win32.agent.gvu Help please

[chrisbva81]

I got a virus a few months back and I'm not sure the name of it. Recently, I ran sypbot and it found win32.agent.gvu. For a while now when I try to search Google or any other major search engines my browser give the error "The connection was reset". I read that it was because of malware. Thanks everyone in advance for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:32 PM, on 2/24/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: CorelCENTRAL 10.lnk = ?
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://academic.cengage.com
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: http://toolbarupdate.myspacecdn.com
O15 - Trusted Zone: http://www.pokerstars.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCMobilizr Connection Service (PCMobilizr) - Unknown owner - C:\Program Files\PCMobilizr\PCMobilizrService.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11944 bytes

[chrisbva81]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:21 PM, on 3/1/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: CorelCENTRAL 10.lnk = ?
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://academic.cengage.com
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: http://toolbarupdate.myspacecdn.com
O15 - Trusted Zone: http://www.pokerstars.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Hewlett-Packard Company - (no file)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10381 bytes

[Blade81]

Hello,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

[chrisbva81]

DDS (Ver_09-09-29.01) - NTFSx86
Run by chris at 14:26:30.50 on Tue 03/02/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.727 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: AdwareAlert *enabled* (Updated) {02F2245C-C701-4351-BA7B-DFECE65DE7B2}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\chris\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\corelc~1.lnk - c:\windows\installer\{f73e7b59-f951-11d4-884d-00902761a46d}\I_26dadCC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: cengage.com\academic
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: myspace.com\www
Trusted Zone: myspacecdn.com\toolbarupdate
Trusted Zone: pokerstars.com\www
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-10-26 131616]
R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [2009-1-14 53412]
R2 FlipShare Service;FlipShare Service;c:\program files\flip video\flipshare\FlipShareService.exe [2009-6-4 451904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-30 93320]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-18 1153368]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S2 PCMobilizr;PCMobilizr Connection Service; [x]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-15 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-7 30192]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\drivers\lvce.sys [2008-7-15 44032]

=============== Created Last 30 ================

2010-03-01 20:53 <DIR> --d----- c:\users\chris\appdata\roaming\Malwarebytes
2010-03-01 20:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 20:53 <DIR> --d----- c:\programdata\Malwarebytes
2010-03-01 20:53 <DIR> --d----- c:\progra~2\Malwarebytes
2010-03-01 20:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-03-01 20:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 20:15 <DIR> --d----- c:\windows\pss
2010-02-25 21:25 <DIR> --d----- c:\programdata\WindowsSearch
2010-02-25 21:00 87,712 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-25 20:20 471,552 a------- c:\windows\system32\secproc_isv.dll
2010-02-25 20:20 471,552 a------- c:\windows\system32\secproc.dll
2010-02-25 20:20 526,336 a------- c:\windows\system32\RMActivate_isv.exe
2010-02-25 20:20 518,144 a------- c:\windows\system32\RMActivate.exe
2010-02-25 20:20 347,136 a------- c:\windows\system32\RMActivate_ssp.exe
2010-02-25 20:20 346,624 a------- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-25 20:20 332,288 a------- c:\windows\system32\msdrm.dll
2010-02-25 20:20 152,576 a------- c:\windows\system32\secproc_ssp_isv.dll
2010-02-25 20:20 152,064 a------- c:\windows\system32\secproc_ssp.dll
2010-02-25 20:20 2,048 a------- c:\windows\system32\tzres.dll
2010-02-25 20:19 1,696,256 a------- c:\windows\system32\gameux.dll
2010-02-25 20:19 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-25 20:19 28,672 a------- c:\windows\system32\Apphlpdm.dll
2010-02-25 20:16 <DIR> --d----- c:\program files\Free Window Registry Repair
2010-02-25 00:40 95,024 a------- c:\windows\system32\drivers\SBREDrv.sys
2010-02-24 19:21 1,640,400 a------- c:\windows\PCTBDCore.dll.old
2010-02-24 19:21 767,952 a------- c:\windows\BDTSupport.dll.old
2010-02-24 18:59 <DIR> --d----- c:\program files\Spyware Doctor
2010-02-23 23:51 <DIR> --d----- c:\programdata\Norton
2010-02-23 23:51 <DIR> --d----- c:\progra~2\Norton
2010-02-23 23:51 <DIR> --d----- c:\programdata\NortonInstaller
2010-02-23 23:51 <DIR> --d----- c:\progra~2\NortonInstaller
2010-02-23 22:57 <DIR> --d----- c:\temp\ListDLLS
2010-02-23 22:57 <DIR> --d----- C:\Temp
2010-02-23 21:23 <DIR> --d----- C:\969e276df900c00b4aa5d4ea44f77d
2010-02-18 22:49 <DIR> --d----- c:\programdata\NOS
2010-02-18 21:01 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2010-02-18 21:01 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-02-18 21:01 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2010-02-18 18:20 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2010-02-18 18:20 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2010-02-18 17:40 <DIR> --d----- c:\users\chris\appdata\roaming\Symantec
2010-02-11 20:01 105,984 a------- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 20:01 212,992 a------- c:\windows\system32\drivers\mrxsmb10.sys

==================== Find3M ====================

2010-02-24 09:16 181,632 -------- c:\windows\system32\MpSigStub.exe
2010-02-18 18:23 143,360 a------- c:\windows\inf\infstrng.dat
2010-02-18 18:23 51,200 a------- c:\windows\inf\infpub.dat
2010-02-18 18:23 86,016 a------- c:\windows\inf\infstor.dat
2010-01-06 10:38 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2010-01-06 10:38 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2010-01-06 10:38 542,720 a------- c:\windows\apppatch\AcLayers.dll
2010-01-06 10:38 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2010-01-02 01:38 916,480 a------- c:\windows\system32\wininet.dll
2010-01-02 01:32 109,056 a------- c:\windows\system32\iesysprep.dll
2010-01-02 01:32 71,680 a------- c:\windows\system32\iesetup.dll
2010-01-01 23:57 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-12-20 20:21 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-12-18 16:32 196,199 a------- c:\windows\hpoins41.dat
2009-12-04 13:30 12,288 a------- c:\windows\system32\tsbyuv.dll
2009-12-04 13:29 1,314,816 a------- c:\windows\system32\quartz.dll
2009-12-04 13:28 22,528 a------- c:\windows\system32\msyuv.dll
2009-12-04 13:28 123,904 a------- c:\windows\system32\msvfw32.dll
2009-12-04 13:28 31,744 a------- c:\windows\system32\msvidc32.dll
2009-12-04 13:28 13,312 a------- c:\windows\system32\msrle32.dll
2009-12-04 13:28 82,944 a------- c:\windows\system32\mciavi32.dll
2009-12-04 13:28 50,176 a------- c:\windows\system32\iyuv_32.dll
2009-12-04 13:27 91,136 a------- c:\windows\system32\avifil32.dll
2009-11-17 03:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-05 22:40 356 a------- c:\users\chris\appdata\roaming\wklnhst.dat
2008-07-19 02:05 635,525 a------- c:\users\chris\newcodec.exe
2008-04-16 00:42 174 a--sh--- c:\program files\desktop.ini
2007-10-23 12:51 243,226,648 a------- c:\users\chris\Desktop Software v4.2 SP2 (English).exe
2007-10-23 11:01 442,335 a------- c:\users\chris\net_rim_theme_bb_today_240x260.zip
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:27:06.19 ===============

[chrisbva81]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/28/2007 12:42:29 PM
System Uptime: 3/2/2010 2:12:53 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 292 GiB total, 178.27 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.889 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart Premium C309g-m
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce RAID Device
Device ID: ROOT\NVRAIDSETUP\0000
Manufacturer: NVIDIA Corporation
Name: NVIDIA nForce RAID Device
PNP Device ID: ROOT\NVRAIDSETUP\0000
Service: nvrd32

Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce RAID Device
Device ID: ROOT\NVRAIDSETUP\0001
Manufacturer: NVIDIA Corporation
Name: NVIDIA nForce RAID Device
PNP Device ID: ROOT\NVRAIDSETUP\0001
Service: nvrd32

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Ad-Aware Email Scanner for Outlook
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro
Adobe Reader 9.3
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BOINC
BufferChm
C309g-m
Cakewalk Pyro 1.5
CleanUp!
Compatibility Pack for the 2007 Office system
Destinations
DeviceDiscovery
DHTML Editing Component
DivX
Download Accelerator Plus (DAP)
Empire Earth II
Enhanced Multimedia Keyboard Solution
Flickr Uploadr 2.5.0.14
FlipShare
Free Window Registry Repair
Google Desktop
Google Earth
Google Update Helper
GPBaseService2
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Connections (remove only)
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 13.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Imaging Device Functions 13.0
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
HP Picasso Media Center Add-In
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iTunes
Last.fm 1.5.4.24567
LightScribe 1.4.124.1
Linksys Wireless-N USB Network Adapter WUSB300N
Logitech QuickCam
Macromedia Contribute 3.11
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia FreeHand 10
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 3.5 SP1
Microsoft Flight Simulator 98
Microsoft Money 2007 Home & Business
Microsoft Money Shared Libraries
Microsoft Office 2000 SR-1 Professional
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
mIRC
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Neopets
Network
NSIS Mixxx
NVIDIA Drivers
oDesk MiniCam 2.0.73
oDesk ScreenSnap 2.0.113
oDesk Share 2.0.69
oDesk Team 2.0.140
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
OverDrive Media Console
Paint Shop Pro 7 ESD
PDF Settings
Picasa 2
Picture Viewer (Beta) for Windows SideShow
Plato Video To 3GP Converter 3.67
PokerStars
Polyglot 3000 (Version 3.20)
Pro Tracks Plus 2.2
ProjectWhois
PS_AIO_06_C309g-m_SW_Min
Python 2.4.3
QuickTime
RealProducer Plus 8.5
Realtek High Definition Audio Driver
Roxio Creator Basic v9
Roxio Creator Tools
Roxio Express Labeler 3
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shop for HP Supplies
SimCity 4 Deluxe
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
SmartWebPrinting
Soft Data Fax Modem with SmartCP
SolutionCenter
Spybot - Search & Destroy
Status
Tassman DXi SE 2.0
The Big Box of Art 410,000
The Sims 2
Toolbox
TrayApp
Trillian
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
USB Drum V1.03
Utherverse 3D Client
VC 9.0 Runtime
VisionGS PE
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebReg
Windows Media Player Firefox Plugin
WinRAR archiver
WordPerfect Office 2002 Professional

==== End Of File ===========================

[chrisbva81]

I'm waiting for the GMER scan to complete. I did a scan with Malwarbytes this morning and it found a lot of stuff. I'd figure I'd post the log incase it may help. I've used multiple scanners and they seem to find infections but it doesn't go away. Everything was removed successfully.

Thanks for your help!

Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/2/2010 2:10:30 PM
mbam-log-2010-03-02 (14-10-16).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Objects scanned: 467768
Time elapsed: 3 hour(s), 52 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\fioo32 (Worm.KoobFace) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\010112010146116101.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101464955.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465050.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465055.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465248.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465249.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465349.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\0101120101465649.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\bx4657.dat (KoobFace.Trace) -> No action taken.
C:\Windows\tw23567.dat (KoobFace.Trace) -> No action taken.
C:\Windows\hpm2.dat (KoobFace.Trace) -> No action taken.
C:\Windows\bk23567.dat (KoobFace.Trace) -> No action taken.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.
C:\Windows\tgm2.dat (KoobFace.Trace) -> No action taken.
C:\Program Files\Mozilla Firefox\ftemp.exe (Trojan.Dropper) -> No action taken.
C:\Windows\010112010146101105.rx (Malware.Trace) -> No action taken.

[chrisbva81]

When I run GMER it crashes and sends me to the blue screen about memory dumping and then my computer restarts.

Thanks!

[Blade81]

Hi,

Ok. Let's continue with ComboFix.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[chrisbva81]

ComboFix 10-03-02.08 - chris 03/03/2010 11:28:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1022 [GMT -5:00]
Running from: C:\Users\chris\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$RECYCLE.BIN\S-1-5-21-1043595940-1142482288-2820407123-500
C:\$RECYCLE.BIN\S-1-5-21-2152478756-3922319563-605102323-500
C:\Windows\system32\MSIMRT.DLL
C:\Windows\system32\MSIMRT32.DLL
C:\Windows\system32\MSIMUSIC.DLL
C:\Windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-02 21:46:27 . 2010-03-02 21:46:27 -------- d-----w- C:\Users\chris\Office Genuine Advantage
2010-03-02 01:53:22 . 2010-03-02 01:53:22 -------- d-----w- C:\Users\chris\AppData\Roaming\Malwarebytes
2010-03-02 01:53:15 . 2010-01-07 21:07:14 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-03-02 01:53:12 . 2010-03-02 01:53:20 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-02 01:53:12 . 2010-01-07 21:07:04 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-02-26 02:00:49 . 2010-02-26 02:00:49 87712 ----a-w- C:\Windows\system32\GDIPFONTCACHEV1.DAT
2010-02-26 01:20:32 . 2010-01-25 12:00:35 471552 ----a-w- C:\Windows\system32\secproc_isv.dll
2010-02-26 01:20:32 . 2010-01-25 12:00:22 471552 ----a-w- C:\Windows\system32\secproc.dll
2010-02-26 01:20:30 . 2010-01-25 08:21:20 526336 ----a-w- C:\Windows\system32\RMActivate_isv.exe
2010-02-26 01:20:30 . 2010-01-25 08:21:20 346624 ----a-w- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-26 01:20:30 . 2010-01-25 08:21:18 518144 ----a-w- C:\Windows\system32\RMActivate.exe
2010-02-26 01:20:30 . 2010-01-25 08:21:18 347136 ----a-w- C:\Windows\system32\RMActivate_ssp.exe
2010-02-26 01:20:29 . 2010-01-25 12:00:35 152576 ----a-w- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-26 01:20:29 . 2010-01-25 12:00:35 152064 ----a-w- C:\Windows\system32\secproc_ssp.dll
2010-02-26 01:20:29 . 2010-01-25 11:58:52 332288 ----a-w- C:\Windows\system32\msdrm.dll
2010-02-26 01:20:13 . 2010-01-23 09:26:13 2048 ----a-w- C:\Windows\system32\tzres.dll
2010-02-26 01:19:12 . 2010-01-06 15:39:38 1696256 ----a-w- C:\Windows\system32\gameux.dll
2010-02-26 01:19:10 . 2010-01-06 15:38:47 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2010-02-26 01:19:10 . 2010-01-06 13:30:41 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-26 01:16:38 . 2010-02-26 01:33:19 -------- d-----w- C:\Program Files\Free Window Registry Repair
2010-02-25 18:32:17 . 2010-02-25 18:32:17 -------- d-----w- C:\Users\chris\AppData\Local\Threat Expert
2010-02-25 05:40:15 . 2010-02-25 05:40:13 95024 ----a-w- C:\Windows\system32\drivers\SBREDrv.sys
2010-02-24 23:59:33 . 2010-03-02 01:19:03 -------- d-----w- C:\Program Files\Spyware Doctor
2010-02-24 03:57:37 . 2010-02-24 04:14:04 -------- d-----w- C:\temp\ListDLLS
2010-02-24 03:57:37 . 2010-02-24 03:57:37 -------- d-----w- C:\Temp
2010-02-24 02:23:18 . 2010-02-24 02:23:19 -------- d-----w- C:\969e276df900c00b4aa5d4ea44f77d
2010-02-19 03:24:26 . 2009-12-16 21:05:58 347136 ----a-w- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-02-19 03:24:26 . 2009-12-16 21:05:58 340992 ----a-w- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-02-19 03:24:26 . 2009-12-16 21:05:56 43008 ----a-w- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-02-19 03:24:24 . 2009-12-16 21:05:58 471040 ----a-w- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2010-02-19 03:24:24 . 2009-12-16 21:05:56 1452032 ----a-w- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-02-19 02:01:05 . 2010-02-19 22:24:12 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-02-18 23:30:40 . 2010-02-18 23:30:40 -------- d-----w- C:\Users\chrisb\AppData\Roaming\InstallShield
2010-02-18 23:20:36 . 2009-12-08 20:01:02 3600456 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2010-02-18 23:20:36 . 2009-12-08 20:01:02 3548216 ----a-w- C:\Windows\system32\ntoskrnl.exe
2010-02-18 22:40:26 . 2010-02-18 22:40:26 -------- d-----w- C:\Users\chris\AppData\Roaming\Symantec
2010-02-12 01:01:51 . 2009-12-04 15:56:09 105984 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2010-02-12 01:01:50 . 2009-12-04 15:56:16 212992 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 01:39:49 . 2007-03-30 18:03:32 -------- d-----w- C:\Program Files\Java
2010-03-02 01:11:10 . 2007-04-09 03:00:47 -------- d-----w- C:\Program Files\Lavasoft
2010-02-26 01:58:00 . 2007-03-28 20:58:26 8224 ----a-w- C:\Users\chris\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 05:44:03 . 2007-01-23 03:35:42 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-02-24 14:16:06 . 2009-10-03 01:48:49 181632 ------w- C:\Windows\system32\MpSigStub.exe
2010-02-24 06:39:32 . 2007-01-23 03:28:31 -------- d-----w- C:\Program Files\Microsoft Works
2010-02-19 06:24:24 . 2007-01-23 03:27:08 -------- d-----w- C:\Program Files\Common Files\Adobe
2010-02-18 23:30:45 . 2008-04-17 15:05:39 87144 ----a-w- C:\Users\chrisb\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-18 23:29:39 . 2009-10-28 00:56:16 -------- d-----w- C:\Program Files\McAfee
2010-02-18 22:36:18 . 2007-01-23 03:34:19 -------- d-----w- C:\Program Files\Yahoo!
2010-02-17 03:26:49 . 2007-11-27 22:52:37 -------- d-----w- C:\Program Files\DAP
2010-02-17 03:24:42 . 2007-05-28 19:04:49 -------- d-----w- C:\Program Files\GameSpy Arcade
2010-02-17 03:22:41 . 2008-07-16 03:43:26 -------- d-----w- C:\Program Files\ma-config.com
2010-02-17 03:21:55 . 2007-03-29 07:10:23 -------- d-----w- C:\Program Files\Google
2010-02-17 03:11:52 . 2008-04-30 05:00:20 -------- d-----w- C:\Users\chris\AppData\Roaming\yahoo!
2010-02-17 03:04:48 . 2007-04-12 05:36:55 -------- d-----w- C:\Program Files\MySpace
2010-02-12 21:37:33 . 2007-04-09 07:05:46 -------- d-----w- C:\Program Files\Picasa2
2010-02-12 01:20:19 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2010-01-22 00:56:42 . 2009-07-25 03:09:58 -------- d-----w- C:\Program Files\Bonjour
2010-01-13 22:19:56 . 2010-01-13 22:19:56 -------- d-----w- C:\Program Files\Microsoft.NET
2010-01-06 15:38:40 . 2010-02-26 01:19:11 173056 ----a-w- C:\Windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38:39 . 2010-02-26 01:19:11 542720 ----a-w- C:\Windows\AppPatch\AcLayers.dll
2010-01-06 15:38:39 . 2010-02-26 01:19:11 458752 ----a-w- C:\Windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38:39 . 2010-02-26 01:19:11 2159616 ----a-w- C:\Windows\AppPatch\AcGenral.dll
2010-01-02 06:38:20 . 2010-02-05 15:11:46 916480 ----a-w- C:\Windows\system32\wininet.dll
2010-01-02 06:32:33 . 2010-02-05 15:11:43 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2010-01-02 06:32:33 . 2010-02-05 15:11:42 71680 ----a-w- C:\Windows\system32\iesetup.dll
2010-01-02 04:57:00 . 2010-02-05 15:11:43 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-12-28 01:39:08 . 2007-06-09 07:38:36 84808 ----a-w- C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-21 01:21:33 . 2009-12-19 02:17:36 43520 ----a-w- C:\Windows\system32\CmdLineExt03.dll
2009-12-18 21:32:03 . 2009-12-18 21:04:31 196199 ----a-w- C:\Windows\hpoins41.dat
2009-12-11 11:43:30 . 2010-02-12 01:02:25 302080 ----a-w- C:\Windows\system32\drivers\srv.sys
2009-12-11 11:43:11 . 2010-02-12 01:02:24 98816 ----a-w- C:\Windows\system32\drivers\srvnet.sys
2009-12-08 20:01:08 . 2010-02-12 01:02:18 904776 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-12-08 17:26:18 . 2010-02-12 01:02:16 30720 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30:05 . 2010-02-12 01:02:06 12288 ----a-w- C:\Windows\system32\tsbyuv.dll
2009-12-04 18:29:41 . 2010-02-12 01:02:09 1314816 ----a-w- C:\Windows\system32\quartz.dll
2009-12-04 18:28:52 . 2010-02-12 01:02:06 22528 ----a-w- C:\Windows\system32\msyuv.dll
2009-12-04 18:28:51 . 2010-02-12 01:02:07 31744 ----a-w- C:\Windows\system32\msvidc32.dll
2009-12-04 18:28:51 . 2010-02-12 01:02:05 123904 ----a-w- C:\Windows\system32\msvfw32.dll
2009-12-04 18:28:49 . 2010-02-12 01:02:06 13312 ----a-w- C:\Windows\system32\msrle32.dll
2009-12-04 18:28:27 . 2010-02-12 01:02:06 82944 ----a-w- C:\Windows\system32\mciavi32.dll
2009-12-04 18:28:21 . 2010-02-12 01:02:06 50176 ----a-w- C:\Windows\system32\iyuv_32.dll
2009-12-04 18:27:12 . 2010-02-12 01:02:05 91136 ----a-w- C:\Windows\system32\avifil32.dll
2009-11-24 14:09:41 . 2007-09-07 05:05:22 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-16 22:59:24 1480296]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2008-01-19 07:33:25 49664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 07:38:38 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 13:42:24 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 15:16:56 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 09:52:08 4702208]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-24 14:09:40 30192]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2007-11-27 22:52:38 4568576]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 13:39:28 98304]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-23 01:49:00 13539872]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-23 01:49:00 92704]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 21:18:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-07-13 18:03:10 292128]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2009-10-29 11:54:44 1218008]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2009-07-08 02:02:26 1176808]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 21:24:20 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 06:57:28 35760]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 20:57:56 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 21:18:15 443968]

C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
CorelCENTRAL 10.lnk - C:\Windows\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe [2009-9-8 5222]
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2007-1-22 34520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=C:\Windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40:32 218032 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 09:40:32 218032 ----a-w- C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):30,ea,79,c3,f1,57,ca,01

R1 GearAspiSys;GearAspiSys;C:\Windows\System32\drivers\GEARASPISYS.SYS [1/14/2009 12:14:29 AM 53412]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [10/30/2009 8:01:43 PM 93320]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2/18/2010 9:01:09 PM 1153368]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);C:\Windows\System32\drivers\MRVW24B.sys [3/19/2008 6:10:54 AM 310016]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2/16/2010 10:21:16 PM 135664]
S2 PCMobilizr;PCMobilizr Connection Service; [x]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [9/7/2007 12:05:02 AM 30192]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);C:\Windows\System32\drivers\lvce.sys [7/15/2008 11:05:40 PM 44032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-17 03:21:16 . 2010-02-17 03:21:01]

2010-03-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-17 03:21:16 . 2010-02-17 03:21:01]

2010-01-15 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-02 11:24:09 . 2009-09-25 17:22:14]

2010-03-01 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-02 11:24:09 . 2009-09-25 17:22:14]

2010-03-03 C:\Windows\Tasks\User_Feed_Synchronization-{9D06D051-B2F1-45C3-A333-1788B0761893}.job
- C:\Windows\system32\msfeedssync.exe [2010-02-05 15:11:42 . 2010-01-02 04:56:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
IE: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cengage.com\academic
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: myspace.com\www
Trusted Zone: myspacecdn.com\toolbarupdate
Trusted Zone: pokerstars.com\www
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
FF - ProfilePath - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\
FF - component: C:\Program Files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

[chrisbva81]

DDS (Ver_09-09-29.01) - NTFSx86
Run by chris at 11:50:47.86 on Wed 03/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.747 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\hp\kbd\kbd.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\chris\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\corelc~1.lnk - c:\windows\installer\{f73e7b59-f951-11d4-884d-00902761a46d}\I_26dadCC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: cengage.com\academic
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: myspace.com\www
Trusted Zone: myspacecdn.com\toolbarupdate
Trusted Zone: pokerstars.com\www
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\j42usd1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-10-26 131616]
R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [2009-1-14 53412]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\drivers\lvce.sys [2008-7-15 44032]

=============== Created Last 30 ================

2010-03-03 11:45 <DIR> --dsh--- C:\$RECYCLE.BIN
2010-03-03 11:25 77,312 a------- c:\windows\MBR.exe
2010-03-03 11:25 261,632 a------- c:\windows\PEV.exe
2010-03-03 11:25 161,792 a------- c:\windows\SWREG.exe
2010-03-03 11:25 98,816 a------- c:\windows\sed.exe
2010-03-03 11:25 <DIR> --d----- C:\ComboFix
2010-03-02 16:46 <DIR> --d----- c:\programdata\Office Genuine Advantage
2010-03-02 16:46 <DIR> --d----- c:\users\chris\Office Genuine Advantage
2010-03-01 20:53 <DIR> --d----- c:\users\chris\appdata\roaming\Malwarebytes
2010-03-01 20:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 20:53 <DIR> --d----- c:\programdata\Malwarebytes
2010-03-01 20:53 <DIR> --d----- c:\progra~2\Malwarebytes
2010-03-01 20:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-03-01 20:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 20:15 <DIR> --d----- c:\windows\pss
2010-02-25 21:25 <DIR> --d----- c:\programdata\WindowsSearch
2010-02-25 21:00 87,712 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-25 20:20 471,552 a------- c:\windows\system32\secproc_isv.dll
2010-02-25 20:20 471,552 a------- c:\windows\system32\secproc.dll
2010-02-25 20:20 526,336 a------- c:\windows\system32\RMActivate_isv.exe
2010-02-25 20:20 518,144 a------- c:\windows\system32\RMActivate.exe
2010-02-25 20:20 347,136 a------- c:\windows\system32\RMActivate_ssp.exe
2010-02-25 20:20 346,624 a------- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-25 20:20 332,288 a------- c:\windows\system32\msdrm.dll
2010-02-25 20:20 152,576 a------- c:\windows\system32\secproc_ssp_isv.dll
2010-02-25 20:20 152,064 a------- c:\windows\system32\secproc_ssp.dll
2010-02-25 20:20 2,048 a------- c:\windows\system32\tzres.dll
2010-02-25 20:19 1,696,256 a------- c:\windows\system32\gameux.dll
2010-02-25 20:19 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-25 20:19 28,672 a------- c:\windows\system32\Apphlpdm.dll
2010-02-25 20:16 <DIR> --d----- c:\program files\Free Window Registry Repair
2010-02-25 00:40 95,024 a------- c:\windows\system32\drivers\SBREDrv.sys
2010-02-24 19:21 1,640,400 a------- c:\windows\PCTBDCore.dll.old
2010-02-24 19:21 767,952 a------- c:\windows\BDTSupport.dll.old
2010-02-24 18:59 <DIR> --d----- c:\program files\Spyware Doctor
2010-02-23 23:51 <DIR> --d----- c:\programdata\Norton
2010-02-23 23:51 <DIR> --d----- c:\progra~2\Norton
2010-02-23 23:51 <DIR> --d----- c:\programdata\NortonInstaller
2010-02-23 23:51 <DIR> --d----- c:\progra~2\NortonInstaller
2010-02-23 22:57 <DIR> --d----- c:\temp\ListDLLS
2010-02-23 22:57 <DIR> --d----- C:\Temp
2010-02-23 21:23 <DIR> --d----- C:\969e276df900c00b4aa5d4ea44f77d
2010-02-18 22:49 <DIR> --d----- c:\programdata\NOS
2010-02-18 21:01 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2010-02-18 21:01 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-02-18 21:01 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2010-02-18 18:20 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2010-02-18 18:20 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2010-02-18 17:40 <DIR> --d----- c:\users\chris\appdata\roaming\Symantec
2010-02-11 20:01 105,984 a------- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 20:01 212,992 a------- c:\windows\system32\drivers\mrxsmb10.sys

==================== Find3M ====================

2010-02-24 09:16 181,632 -------- c:\windows\system32\MpSigStub.exe
2010-02-18 18:23 143,360 a------- c:\windows\inf\infstrng.dat
2010-02-18 18:23 51,200 a------- c:\windows\inf\infpub.dat
2010-02-18 18:23 86,016 a------- c:\windows\inf\infstor.dat
2010-01-06 10:38 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2010-01-06 10:38 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2010-01-06 10:38 542,720 a------- c:\windows\apppatch\AcLayers.dll
2010-01-06 10:38 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2010-01-02 01:38 916,480 a------- c:\windows\system32\wininet.dll
2010-01-02 01:32 109,056 a------- c:\windows\system32\iesysprep.dll
2010-01-02 01:32 71,680 a------- c:\windows\system32\iesetup.dll
2010-01-01 23:57 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-12-20 20:21 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-12-18 16:32 196,199 a------- c:\windows\hpoins41.dat
2009-12-04 13:30 12,288 a------- c:\windows\system32\tsbyuv.dll
2009-12-04 13:29 1,314,816 a------- c:\windows\system32\quartz.dll
2009-12-04 13:28 22,528 a------- c:\windows\system32\msyuv.dll
2009-12-04 13:28 123,904 a------- c:\windows\system32\msvfw32.dll
2009-12-04 13:28 31,744 a------- c:\windows\system32\msvidc32.dll
2009-12-04 13:28 13,312 a------- c:\windows\system32\msrle32.dll
2009-12-04 13:28 82,944 a------- c:\windows\system32\mciavi32.dll
2009-12-04 13:28 50,176 a------- c:\windows\system32\iyuv_32.dll
2009-12-04 13:27 91,136 a------- c:\windows\system32\avifil32.dll
2009-11-17 03:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-05 22:40 356 a------- c:\users\chris\appdata\roaming\wklnhst.dat
2008-07-19 02:05 635,525 a------- c:\users\chris\newcodec.exe
2008-04-16 00:42 174 a--sh--- c:\program files\desktop.ini
2007-10-23 12:51 243,226,648 a------- c:\users\chris\Desktop Software v4.2 SP2 (English).exe
2007-10-23 11:01 442,335 a------- c:\users\chris\net_rim_theme_bb_today_240x260.zip
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:51:57.30 ===============