay to leave
# Spybot and TT> Turned off TT
# AdAware and AW> uninstalled
# Desktop Doctor> from PCTools>> uninstalled with Norton
# Norton AddOn Pack>> uninstalled
Windows Firewall Enabled! > stopped - installed Zone Alarm
# µTorrent>> File sharing>> uninstalled
# Acrobat.com>> uninstalled
# Adobe Service Manager Extension>> No longer running under processes.
# HijackThis 2.0.2> Outdated> uninstalled
 
Very good! If everyone followed my suggestions as well as you, I might find myself out of my volunteer job! You might like to know that I have or had some of the programs I suggested you remove or modify. I gave you the suggestions I, myself, followed.
========================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code:
File::
c:\windows\iun6002.exe
c:\program files\PeerBlock\pbfilter.sys

Folder::
C:\VundoFix Backups
c:\users\Breitzig Family\AppData\Roaming\AVG
c:\programdata\AVG10
c:\program files (x86)\AVG
c:\users\Breitzig Family\AppData\Roaming\Registry Mechanic
DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm

Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ddoctorv2"=-"

Driver::
AFS
pbfilter
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
=====================================
Finding the following is a matter of concern:
c:\windows\iun6002.exe>> iun6002.exe is a Spyware.DsktopSurveil.Spyware.DsktopSurveil must be manually installed. Spyware.DsktopSurveil logs keystrokes, program use, and captures screenshots. It can run in hidden mode.
iun6002.exe monitors user Internet activity and private information. It sends stolen data to a hacker site.>>>>>>

You or someone else would have purposely installed this program. Were you aware of it? Did you install it? Did anyone else have access to the computer? It is possible that your email password might have been found through this source.
======================================
Remove outdated Java plugin files from the Firefox plugins folder:
Note: It is recommended that you do not copy Java plugins from other locations to the Firefox plugins folder. Outdated Java plugins can cause Java not to work if you update Java and then uninstall the older Java version, if plugins from the old Java version are still in the Firefox plugins folder.
1. Open Firefox> Tools> Add-ons. The Add-ons window will open.
2. In the Add-ons window> select the Plugins panel, to display a list of installed plugins.
3. Select each Java plugin listed to make sure that all are enabled.
4. Check if the Java plugins are correctly detected. All Java plugins listed in the Add-ons window should match the version number of the currently installed JRE. There should be no plugins for earlier versions of Java.
5. Java plugin files that do not match your current version means that the Firefox plugins folder contains outdated Java plugin files which should be removed. This folder is typically in the following location: Use Windows Explorer to access> My Computer> Local Drive> Programs>>>
C:\Program Files\Mozilla Firefox\plugins
Java files from older versions in the Firefox plugins folder can prevent Java from running.
While you are in this section, I recommend you remove th following extensions also:
FF - Ext: Dr.Web anti-virus link checker:
FF - Ext: BitDefender QuickScan
FF - Ext: Norton IPS
FF - Ext: Norton Toolbar

===============================
Please go on to next reply when finished.
 
After running the Combofix script, go on to this:

Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
When we have finished, I will direct you to finding and deleting the program folders for any programs or apps you uninstalled.
 
Thanks Bobbye I appreciate your advice. I try to keep this computer as clean as possible, but I have a teen and a wife that click links before they read. Here is the

I have removed outdated Java plug-ins, and suggested FF extensions.

I am not sure how iun6002 was installed. Glad you found it though.

=================================================================

ComboFix log:

ComboFix 11-01-31.02 - Breitzig Family 02/01/2011 13:52:20.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6726 [GMT -5:00]
Running from: c:\users\Breitzig Family\Desktop\ComboFix.exe
Command switches used :: c:\users\Breitzig Family\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\program files\PeerBlock\pbfilter.sys"
"c:\windows\iun6002.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\AVG
c:\programdata\AVG10
c:\users\Breitzig Family\AppData\Roaming\AVG
c:\users\Breitzig Family\AppData\Roaming\Registry Mechanic
c:\users\Breitzig Family\AppData\Roaming\Registry Mechanic\SystemReport.txt
C:\VundoFix Backups
c:\windows\iun6002.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PBFILTER
-------\Service_AFS
-------\Service_pbfilter


((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
.

2011-02-01 18:58 . 2011-02-01 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-01 14:02 . 2011-02-01 14:02 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\CheckPoint
2011-02-01 14:01 . 2011-02-01 14:01 -------- d-----w- c:\program files (x86)\Conduit
2011-02-01 14:01 . 2011-02-01 14:01 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
2011-02-01 14:01 . 2011-02-01 14:01 -------- d-----w- c:\program files\CheckPoint
2011-02-01 13:59 . 2011-02-01 13:59 -------- d-----w- c:\programdata\CheckPoint
2011-02-01 13:59 . 2011-02-01 19:00 -------- d-----w- c:\windows\Internet Logs
2011-02-01 13:58 . 2011-02-01 13:58 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Avira
2011-02-01 13:54 . 2010-12-13 13:40 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-01 13:54 . 2010-12-13 13:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-01 13:54 . 2011-02-01 13:54 -------- d-----w- c:\programdata\Avira
2011-02-01 13:54 . 2011-02-01 13:54 -------- d-----w- c:\program files (x86)\Avira
2011-01-31 16:31 . 2011-01-31 16:31 -------- d-----w- c:\program files (x86)\Trend Micro
2011-01-30 01:19 . 2011-01-30 01:19 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\AVG10
2011-01-28 20:23 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44B0AD94-59A0-420A-A6BE-0B613342E49D}\mpengine.dll
2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files\iTunes
2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files (x86)\iTunes
2011-01-28 02:32 . 2011-01-28 02:32 -------- d-----w- c:\program files\iPod
2011-01-20 20:56 . 2011-01-20 20:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-20 20:49 . 2011-01-20 20:49 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Sunbelt Software
2011-01-20 20:39 . 2011-02-01 13:00 -------- d-----w- c:\programdata\Lavasoft
2011-01-20 20:07 . 2011-01-31 20:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-20 20:07 . 2011-01-20 20:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-01-20 19:42 . 2011-01-31 13:08 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\QuickScan
2011-01-19 22:00 . 2011-02-01 13:03 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-01-19 19:43 . 2011-01-19 19:43 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\SanDisk
2011-01-18 21:08 . 2011-01-18 21:09 -------- d--h--w- c:\windows\AxInstSV
2011-01-17 21:05 . 2011-01-17 21:05 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Amazon
2011-01-13 16:26 . 2011-01-13 16:26 -------- d-----w- c:\programdata\!SASCORE
2011-01-08 13:34 . 2011-01-08 13:34 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-01-08 13:33 . 2011-01-08 13:33 151776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-01-08 13:33 . 2011-01-08 13:33 100352 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\real
2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Secunia PSI
2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\program files (x86)\Secunia
2011-01-08 00:23 . 2011-01-08 00:23 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-07-06 02:13 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-09-07 01:55 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-29 11:31 . 2010-11-29 11:31 1579520 ----a-w- c:\windows\system32\drivers\athrx.sys
2010-11-12 23:53 . 2010-10-10 05:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-04 06:35 . 2010-12-15 23:56 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 23:56 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 23:56 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 23:56 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 23:56 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 23:56 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 23:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 23:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.

((((((((((((((((((((((((((((( SnapShot@2011-01-31_23.10.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-01 14:01 . 2010-11-16 22:45 99328 c:\windows\SysWOW64\ZoneLabs\zlquarantine.dll
+ 2011-02-01 14:01 . 2010-11-16 22:46 70656 c:\windows\SysWOW64\ZoneLabs\zatray.exe
+ 2011-02-01 14:00 . 2010-11-16 22:46 21504 c:\windows\SysWOW64\ZoneLabs\lib\zsys.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 14336 c:\windows\SysWOW64\ZoneLabs\lib\zmenu.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 48640 c:\windows\SysWOW64\ZoneLabs\lib\zfde.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 85504 c:\windows\SysWOW64\ZoneLabs\lib\ZAlert.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 37376 c:\windows\SysWOW64\ZoneLabs\lib\UpdateUI.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 12800 c:\windows\SysWOW64\ZoneLabs\lib\oem_1488.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 12800 c:\windows\SysWOW64\ZoneLabs\lib\oem_1487.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 12800 c:\windows\SysWOW64\ZoneLabs\lib\oem_1486.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 20992 c:\windows\SysWOW64\ZoneLabs\lib\oem_1466.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 12800 c:\windows\SysWOW64\ZoneLabs\lib\oem_1460.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 10240 c:\windows\SysWOW64\ZoneLabs\lib\oem_1454.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 11264 c:\windows\SysWOW64\ZoneLabs\lib\oem_1445.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 14336 c:\windows\SysWOW64\ZoneLabs\lib\oem_1440.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 12288 c:\windows\SysWOW64\ZoneLabs\lib\oem_1413.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 11264 c:\windows\SysWOW64\ZoneLabs\lib\oem_1010.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 29184 c:\windows\SysWOW64\ZoneLabs\lib\NavBar.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 13312 c:\windows\SysWOW64\ZoneLabs\lib\MainLoop.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 35840 c:\windows\SysWOW64\ZoneLabs\lib\Alert.zip.dll
+ 2011-02-01 14:01 . 2010-11-16 22:45 38912 c:\windows\SysWOW64\ZoneLabs\featuremap.dll
+ 2011-02-01 14:01 . 2010-11-16 22:45 75776 c:\windows\SysWOW64\ZoneLabs\camupd.dll
+ 2011-02-01 14:00 . 2010-11-16 22:45 69120 c:\windows\SysWOW64\zlcomm.dll
+ 2011-02-01 14:00 . 2010-11-16 22:45 43008 c:\windows\SysWOW64\vswmi.dll
+ 2011-02-01 14:01 . 2010-11-16 22:45 58368 c:\windows\SysWOW64\vsregexp.dll
- 2011-01-20 20:45 . 2011-01-31 20:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-01-20 20:45 . 2011-02-01 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-01-31 20:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-01 18:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-31 20:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-01 18:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-31 20:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-01 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-06 14:08 . 2011-02-01 14:07 74310 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-01 19:01 43432 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-06 03:46 . 2011-02-01 19:01 17114 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-465570233-4148414345-125681747-1000_UserData.bin
- 2009-07-14 05:30 . 2011-01-28 02:31 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-02-01 14:00 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-11-06 01:07 . 2011-01-31 02:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-06 01:07 . 2011-02-01 14:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-01 14:05 . 2011-02-01 14:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-31 02:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-01 14:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-06 03:51 . 2011-02-01 19:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-06 03:51 . 2011-01-31 20:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-02-01 14:16 80560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-11-06 03:51 . 2011-02-01 19:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-06 03:51 . 2011-01-31 20:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-06 03:51 . 2011-01-31 20:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-06 03:51 . 2011-02-01 19:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-06 03:51 . 2011-02-01 19:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-06 03:51 . 2011-01-31 20:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-06 03:51 . 2011-02-01 19:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-06 03:51 . 2011-01-31 20:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-31 20:34 . 2011-01-31 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-01 18:59 . 2011-02-01 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-31 20:34 . 2011-01-31 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-01 18:59 . 2011-02-01 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-01 14:01 . 2010-11-16 22:45 141824 c:\windows\SysWOW64\ZoneLabs\zlupdate.dll
+ 2011-02-01 14:01 . 2010-11-16 22:45 173056 c:\windows\SysWOW64\ZoneLabs\vsvault.dll
+ 2011-02-01 13:59 . 2010-11-16 22:45 211456 c:\windows\SysWOW64\ZoneLabs\vsdb.dll
+ 2011-02-01 14:01 . 2007-10-11 21:51 832984 c:\windows\SysWOW64\ZoneLabs\updating.dll
+ 2011-02-01 14:00 . 2010-11-16 22:45 434688 c:\windows\SysWOW64\ZoneLabs\ssleay32.dll
+ 2011-02-01 14:01 . 2010-11-16 22:45 135680 c:\windows\SysWOW64\ZoneLabs\scheduler.dll
+ 2011-02-01 14:01 . 2009-07-14 04:58 722392 c:\windows\SysWOW64\ZoneLabs\qrbase.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 126976 c:\windows\SysWOW64\ZoneLabs\lib\zui.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 280064 c:\windows\SysWOW64\ZoneLabs\lib\TrayTest.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 225792 c:\windows\SysWOW64\ZoneLabs\lib\Overview.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 368640 c:\windows\SysWOW64\ZoneLabs\lib\LicenseUI.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 184832 c:\windows\SysWOW64\ZoneLabs\lib\DashBoard.zip.dll
+ 2011-02-01 14:00 . 2010-11-16 22:46 375296 c:\windows\SysWOW64\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2011-02-01 13:59 . 2010-02-08 13:41 595432 c:\windows\SysWOW64\ZoneLabs\icslta.dll
+ 2011-02-01 14:02 . 2010-11-08 23:58 284136 c:\windows\SysWOW64\ZoneLabs\ffapi.dll
+ 2011-02-01 14:01 . 2010-11-16 22:45 169984 c:\windows\SysWOW64\ZoneLabs\fbl.dll
+ 2011-02-01 14:01 . 2008-03-17 21:52 813568 c:\windows\SysWOW64\ZoneLabs\dbghelp.dll
+ 2011-02-01 14:00 . 2010-11-16 22:45 104448 c:\windows\SysWOW64\zlcommdb.dll
+ 2011-02-01 14:00 . 2010-11-16 22:45 110080 c:\windows\SysWOW64\vsxml.dll
+ 2011-02-01 13:59 . 2010-11-16 22:45 715264 c:\windows\SysWOW64\vsutil.dll
+ 2011-02-01 14:00 . 2010-11-16 22:45 302592 c:\windows\SysWOW64\vspubapi.dll
+ 2011-02-01 14:00 . 2010-11-16 22:45 108032 c:\windows\SysWOW64\vsmonapi.dll
+ 2011-02-01 13:59 . 2010-11-16 22:45 228864 c:\windows\SysWOW64\vsinit.dll
+ 2011-02-01 14:00 . 2010-11-16 22:45 112128 c:\windows\SysWOW64\vsdata.dll
+ 2010-10-09 01:53 . 2011-02-01 18:23 357912 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:30 . 2011-01-28 02:31 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-02-01 14:00 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-01-28 02:31 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-02-01 14:00 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-02-01 14:00 . 2010-05-15 21:30 458840 c:\windows\system32\DriverStore\FileRepository\vsdatant.inf_amd64_neutral_f782e0172cdac971\vsdatant.sys
+ 2011-02-01 14:00 . 2010-05-15 21:30 458840 c:\windows\system32\drivers\vsdatant.sys
+ 2011-02-01 14:00 . 2010-04-09 11:06 374664 c:\windows\system32\drivers\netio.sys
+ 2009-07-14 05:01 . 2011-02-01 18:58 416696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-01-31 20:32 416696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-01 14:00 . 2010-11-16 22:45 1238528 c:\windows\SysWOW64\zpeng25.dll
+ 2011-02-01 14:00 . 2010-11-16 22:45 1790464 c:\windows\SysWOW64\ZoneLabs\vsruledb.dll
+ 2011-02-01 14:00 . 2010-11-16 22:47 2435592 c:\windows\SysWOW64\ZoneLabs\vsmon.exe
+ 2011-02-01 14:00 . 2010-11-16 22:46 1536512 c:\windows\SysWOW64\ZoneLabs\lib\zpy.zip.dll
+ 2009-07-14 04:45 . 2011-02-01 14:08 3838317 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-01-20 21:04 3838317 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2011-01-31 20:51 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-02-01 18:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 16:27 2735200 ----a-w- c:\program files (x86)\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
"PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
"KBD"=c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"WinPatrol"=c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"NoTrace"="c:\program files (x86)\No Trace\NoTrace2.exe" -mini
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-21 828912]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/07 21:42];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 19:50 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 822264]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-05 988216]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-05 399416]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-05-07 1403208]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVia64
*Deregistered* - SRTSPX
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder

2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

2011-01-28 c:\windows\Tasks\HPCeeScheduleForBreitzig Family.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-12 01:17]

2011-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF20678.cfxxe" [X]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 1123320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.comcast.net/
mLocal Page = %SystemRoot%\system32\blank.htm
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
FF - ProfilePath - c:\users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {e283c447-b10b-4344-e22d-37d65dc1a78d} - c:\program files (x86)\Mozilla Firefox\extensions\{e283c447-b10b-4344-e22d-37d65dc1a78d}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Breitzig Family\AppData\Roaming\Move Networks
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
AddRemove-No_Trace_2.15 - c:\windows\iun6002.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-02-01 14:06:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-01 19:06
ComboFix2.txt 2011-01-31 23:12

Pre-Run: 536,993,132,544 bytes free
Post-Run: 536,695,160,832 bytes free

- - End Of File - - E17D1B3A238D8E45C340C227DE536ECA

===============================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:39:33 PM, on 2/1/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} (WZIFLauncher Class) - http://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12916 bytes


Thank you Bobbye!
 
Sorry for delay- internet was down from Tuesday night until this morning. Trying to catch up.

Question: Are you using the Anti-Rootkit Engine from Sunbelt Software? Looks like there may be entry for that. Some users use4 Sunbelt to run Threatfire not realizing it's an AV program.

Give me a few minutes to finish reviewing logs and I'll try to finish you up.
 
No problem Bobbye, take your time. I appreciate your help.

Not running Anti-Rootkit Engine from Sunbelt Software to my knowledge.
 
Okay, thanks. I'll add those entries in the script:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code:
KillAll::
File::
c:\users\Breitzig Family\AppData\Roaming\AVG10
c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
c:\program files\PeerBlock\pbfilter.sys
c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS
c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx64.sys
c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys
c:\windows\system32\drivers\SBREDrv.sys
Folder::
c:\users\Breitzig Family\AppData\Local\Sunbelt Software
Extra::
File::
c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Firefox::
Firefox-: - Profile- c:\users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\ 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
Driver::
pbfilter
Norton Security Suite
DAUpdaterSvc
pbfilte
SymDS
SymEFA
BHDrvx64
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Uncheck all CyberLink related entries on Startup! There are 8 processes loading from the Registry!
================================================
Please reopen Hijackthis to 'do system scan only.' Check each of the following, if present:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)


Close all Windows except HijackThis and click on "Fix Checked."

Note about HJT: I can't go through all the Services you have running because HJT doesn't scan Services well on 64bit OS. . But you might want to review Black Viper's suggestion for Startup type for Services and their Dependencies.

NOTE: For any program that you have uninstalled (not stopped, but uninstalled/removed from the system) use Windows Explorer to find and remove the program folder for each:
Windows Key + E: Computer> Local Drive> Programs> do a right click> Delete on any program folder remaining for a program you have uninstalled.

.
 
Thanks Bobbye,

When I use msconfig, I could not find a reference to Cyberlink running on startup. The only process I found related to Cyberlink was Lightscribe so I stopped that process from running since I do not use it.

I ran Cyberlink and unchecked all automatic processes from the program itself. So it should not run unless I actually use the program.


Here is the new ComboFix log,
ComboFix log:

ComboFix 11-01-31.02 - Breitzig Family 02/04/2011 9:11.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6260 [GMT -5:00]
Running from: c:\users\Breitzig Family\Desktop\ComboFix.exe
Command switches used :: c:\users\Breitzig Family\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe"
"c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}"
"c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}"
"c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}"
"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe"
"c:\program files\PeerBlock\pbfilter.sys"
"c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx64.sys"
"c:\users\Breitzig Family\AppData\Roaming\AVG10"
"c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys"
"c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS"
"c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS"
"c:\windows\system32\drivers\SBREDrv.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
c:\users\Breitzig Family\AppData\Local\Sunbelt Software

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BHDRVX64
-------\Legacy_SYMDS
-------\Legacy_SYMEFA
-------\Service_DAUpdaterSvc


((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.

2011-02-04 14:18 . 2011-02-04 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-04 12:03 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5832D13-5CAE-481E-BCAC-EAA9B22B5C6D}\mpengine.dll
2011-02-03 20:33 . 2011-02-03 20:33 -------- d-----w- c:\program files\COMODO
2011-02-03 20:31 . 2011-02-03 21:05 -------- d-----w- c:\programdata\Comodo
2011-02-03 20:30 . 2011-02-03 20:30 -------- d-----w- c:\programdata\ZA_PreservedFiles
2011-02-01 19:38 . 2011-02-01 19:38 -------- d-----w- C:\HijackThis
2011-02-01 14:02 . 2011-02-01 14:02 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\CheckPoint
2011-02-01 14:01 . 2011-02-01 14:01 -------- d-----w- c:\program files (x86)\Conduit
2011-02-01 14:01 . 2011-02-01 14:01 -------- d-----w- c:\program files\CheckPoint
2011-02-01 14:00 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-01 14:00 . 2010-05-15 21:30 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2011-02-01 13:59 . 2011-02-01 13:59 -------- d-----w- c:\programdata\CheckPoint
2011-02-01 13:58 . 2011-02-01 13:58 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Avira
2011-02-01 13:54 . 2010-12-13 13:40 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-01 13:54 . 2010-12-13 13:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-01 13:54 . 2011-02-01 13:54 -------- d-----w- c:\programdata\Avira
2011-02-01 13:54 . 2011-02-01 13:54 -------- d-----w- c:\program files (x86)\Avira
2011-01-31 16:31 . 2011-01-31 16:31 -------- d-----w- c:\program files (x86)\Trend Micro
2011-01-30 01:19 . 2011-01-30 01:19 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\AVG10
2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files\iTunes
2011-01-28 02:32 . 2011-01-28 02:33 -------- d-----w- c:\program files (x86)\iTunes
2011-01-28 02:32 . 2011-01-28 02:32 -------- d-----w- c:\program files\iPod
2011-01-20 20:56 . 2011-01-20 20:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-20 20:39 . 2011-02-01 13:00 -------- d-----w- c:\programdata\Lavasoft
2011-01-20 20:07 . 2011-01-31 20:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-20 20:07 . 2011-01-20 20:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-01-20 19:42 . 2011-01-31 13:08 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\QuickScan
2011-01-19 22:00 . 2011-02-03 18:35 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-01-19 19:43 . 2011-01-19 19:43 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\SanDisk
2011-01-18 21:08 . 2011-01-18 21:09 -------- d--h--w- c:\windows\AxInstSV
2011-01-17 21:05 . 2011-01-17 21:05 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Amazon
2011-01-13 16:26 . 2011-01-13 16:26 -------- d-----w- c:\programdata\!SASCORE
2011-01-08 13:34 . 2011-01-08 13:34 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-01-08 13:33 . 2011-01-08 13:33 151776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-01-08 13:33 . 2011-01-08 13:33 100352 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\program files (x86)\real
2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\users\Breitzig Family\AppData\Local\Secunia PSI
2011-01-08 13:18 . 2011-01-08 13:18 -------- d-----w- c:\program files (x86)\Secunia
2011-01-08 00:23 . 2011-01-08 00:23 -------- d-----w- c:\users\Breitzig Family\AppData\Roaming\Move Networks
2011-01-06 22:37 . 2011-01-06 22:37 89840 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-06 22:37 . 2011-01-06 22:37 39888 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 22:36 . 2011-01-06 22:36 250008 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 22:36 . 2011-01-06 22:36 14184 ----a-w- c:\windows\system32\drivers\cmderd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-29 06:42 . 2010-12-29 06:42 285480 ----a-w- c:\windows\SysWow64\guard32.dll
2010-12-29 06:42 . 2010-12-29 06:42 362784 ----a-w- c:\windows\system32\guard64.dll
2010-12-20 23:09 . 2010-07-06 02:13 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-09-07 01:55 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-29 11:31 . 2010-11-29 11:31 1579520 ----a-w- c:\windows\system32\drivers\athrx.sys
2010-11-12 23:53 . 2010-10-10 05:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((( SnapShot_2011-02-01_19.00.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-20 20:45 . 2011-02-04 14:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-01-20 20:45 . 2011-02-01 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2011-02-04 14:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-01 18:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-01 18:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-04 14:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-01 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-04 14:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-06 14:08 . 2011-02-04 11:39 75852 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-04 14:22 44038 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-06 03:46 . 2011-02-04 14:22 17314 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-465570233-4148414345-125681747-1000_UserData.bin
- 2009-07-14 05:30 . 2011-02-01 14:00 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-02-03 20:34 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-01-06 22:37 . 2011-01-06 22:37 89840 c:\windows\system32\DriverStore\FileRepository\inspect.inf_amd64_neutral_5379ce3149166da4\inspect.sys
- 2009-11-06 01:07 . 2011-02-01 14:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-06 01:07 . 2011-02-04 14:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-01 14:05 . 2011-02-01 14:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-01 14:05 . 2011-02-04 14:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-01 14:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-04 14:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-06 03:51 . 2011-02-01 19:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-06 03:51 . 2011-02-04 14:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-06 03:51 . 2011-02-01 19:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-06 03:51 . 2011-02-04 14:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-06 03:51 . 2011-02-04 14:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-06 03:51 . 2011-02-01 19:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-06 03:51 . 2011-02-04 14:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-06 03:51 . 2011-02-01 19:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-06 03:51 . 2011-02-04 14:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-06 03:51 . 2011-02-01 19:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-01 18:59 . 2011-02-01 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-04 14:19 . 2011-02-04 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-04 14:19 . 2011-02-04 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-01 18:59 . 2011-02-01 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-09 01:53 . 2011-02-03 22:28 360248 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:30 . 2011-02-01 14:00 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-02-03 20:34 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-02-03 20:34 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-02-01 14:00 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:12 . 2011-02-04 14:19 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-01-31 02:49 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-02-01 18:58 416696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-02-04 14:18 416696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-02-04 12:49 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-02-01 18:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-02-03 20:31 . 2011-02-03 20:31 29910016 c:\windows\Installer\1f04881.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
"KBD"=c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"WinPatrol"=c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"NoTrace"="c:\program files (x86)\No Trace\NoTrace2.exe" -mini
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-21 828912]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-06 250008]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-06 39888]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/07 21:42];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 19:50 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-05 988216]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-05 399416]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-05-07 1403208]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVia64
*Deregistered* - SRTSPX
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]

2011-01-28 c:\windows\Tasks\HPCeeScheduleForBreitzig Family.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-12 01:17]

2011-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF24353.cfxxe" [X]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 8866120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.comcast.net/
mLocal Page = %SystemRoot%\system32\blank.htm
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: {BD5D0805-E5E7-4CE5-8B7C-615DC494A13B} = 156.154.70.22,156.154.71.22
TCP: {EDC2B924-E5D6-47D0-A104-4FD93E326D22} = 156.154.70.22,156.154.71.22
DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
FF - ProfilePath - c:\users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: LoudMo Contextual Ad Assistant: {e283c447-b10b-4344-e22d-37d65dc1a78d} - c:\program files (x86)\Mozilla Firefox\extensions\{e283c447-b10b-4344-e22d-37d65dc1a78d}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Breitzig Family\AppData\Roaming\Move Networks
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-02-04 09:27:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-04 14:27
ComboFix2.txt 2011-02-01 19:06
ComboFix3.txt 2011-01-31 23:12

Pre-Run: 526,031,839,232 bytes free
Post-Run: 525,971,824,640 bytes free

- - End Of File - - 664371F22AC4E02F90E3E619CCC703E8
 
Quick question:

HiJack This found:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

Which is different from what you posted above. Should I still delete this one?
 
Regarding Cyberlink: I did some searching and found the following Services:

PCMService>>
CyberLink’s PowerCinema Resident Program startup task found on many laptops. Devloped by CyberLink based on CyberLink’s PowerCinema software (CyberLink are also the makers of PowerDVD). Disabling this task on the Startups does not prevent the Multimedia Player from functioning properly. when this task is left enabled it has a history on some laptops of either preventing the screensaver from kicking in, or preventing the laptop from entering standby/hibernation/sleep‑mode.
From answersthatwork. (edited)

PDVDServ.exe>>>
Cyberlink’s PowerDVD Remove Control Service. This startup item and background task is installed during the installation of PowerDVD 5.0 and interfaces between your DVD drive’s USB remote control unit and PowerDVD. Recommendation : If you have a USB Remote Control unit which allows you to control PowerDVD through the use of a Remote Control, rather than through the mouse, then you need this task. In all other cases you can disable this task.
From danisweb & neuber

Click on Start> Run> type in services.msc> enter> double click on each of the following> Change Startup type to Manual:
PCMService
PDVDServ.

Exit Services
============================================
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} WormRadar.com IESiteBlocker.NavFilter LinkScannerIE.dll, avgssie.dll, avgssiea.dll AVG LinkScanner

Check for removal please.

Edit: Whoops! Forgot one more: Use Windows explorer to get to this program file>>
"C:\Program Files\CyberLink\Shared Files\RichVideo.exe" (Product: RichVideo Module or Cyberlink RichVideo Service(CRVS))
RichVideo.exe is installed in "CyberLink Install folder\Shared files". There is 3 more files in this folder:- Richvideoinstall.exe, RichvideoUninstall.exe,Richvideops.dll. You can remove richvideo.exe from memory by executing richvideouninstall.exe.
C:\Program Files\CyberLink\Shared Files\richvideouninstall.exe to remove. This program also does not allow proper shutdown of Firefox!
Process name: RichVideo Module
 
Could not find RichvideoUninstall.exe in the listed path above. Only files present are RichVideo.exe, RichVideo.exe.manifest, and RichVideops.dll

Also could not find PCM Service or PDVD Service using services.msc
 
Regarding CyberLink: I included the Registry entires for this to load in the script below.
Regarding Lightscribe: It is showing associated with HP. Just check the following Service and make sure Startup type is set to Manual. You do not need to disable or delete it. The Service may shows as > LightScribeService or LSSrvc.
==================================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
windows\system32\drivers\SBREDrv.sys
Folder::
c:\users\Breitzig Family\AppData\Roaming\AVG10
Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdateLBPShortCut"=-
"UpdateP2GoShortCut"=-
"UpdatePDIRShortCut"=-
"UpdatePSTShortCut"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . No need to submit log unless there are questions.
====================
If there are no more problems or questions, you can removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

      Creating a Restore Point in Windows 7:
      • Click on Start> right click on Computer> Properties
      • Select System Protection
      • Click on the Create button (near bottom)
      • Type a name for the Restore Point
      • Click on Create again to save the restore point.

      Deleting all but the most recent System Protection point in Windows 7
      1. Click Start> Computer> right click the C Drive and choose Properties> enter.
      2. Click Disk Cleanup from there.
        image2.png
      3. Click Clean up system files
        This restarts Disk Cleanup to run in elevated mode.
      4. Click the More Options tab
        w7-srp2.png
      5. Click the Clean up under System Restore and Shadow Copies.
      6. Click OK.
      7. You will get a confirmation screen> Just click Delete.
      8. Click OK on the Disk Cleanup Screen.
      9. Click Delete Files on the Confirmation screen.
      image6.png

      It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
      Images courtesy lytebyte.

      Empty the Recycle Bin

      Let me know if you have any more questions.
 
You're welcome Scot. I'm leaving some tip for you- a couple don't work on Windows 7, but all are good.
Tips for added security and safer browsing:
  1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
    This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
  2. Have layered Security:
    • Antivirus Software(only one):Both of the following programs are free and known to be good:
      [o]Avira Free
      [o]Avast Home
    • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    • Antispyware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
    IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
    Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
    [o]Replace the Host Files
    MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
  3. Stay current on updates:
    [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
    [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
  4. Reset Cookies to prevent Tracking Cookies:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
  5. Do regular Maintenance
    Remove Temporary Internet Files regularly:
    [o]ATF Cleaner by Atribune
    OR
    [o]TFC
    Disable and Enable System Restore:
    [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
  6. Practice Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Use a Site Advisor:
The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.http://www.mywot.com/en/download
 
Status
Not open for further replies.
Back