I have picked something up on my computer. :( It is causing an insane amount of pop-ups and I can't get rid of it. I also can not install SpyBot S&D. When I try to the computer reboots and gives me this message when it comes back on it states that Spybot has stopped working. This is the details under the message:

Problem signature:
Problem Event Name: APPCRASH
Application Name: SpybotSD.exe
Application Version: 1.6.2.46
Application Timestamp: 2a425e19
Fault Module Name: SpybotSD.exe
Fault Module Version: 1.6.2.46
Fault Module Timestamp: 2a425e19
Exception Code: 80000003
Exception Offset: 002e5bb0
OS Version: 6.0.6001.2.1.0.256.6
Locale ID: 1033
Additional Information 1: d18c
Additional Information 2: d916fd58afed57c995b7d8ef5bc81b76
Additional Information 3: 1534
Additional Information 4: c0e2885634414ca20f82a6a628faa4bd

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409


I have run hijackthis and here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:38 AM, on 12/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\hkcmd.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?o=14482&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198686107\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [winupdate86.exe] C:\Windows\system32\winupdate86.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSWUpdate] C:\Users\Medical Transcriptio\AppData\Roaming\lsass.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 12696 bytes

Any help would be greatly appreciated.......

Thank you!

Hi clcakes and welcome to the forums here at Spybot S&D.

I'd like to get better look at things before we make any changes.

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download This file (http://www.gmer.net/download.php). Note its name and save it to your root folder, such as C:\.


Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Happy New Year! Thanks for getting back to me -- I really appreciate the help.

I was able to do the first part that you requested (let me know if I didn't do the upload correctly) but I'm having problems w/the 2nd program. It gets almost to the end and the computer reboots itself. I'm going to try again -- wish me luck!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Medical Transcriptio at 18:28:43.56 on Thu 12/31/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2002.800 [GMT -5:00]

SP: MalwareRemovalBot *disabled* (Updated) {17AEFC99-0DC8-4940-90B8-08A89D9706CF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k Cognizance
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Medical Transcriptio\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/web?o=14482&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [<NO NAME>]
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MSWUpdate] c:\users\medical transcriptio\appdata\roaming\lsass.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\hp\setrefresh\SetRefresh.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HostManager] c:\program files\common files\aol\1198686107\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [winupdate86.exe] c:\windows\system32\winupdate86.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: APSHook.dll
LSA: Notification Packages = SbHpNp scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\medica~1\appdata\roaming\mozilla\firefox\profiles\javw7hc6.default\
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-25 64288]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [2004-9-20 6144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-10-30 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-10-30 2521880]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\system32\drivers\ndiszapu.sys [2009-6-20 26000]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-5-8 347648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-29 34248]

=============== Created Last 30 ================

2009-12-31 16:03:18 0 d-----w- c:\program files\Trend Micro
2009-12-31 14:43:49 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 02:41:51 0 dc----w- C:\d36eaf4d68bef20749ed699a
2009-12-31 02:00:36 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-12-31 02:00:36 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-31 02:00:36 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-12-31 02:00:36 16997 ----a-w- c:\windows\system32\ANIO.VXD
2009-12-31 02:00:36 11904 ----a-w- c:\windows\system32\anio4.sys
2009-12-31 02:00:24 663552 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-31 02:00:24 57407 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-31 02:00:24 196608 ----a-w- c:\windows\system32\WlanApp.dll
2009-12-31 02:00:24 184320 ----a-w- c:\windows\system32\aIPH.dll
2009-12-31 02:00:24 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-31 02:00:24 0 d-----w- c:\program files\ANI
2009-12-30 20:36:35 0 dc----w- C:\55ca3c2950db9fa8c1f60fb8ceba
2009-12-30 20:30:48 0 d-----w- c:\users\medica~1\appdata\roaming\MalwareRemovalBot
2009-12-30 20:28:28 0 d-----w- c:\program files\MalwareRemovalBot
2009-12-30 02:28:57 0 dc----w- C:\0626a7d6b1686d3664116dc6b72f3d
2009-12-30 01:02:19 0 d-----w- c:\programdata\SiteAdvisor
2009-12-30 00:28:08 0 d-----w- c:\users\medica~1\appdata\roaming\Uniblue
2009-12-29 22:23:46 0 d-----w- c:\program files\SiteAdvisor
2009-12-29 22:19:48 0 d-----w- c:\program files\McAfee
2009-12-29 22:17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-29 22:11:06 0 d-----w- c:\programdata\McAfee
2009-12-29 21:16:25 0 d-----w- c:\users\medica~1\appdata\roaming\Tific
2009-12-29 21:15:28 0 d-----w- c:\users\medica~1\appdata\roaming\AVG8
2009-12-29 20:56:21 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-29 20:55:55 0 d-----w- c:\programdata\Norton
2009-12-29 20:51:04 0 d-----w- c:\programdata\NortonInstaller
2009-12-29 18:56:31 0 dc----w- C:\8f769eca39453ab529768da9b6f60b2d
2009-12-29 17:56:59 0 dc----w- C:\34df1b089c6347b81781d7728f
2009-12-29 17:03:50 0 dc----w- C:\d240aec59b299a30ff68c9
2009-12-29 16:08:59 0 dc----w- C:\c891f66fbd98def760
2009-12-29 15:59:40 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-29 15:59:28 0 dc----w- C:\5fa6c63c152843e01729cf3619a0e589
2009-12-29 15:18:13 0 dc----w- C:\4281221f06b1cf30841743
2009-12-29 15:15:33 0 dc----w- C:\0be319f2efcd1b5e6d3413d7
2009-12-29 13:35:48 0 dc----w- C:\b3bf961c2f57de6aacf2a473
2009-12-29 10:04:17 487 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-29 10:03:16 160 ----a-w- c:\windows\system32\srcr.dat
2009-12-14 17:23:01 0 d-----w- c:\users\medical transcriptio\Library
2009-12-14 17:22:30 0 d-----w- c:\programdata\Titanium
2009-12-14 17:22:21 0 d-----w- c:\program files\Club Penguin Money Maker
2009-12-14 17:22:01 0 d-----w- c:\users\medica~1\appdata\roaming\Titanium
2009-12-11 08:01:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 08:01:03 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 08:01:03 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2009-11-25 09:29:52 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-25 09:29:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-11 13:11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-11 13:07:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-11 13:07:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-11 13:02:41 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-11 13:02:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-11 13:02:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-04 21:54:12 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-07 12:41:32 244224 ----a-w- c:\windows\system32\rastls.dll
2009-10-07 12:41:31 281600 ----a-w- c:\windows\system32\raschap.dll
2008-10-28 22:56:35 174 --sha-w- c:\program files\desktop.ini
2008-10-28 22:46:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007122620071227\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2007-10-30 11:10:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:31:13.81 ===============

Per the instructions at the following post you must uninstall any and all P2P/BitTorrent/File Sharing Software prior to getting help here.

http://forums.spybot.info/showpost.php?p=218503&postcount=4


AskBar.dll (Ask Toolbar) process can be removed to free up resources without compromising system performance. http://vil.nai.com/vil/content/v_146646.htm

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.
Ben Edelman http://blogs.zdnet.com/Spyware/?p=858

I discourage users from running Ask's toolbars for two reasons. First, Ask moves the browser's Address Bar from top-left (where it is found in every browser I've ever seen) to top-right. Ask puts its own search box in the top-left. So Ask's software makes it highly likely that users will accidentally conduct searches when they intend simply to navigate to sites they request by name.

Second, Ask's toolbar leads to landing pages that are objectionable in their own right. Ask's landing pages show ten ads - ten! - above the first organic result. On a 800×600 screen, that means 2 full pages of ads, plus a little bit more after that, all before the first organic result. That's ridiculous. No user deserves that, especially since organic results are safer than sponsored links.
It is advised that you uninstall this program to protect your privacy and computer security and to free up necessary resources. To uninstall the AskToolbar.
Click Start > Control Panel.
In Control Panel, double-click Uninstall Programs.
In Add or Remove Programs, highlight Ask Toolbar , click Remove.
Close the Add or Remove Programs and the Control Panel windows.
Using Windows Explorer (Windows key+e), search for the Ask Toolbar folder. If the program folder is still there, select/highlight the Ask Toolbar folder. DELETE it. (File > Delete.) If Windows is not installed on the C drive, replace C:\ with the appropriate drive letter.


Please do that, run DDS again, and post the log.

Thanks! I'm still trying to do part #2. The computer is in safe mode running the program now, but it is just taking forever. I will follow through with the next set of instructions as soon as I can get that computer back online.

I really appreciate all of your help - thank you. BTW I'm in NE too....hope you don't get too much snow tomorrow w/the storm....

Don't worry too much if the GMER scan won't go. Just move ahead with uninstalling uTorrent and we'll proceed with the fix after that.

What part of NE? I'm in MA, southeastern.

ok thanks - I'll shut it down then and proceed to the next step.

I'm in Southern NH - I don't think we will be getting too much. Maybe just a couple of inches......

I *think* I got rid of everything....here you go........


DDS (Ver_09-12-01.01) - NTFSx86
Run by Medical Transcriptio at 13:11:30.83 on Fri 01/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2002.666 [GMT -5:00]

SP: MalwareRemovalBot *disabled* (Updated) {17AEFC99-0DC8-4940-90B8-08A89D9706CF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k Cognizance
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Medical Transcriptio\Downloads\dds(2).scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/web?o=14482&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [<NO NAME>]
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MSWUpdate] c:\users\medical transcriptio\appdata\roaming\lsass.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\hp\setrefresh\SetRefresh.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HostManager] c:\program files\common files\aol\1198686107\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [winupdate86.exe] c:\windows\system32\winupdate86.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: APSHook.dll
LSA: Notification Packages = SbHpNp scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\medica~1\appdata\roaming\mozilla\firefox\profiles\javw7hc6.default\
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-25 64288]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [2004-9-20 6144]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-10-30 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-10-30 2521880]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\system32\drivers\ndiszapu.sys [2009-6-20 26000]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-5-8 347648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-29 34248]

=============== Created Last 30 ================

2009-12-31 16:03:18 0 d-----w- c:\program files\Trend Micro
2009-12-31 14:43:49 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 02:41:51 0 dc----w- C:\d36eaf4d68bef20749ed699a
2009-12-31 02:00:36 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-12-31 02:00:36 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-31 02:00:36 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-12-31 02:00:36 16997 ----a-w- c:\windows\system32\ANIO.VXD
2009-12-31 02:00:36 11904 ----a-w- c:\windows\system32\anio4.sys
2009-12-31 02:00:24 663552 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-31 02:00:24 57407 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-31 02:00:24 196608 ----a-w- c:\windows\system32\WlanApp.dll
2009-12-31 02:00:24 184320 ----a-w- c:\windows\system32\aIPH.dll
2009-12-31 02:00:24 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-31 02:00:24 0 d-----w- c:\program files\ANI
2009-12-30 20:36:35 0 dc----w- C:\55ca3c2950db9fa8c1f60fb8ceba
2009-12-30 20:30:48 0 d-----w- c:\users\medica~1\appdata\roaming\MalwareRemovalBot
2009-12-30 20:28:28 0 d-----w- c:\program files\MalwareRemovalBot
2009-12-30 02:28:57 0 dc----w- C:\0626a7d6b1686d3664116dc6b72f3d
2009-12-30 01:02:19 0 d-----w- c:\programdata\SiteAdvisor
2009-12-30 00:28:08 0 d-----w- c:\users\medica~1\appdata\roaming\Uniblue
2009-12-29 22:23:46 0 d-----w- c:\program files\SiteAdvisor
2009-12-29 22:19:48 0 d-----w- c:\program files\McAfee
2009-12-29 22:17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-29 22:11:06 0 d-----w- c:\programdata\McAfee
2009-12-29 21:16:25 0 d-----w- c:\users\medica~1\appdata\roaming\Tific
2009-12-29 21:15:28 0 d-----w- c:\users\medica~1\appdata\roaming\AVG8
2009-12-29 20:56:21 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-29 20:55:55 0 d-----w- c:\programdata\Norton
2009-12-29 20:51:04 0 d-----w- c:\programdata\NortonInstaller
2009-12-29 18:56:31 0 dc----w- C:\8f769eca39453ab529768da9b6f60b2d
2009-12-29 17:56:59 0 dc----w- C:\34df1b089c6347b81781d7728f
2009-12-29 17:03:50 0 dc----w- C:\d240aec59b299a30ff68c9
2009-12-29 16:08:59 0 dc----w- C:\c891f66fbd98def760
2009-12-29 15:59:40 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-29 15:59:28 0 dc----w- C:\5fa6c63c152843e01729cf3619a0e589
2009-12-29 15:18:13 0 dc----w- C:\4281221f06b1cf30841743
2009-12-29 15:15:33 0 dc----w- C:\0be319f2efcd1b5e6d3413d7
2009-12-29 13:35:48 0 dc----w- C:\b3bf961c2f57de6aacf2a473
2009-12-29 10:04:17 873 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-29 10:03:16 199 ----a-w- c:\windows\system32\srcr.dat
2009-12-14 17:23:01 0 d-----w- c:\users\medical transcriptio\Library
2009-12-14 17:22:30 0 d-----w- c:\programdata\Titanium
2009-12-14 17:22:21 0 d-----w- c:\program files\Club Penguin Money Maker
2009-12-14 17:22:01 0 d-----w- c:\users\medica~1\appdata\roaming\Titanium
2009-12-11 08:01:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 08:01:03 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 08:01:03 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2009-11-25 09:29:52 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-25 09:29:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-11 13:11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-11 13:07:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-11 13:07:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-11 13:02:41 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-11 13:02:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-11 13:02:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-04 21:54:12 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-07 12:41:32 244224 ----a-w- c:\windows\system32\rastls.dll
2009-10-07 12:41:31 281600 ----a-w- c:\windows\system32\raschap.dll
2008-10-28 22:56:35 174 --sha-w- c:\program files\desktop.ini
2008-10-28 22:46:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007122620071227\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2007-10-30 11:10:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:14:12.68 ===============

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Please also post an updated HijackThis log and let me know how it's running.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

I'm having a hard time with ComboFix. One download crashes as soon as I try to run it. The second *looks* like it is trying to load (green progress bar) then it doesn't do anything......

Let's see if we can use another tool to clean up some of the Malware then we can try combofix again after.

Run OTL

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
CREATERESTOREPOINT


Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

OTL.txt:

OTL logfile created on: 1/1/2010 2:29:41 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Medical Transcriptio\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.49 Gb Total Space | 14.83 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive D: | 12.05 Gb Total Space | 6.73 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
Drive E: | 1.98 Gb Total Space | 1.78 Gb Free Space | 89.77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTY-PC
Current User Name: Medical Transcriptio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/01 14:27:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Medical Transcriptio\Downloads\OTL.exe
PRC - [2009/12/23 04:30:26 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/23 04:30:25 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/18 11:10:14 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/23 02:55:40 | 00,707,704 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2009/09/04 13:16:54 | 00,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/01/21 22:48:48 | 00,222,592 | R--- | M] (Adobe Systems, Inc.) -- C:\windows\System32\Macromed\Flash\FlashUtil9h.exe
PRC - [2009/01/07 07:38:43 | 00,705,832 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\windows\explorer.exe
PRC - [2008/09/24 13:32:48 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/14 18:38:42 | 00,648,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/09/14 18:38:42 | 00,648,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/06/09 09:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/09 09:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 02:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\unsecapp.exe
PRC - [2008/01/19 02:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/08/24 19:54:12 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\windows\System32\igfxtray.exe
PRC - [2007/08/24 19:54:10 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\windows\System32\igfxsrvc.exe
PRC - [2007/08/24 19:54:08 | 00,129,560 | ---- | M] (Intel Corporation) -- C:\windows\System32\igfxpers.exe
PRC - [2007/08/24 19:54:00 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\windows\System32\hkcmd.exe
PRC - [2007/08/07 12:59:50 | 00,540,184 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/08/07 12:59:48 | 00,331,288 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe
PRC - [2007/07/09 19:03:00 | 00,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/06/07 10:38:14 | 02,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/06/07 10:38:10 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/06/07 10:38:00 | 00,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/05/25 12:16:08 | 00,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
PRC - [2007/05/23 16:04:02 | 00,677,408 | ---- | M] (Infineon Technologies AG) -- C:\windows\System32\IFXSPMGT.exe
PRC - [2007/05/23 15:37:42 | 00,853,536 | ---- | M] (Infineon Technologies AG) -- C:\windows\System32\IFXTCS.exe
PRC - [2007/05/01 20:09:24 | 01,773,568 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/04/26 07:10:10 | 01,261,568 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/04/18 21:35:38 | 00,181,792 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2007/04/18 21:32:38 | 00,140,832 | ---- | M] (Infineon Technologies AG) -- C:\windows\System32\IfxPsdSv.exe
PRC - [2007/04/18 21:30:00 | 00,550,432 | ---- | M] (Infineon Technologies AG) -- C:\windows\System32\IfxUAGUI.exe
PRC - [2007/03/21 15:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 15:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/06 20:30:00 | 00,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/02/06 01:44:24 | 00,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\System32\AEADISRV.EXE
PRC - [2007/01/09 17:52:36 | 00,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/02 21:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/12/10 21:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/12/10 21:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe


========== Modules (SafeList) ==========

MOD - [2010/01/01 14:27:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Medical Transcriptio\Downloads\OTL.exe
MOD - [2008/01/19 02:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/02/25 22:49:00 | 00,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\windows\System32\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/23 04:30:25 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/04 13:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/24 13:32:48 | 00,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/14 18:38:42 | 00,648,488 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/06/09 09:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/03/25 15:31:22 | 00,072,704 | ---- | M] (WoltersKluwerLWW) [On_Demand | Stopped] -- C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe -- (LWWLicenseService)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/08/07 12:59:50 | 00,540,184 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/07/09 19:03:00 | 00,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/06/07 10:38:14 | 02,521,880 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel(R)
SRV - [2007/06/07 10:38:10 | 00,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2007/06/07 10:38:00 | 00,109,336 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2007/05/23 16:04:02 | 00,677,408 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\windows\System32\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2007/05/23 15:37:42 | 00,853,536 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\windows\System32\IFXTCS.exe -- (IFXTCS)
SRV - [2007/04/18 21:32:38 | 00,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/03/21 15:00:04 | 00,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/06 20:30:00 | 00,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/02/06 01:44:24 | 00,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/02 21:38:02 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006/12/10 23:29:24 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/07/03 15:22:58 | 00,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/06/22 00:14:00 | 00,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?o=14482&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2009/10/17 20:52:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 11:10:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/01 03:01:01 | 00,000,000 | ---D | M]

[2009/11/13 17:17:24 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Mozilla\Extensions
[2010/01/01 13:19:02 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Mozilla\Firefox\Profiles\javw7hc6.default\extensions
[2009/11/13 17:16:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (800 bytes) - C:\windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 # LMS GENERATED LINE
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] C:\Windows\System32\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [IgfxTray] C:\windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Persistence] C:\windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [winupdate86.exe] C:\Windows\System32\winupdate86.exe File not found
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [MSWUpdate] C:\Users\Medical Transcriptio\AppData\Roaming\lsass.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O9 - Extra 'Tools' menuitem : Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/06/23 11:52:22 | 00,000,023 | ---- | M] () - C:\autohook.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/30 06:52:17 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{bae44ae9-b3f7-11dc-b508-00038a000015}\Shell\AutoRun\command - "" = I:\Setup.exe -- File not found
O33 - MountPoints2\{bae44aee-b3f7-11dc-b508-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{bae44aee-b3f7-11dc-b508-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias [2008/10/28 17:49:26 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/01 14:13:40 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/01 13:37:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/31 11:03:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/31 09:43:49 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/12/30 21:41:51 | 00,000,000 | ---D | C] -- C:\d36eaf4d68bef20749ed699a
[2009/12/30 21:00:36 | 00,048,128 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIO64.sys
[2009/12/30 21:00:36 | 00,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIOApi.dll
[2009/12/30 21:00:36 | 00,028,195 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIO.sys
[2009/12/30 21:00:36 | 00,011,904 | ---- | C] (ANI ) -- C:\Windows\System32\anio4.sys
[2009/12/30 21:00:24 | 01,327,189 | ---- | C] (Funk Software, Inc.) -- C:\Windows\System32\odSupp_M.dll
[2009/12/30 21:00:24 | 00,663,552 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIWZCS2.dll
[2009/12/30 21:00:24 | 00,196,608 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\WlanApp.dll
[2009/12/30 21:00:24 | 00,184,320 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\aIPH.dll
[2009/12/30 21:00:24 | 00,057,407 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANICtl.dll
[2009/12/30 21:00:24 | 00,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\AQCKGen.dll
[2009/12/30 21:00:24 | 00,000,000 | ---D | C] -- C:\Program Files\ANI
[2009/12/30 19:05:27 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/30 15:36:35 | 00,000,000 | ---D | C] -- C:\55ca3c2950db9fa8c1f60fb8ceba
[2009/12/30 15:30:48 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot
[2009/12/30 15:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\MalwareRemovalBot
[2009/12/29 21:28:57 | 00,000,000 | ---D | C] -- C:\0626a7d6b1686d3664116dc6b72f3d
[2009/12/29 20:02:19 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/12/29 19:28:08 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Roaming\Uniblue
[2009/12/29 17:23:46 | 00,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
[2009/12/29 17:22:56 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Local\ApplicationHistory
[2009/12/29 17:19:48 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/12/29 17:17:43 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/12/29 17:11:06 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/12/29 16:16:26 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Local\Tific
[2009/12/29 16:16:25 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Roaming\Tific
[2009/12/29 16:15:28 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Roaming\AVG8
[2009/12/29 15:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/12/29 15:55:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/12/29 15:51:04 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/12/29 13:56:31 | 00,000,000 | ---D | C] -- C:\8f769eca39453ab529768da9b6f60b2d
[2009/12/29 12:56:59 | 00,000,000 | ---D | C] -- C:\34df1b089c6347b81781d7728f
[2009/12/29 12:03:50 | 00,000,000 | ---D | C] -- C:\d240aec59b299a30ff68c9
[2009/12/29 11:08:59 | 00,000,000 | ---D | C] -- C:\c891f66fbd98def760
[2009/12/29 10:59:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/12/29 10:59:28 | 00,000,000 | ---D | C] -- C:\5fa6c63c152843e01729cf3619a0e589
[2009/12/29 10:36:10 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/12/29 10:18:13 | 00,000,000 | ---D | C] -- C:\4281221f06b1cf30841743
[2009/12/29 10:15:33 | 00,000,000 | ---D | C] -- C:\0be319f2efcd1b5e6d3413d7
[2009/12/29 08:35:48 | 00,000,000 | ---D | C] -- C:\b3bf961c2f57de6aacf2a473
[2009/12/29 08:06:34 | 00,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Medical Transcriptio\Desktop\avg_free_stb_all_9_40_cnet.exe
[2009/12/26 17:17:52 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Roaming\Leadertech
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Medical Transcriptio\Documents\*.tmp files -> C:\Users\Medical Transcriptio\Documents\*.tmp -> ]
[1 C:\Users\Medical Transcriptio\Desktop\*.tmp files -> C:\Users\Medical Transcriptio\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/01 14:31:44 | 04,194,304 | -HS- | M] () -- C:\Users\Medical Transcriptio\NTUSER.DAT
[2010/01/01 14:30:00 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED685222-1AC4-4F25-AD9D-144AAE95E65F}.job
[2010/01/01 14:30:00 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{467C3339-6B4F-4E8D-A30F-28B400872803}.job
[2010/01/01 14:30:00 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{287F291C-9DC6-46E8-97FD-FEF76861EFB0}.job
[2010/01/01 14:14:02 | 00,000,448 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C5E9871D-6D60-4EB1-9DB8-48047F733DAC}.job
[2010/01/01 13:44:34 | 00,000,202 | ---- | M] () -- C:\Windows\System32\srcr.dat
[2010/01/01 13:44:11 | 00,000,392 | ---- | M] () -- C:\Windows\tasks\ErrorFix Startup.job
[2010/01/01 13:44:11 | 00,000,352 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job
[2010/01/01 13:43:42 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/01 13:43:41 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/01 13:43:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/01 13:43:33 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/01 13:42:34 | 00,524,288 | -HS- | M] () -- C:\Users\Medical Transcriptio\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/01/01 13:42:34 | 00,065,536 | -HS- | M] () -- C:\Users\Medical Transcriptio\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/01/01 13:42:25 | 04,279,058 | -H-- | M] () -- C:\Users\Medical Transcriptio\AppData\Local\IconCache.db
[2010/01/01 13:41:04 | 00,000,973 | ---- | M] () -- C:\Users\Medical Transcriptio\Desktop\ComboFix(2) - Shortcut.lnk
[2010/01/01 02:59:59 | 00,000,574 | ---- | M] () -- C:\Windows\tasks\MalwareRemovalBot Scheduled Scan.job
[2010/01/01 00:00:00 | 00,000,374 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Christy-PC_Russell.job
[2009/12/31 19:19:11 | 00,000,873 | ---- | M] () -- C:\Windows\System32\krl32mainweq.dll
[2009/12/31 17:00:00 | 00,000,364 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/12/31 12:00:00 | 00,000,452 | ---- | M] () -- C:\Windows\tasks\ErrorFix Scan.job
[2009/12/31 11:03:18 | 00,001,912 | ---- | M] () -- C:\Users\Medical Transcriptio\Desktop\HijackThis.lnk
[2009/12/31 10:44:19 | 00,001,093 | ---- | M] () -- C:\Users\Medical Transcriptio\Desktop\Spybot - Search & Destroy.lnk
[2009/12/31 03:04:00 | 00,000,346 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2009/12/30 21:42:08 | 00,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2009/12/30 21:12:45 | 00,769,132 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/30 21:12:45 | 00,650,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/30 21:12:45 | 00,122,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/30 20:17:21 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/12/29 17:22:59 | 00,000,108 | ---- | M] () -- C:\Users\Medical Transcriptio\AppData\Local\fusioncache.dat
[2009/12/29 08:06:40 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\Users\Medical Transcriptio\Desktop\avg_free_stb_all_9_40_cnet.exe
[2009/12/29 05:02:38 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2009/12/28 04:20:19 | 00,139,776 | ---- | M] () -- C:\Users\Medical Transcriptio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/24 06:47:29 | 02,077,184 | ---- | M] () -- C:\Users\Medical Transcriptio\Documents\Carmel labels.doc
[2009/12/23 12:29:59 | 00,158,720 | ---- | M] () -- C:\Users\Medical Transcriptio\Documents\Cocoa labels.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Medical Transcriptio\Documents\*.tmp files -> C:\Users\Medical Transcriptio\Documents\*.tmp -> ]
[1 C:\Users\Medical Transcriptio\Desktop\*.tmp files -> C:\Users\Medical Transcriptio\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/01 13:41:04 | 00,000,973 | ---- | C] () -- C:\Users\Medical Transcriptio\Desktop\ComboFix(2) - Shortcut.lnk
[2009/12/31 11:03:18 | 00,001,912 | ---- | C] () -- C:\Users\Medical Transcriptio\Desktop\HijackThis.lnk
[2009/12/31 10:44:19 | 00,001,093 | ---- | C] () -- C:\Users\Medical Transcriptio\Desktop\Spybot - Search & Destroy.lnk
[2009/12/30 21:42:08 | 00,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2009/12/30 21:00:36 | 00,016,997 | ---- | C] () -- C:\Windows\System32\ANIO.VXD
[2009/12/30 21:00:24 | 00,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2009/12/30 15:30:48 | 00,000,574 | ---- | C] () -- C:\Windows\tasks\MalwareRemovalBot Scheduled Scan.job
[2009/12/29 18:11:14 | 00,000,364 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/12/29 18:11:14 | 00,000,352 | ---- | C] () -- C:\Windows\tasks\RegCure Startup.job
[2009/12/29 18:11:13 | 00,000,346 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2009/12/29 17:22:59 | 00,000,108 | ---- | C] () -- C:\Users\Medical Transcriptio\AppData\Local\fusioncache.dat
[2009/12/29 05:04:17 | 00,000,873 | ---- | C] () -- C:\Windows\System32\krl32mainweq.dll
[2009/12/29 05:03:16 | 00,000,202 | ---- | C] () -- C:\Windows\System32\srcr.dat
[2009/12/29 05:02:38 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/12/24 06:47:26 | 02,077,184 | ---- | C] () -- C:\Users\Medical Transcriptio\Documents\Carmel labels.doc
[2009/12/23 12:29:58 | 00,158,720 | ---- | C] () -- C:\Users\Medical Transcriptio\Documents\Cocoa labels.doc
[2009/11/18 18:03:53 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/28 14:30:38 | 01,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/03/23 11:48:39 | 00,000,174 | ---- | C] () -- C:\Users\Medical Transcriptio\AppData\Roaming\default.rss
[2008/12/20 11:11:29 | 00,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/12/20 10:20:21 | 00,000,084 | ---- | C] () -- C:\Windows\csact.ini
[2008/12/19 18:44:32 | 00,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2008/05/21 19:36:37 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/05/19 16:58:58 | 00,028,915 | ---- | C] () -- C:\Users\Medical Transcriptio\AppData\Roaming\UserTile.png
[2008/04/01 10:09:12 | 00,000,680 | ---- | C] () -- C:\Users\Medical Transcriptio\AppData\Local\d3d9caps.dat
[2008/03/30 14:22:14 | 00,139,776 | ---- | C] () -- C:\Users\Medical Transcriptio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/01/16 11:58:29 | 00,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008/01/16 11:58:28 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007/12/26 11:30:00 | 00,003,887 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/10/30 06:35:57 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/10/30 06:35:57 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/10/30 06:35:57 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/10/30 06:35:57 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/10/30 06:35:57 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/10/30 06:35:57 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/10/18 09:12:20 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/18 09:03:58 | 01,838,408 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2007/10/18 09:03:58 | 01,399,880 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/10/18 09:03:58 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/24 19:46:48 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/24 19:38:54 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/06/13 19:53:28 | 00,101,167 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2007/05/31 06:14:00 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/05/31 05:01:22 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1998/05/06 21:10:00 | 00,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2008/07/14 13:51:23 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\ArcticLine
[2009/12/30 20:52:13 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\CyberScrub
[2009/02/28 08:36:42 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix
[2009/05/02 20:21:23 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Friday's games
[2008/03/24 11:06:12 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Infineon
[2008/05/30 15:24:47 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\InterVideo
[2009/12/26 17:17:52 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Leadertech
[2008/06/30 12:30:19 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\LockLizard
[2009/12/30 17:10:05 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot
[2008/04/29 17:55:46 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\NCH Swift Sound
[2008/05/12 18:25:09 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Participatory Culture Foundation
[2008/05/12 18:34:23 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\PCF-VLC
[2008/05/19 16:58:58 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\PeerNetworking
[2008/05/16 19:38:02 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\SampleView
[2009/12/29 16:16:25 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Tific
[2009/12/14 12:22:01 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Titanium
[2009/12/29 19:28:08 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Uniblue
[2009/12/31 12:00:00 | 00,000,452 | ---- | M] () -- C:\windows\Tasks\ErrorFix Scan.job
[2010/01/01 13:44:11 | 00,000,392 | ---- | M] () -- C:\windows\Tasks\ErrorFix Startup.job
[2010/01/01 02:59:59 | 00,000,574 | ---- | M] () -- C:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
[2009/12/31 17:00:00 | 00,000,364 | ---- | M] () -- C:\windows\Tasks\RegCure Program Check.job
[2010/01/01 13:44:11 | 00,000,352 | ---- | M] () -- C:\windows\Tasks\RegCure Startup.job
[2009/12/31 03:04:00 | 00,000,346 | ---- | M] () -- C:\windows\Tasks\RegCure.job
[2010/01/01 13:42:38 | 00,032,618 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2010/01/01 14:30:00 | 00,000,416 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{287F291C-9DC6-46E8-97FD-FEF76861EFB0}.job
[2010/01/01 14:30:00 | 00,000,422 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{467C3339-6B4F-4E8D-A30F-28B400872803}.job
[2010/01/01 14:14:02 | 00,000,448 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{C5E9871D-6D60-4EB1-9DB8-48047F733DAC}.job
[2010/01/01 14:30:00 | 00,000,422 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{ED685222-1AC4-4F25-AD9D-144AAE95E65F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/12 15:32:25 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2008/01/12 15:32:25 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\windows\System32\drivers\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/12 15:32:25 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/03/21 14:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/03/21 07:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\swsetup\Drivers\MSD\RAID\Intel\ICH9\IaStor.sys
[2007/03/21 07:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\windows\System32\drivers\iaStor.sys
[2007/03/21 07:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2007/03/21 14:59:30 | 00,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\windows\System32\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:F59BA980
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:05D195EC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B4AF47A7
< End of report >

OTL Extras logfile created on: 1/1/2010 2:29:41 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Medical Transcriptio\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.49 Gb Total Space | 14.83 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive D: | 12.05 Gb Total Space | 6.73 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
Drive E: | 1.98 Gb Total Space | 1.78 Gb Free Space | 89.77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTY-PC
Current User Name: Medical Transcriptio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB1E922-F4B0-480E-8720-C27517D0294F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{348278FF-99F4-48AD-BEA0-E0C3CAA7E9AA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{49A06CEE-B538-4282-9F99-65BD66AC12B0}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{533F4BED-F47B-4675-B217-35F89EE178DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B6C7B26-38C0-4EF7-82EB-BE8CEAD3A622}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{5DC8ED4F-377F-4AEF-9E17-C0D6D4534CCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F70A375-3630-4D1B-9CDC-983F38EB0B98}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68EB48DC-2456-438C-8F76-4EA51F2C240E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7EEAD12F-370C-4081-80EA-1BE0A426034B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDAF10BA-DF47-4A25-939D-3503C9D5F747}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C448D6DC-BF0C-40FA-8B88-91A4EE6D25BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB66F24E-52E2-4E83-9B70-36D3161747C0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E51662BF-A0FA-40AD-9BBA-65C997F216DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F35CA1C7-E347-4766-82DD-25F6C4B39136}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FEB2BF8E-6442-485B-B7C2-D4DD69F1E38F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0156CD0E-9E02-4550-8F22-6165CCBB8428}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{02D2C5F2-8AB1-4D0B-A1D8-559A92B9F475}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{0A285135-EBE5-4E61-8DCB-B88B821134A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11D5ED47-DE2A-428F-B21E-839E1417CD5B}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmapp.exe |
"{141262CC-8CB2-466F-8ECC-8C709B67C78A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{29023DBD-7659-4B59-9AB4-C987F8DD2C15}" = protocol=6 | dir=out | app=system |
"{2CDCFF4F-3D23-471E-9EB3-DF60B4CE24E4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{2DFFABE4-77AF-4C88-B723-8848CE934B14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35802633-5850-4A6E-8E91-6F6F5382D5E4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3EF5830A-2F35-4874-8A03-ABE85E586E31}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{530DE124-4BB6-474F-B8A9-85517BCD6536}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1198686107\ee\aolsoftware.exe |
"{53453F01-2A81-44A8-9406-2C92358182AB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1198686107\ee\aolsoftware.exe |
"{5E41B9FC-B7F2-48F9-A00F-9AEDF0450EC6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{616C5807-7959-4B3A-8C90-349A3EDC322C}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{61993283-B497-4AD1-ADDF-EB248457BD27}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{62C83358-9BB9-4E11-97DF-8970D59BFF99}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{6C28B361-3B61-4D6B-8DA0-E24E3036BEE9}" = protocol=6 | dir=out | app=system |
"{6D036330-6643-40AF-B665-2652E0A1D610}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6E66E9F7-9F8F-4439-BE4F-667A391873DC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6E69A1CB-D0D9-4A3F-93D4-1F0E2CBFD31B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{7065B784-D1C7-4B62-ABE0-512D619E31DC}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{7A27B9B8-85EB-432F-AE58-0105679F58C4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{89F971EF-4E37-4F1C-81C5-432F5F5C981F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E4B0B7A-97FF-449C-8584-68F956E13F1B}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{92BCC00A-2A46-4E01-8342-56730C20CC7D}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{93508874-8B48-4DBC-8864-46FDAA788D12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D9C16FC-79CA-4E33-AA09-D031CB02DC47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A191B507-B45F-4A27-8543-207B0B619FF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A2DEC7BE-8A97-401C-8405-83739E8D1CC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A34D7E37-55BF-43E9-A669-0FCF1D32CF27}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A35F9037-BEF2-4E2E-B010-1E7C28592FBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAFAA501-F3C9-4AC9-B517-23FC031E1C18}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{B02A473B-54CD-4857-9D21-C9CDDFEA067E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B17507A1-ADD1-4644-96D3-1645AAD4771F}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{B41D98EE-755E-4AA7-98E2-A8F6539D2447}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B4DFF210-C92D-4826-99CB-F18FD84C382C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{C53C5407-4BCD-4357-BDB0-960193C6CE71}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C624126B-2D69-46EA-A0DD-8AFF2131FDDF}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmapp.exe |
"{E11D420D-A29C-402E-B3C6-55E0C89A168C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E5FF7EC2-6D6D-4727-8A2C-B8084373FAB5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E8988E5E-A1F3-4984-A9A1-C7F77BD04164}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6DA0374-A36E-4AF1-8B4E-A3013DD7A8A2}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{F813AE5F-6BEE-4626-831F-1F7ED7BD4351}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{F920459C-5DD3-4C13-9428-780AACB15D62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD98328D-33D7-4946-A6E5-C1C85BDA53F1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{0D5882AB-41B7-472F-80BE-E8CBA8E7B3F3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2540D378-F249-4AA5-BDDA-1A7821C2A876}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{90C6F8C0-C84B-4263-8AD0-E8BCE1B1BD37}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{A3554BE4-4C78-4040-9CE9-44908690306D}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{AD5C1B61-8421-4B33-AC1F-71899EC0505D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{B3BE6535-6BCB-4CA3-A3D9-F8CCA89B92B8}C:\program files\zapu\zapu accelerator\webseed_dl.exe" = protocol=6 | dir=in | app=c:\program files\zapu\zapu accelerator\webseed_dl.exe |
"TCP Query User{BAC9A91A-9542-4255-8BB5-21D58FDE112E}C:\program files\zapu\zapu accelerator\wdivi.exe" = protocol=6 | dir=in | app=c:\program files\zapu\zapu accelerator\wdivi.exe |
"TCP Query User{C2EC5093-E7B9-43C4-A203-9B6A82EAD0E7}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{D566E1FD-E5AB-4C2B-8B6C-4C2A49983AB8}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{E299E0B6-D858-45CC-9B39-5CF89E8DECAA}C:\program files\windows media components\encoder\wmenc.exe" = protocol=6 | dir=in | app=c:\program files\windows media components\encoder\wmenc.exe |
"UDP Query User{2C517A6A-E168-4EC9-A93B-3FB3CE717A9B}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{7E36F5D2-B352-499F-BE9E-CF1BF5B212D8}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{91335E6E-5E1F-4A10-B73E-D13B650BDAD9}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{936B51F2-A5D2-453A-9241-BB8369B7C7A6}C:\program files\zapu\zapu accelerator\webseed_dl.exe" = protocol=17 | dir=in | app=c:\program files\zapu\zapu accelerator\webseed_dl.exe |
"UDP Query User{B7F8C825-6D3B-4375-8831-155ADFA44870}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C4079358-967E-408E-8B08-8D0EEFE5E2D1}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{CAB28921-5A67-4A79-A3CF-6A19414C3639}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{CEAC6E35-4E59-4F44-9EFB-1F02838EDD47}C:\program files\windows media components\encoder\wmenc.exe" = protocol=17 | dir=in | app=c:\program files\windows media components\encoder\wmenc.exe |
"UDP Query User{E56651E3-C2DA-46CB-821B-18EBF658EC1F}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{FD988102-3070-4B6A-8073-871D2F0652F6}C:\program files\zapu\zapu accelerator\wdivi.exe" = protocol=17 | dir=in | app=c:\program files\zapu\zapu accelerator\wdivi.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}" = EverNote
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1C8646E4-DC54-4E6D-95EA-C3524B09223E}" = Ready Reference Bookshelf
"{240556C4-80D1-465F-81D8-E0B9D108548A}" = 5300_5400_Help
"{2AD74810-E122-4D37-9CE8-EC4BF9A065CC}" = Drive Encryption for HP ProtectTools
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}" = BIOS Configuration for HP ProtectTools
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE7A046-E66F-49B8-93C9-21378D9B0F24}" = Cisco Network Magic
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.14.1
"{77B3331C-1644-4C9E-9F1C-7D2A5517102E}" = BPDSoftware_Ini_CCR_Vista
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7AA60EDE-3CF6-4F15-9F69-37E415620E3B}" = Pinnacle Mobile Media Converter
"{7ABD82AD-E13E-4673-A450-0890D43C8F9D}" = MPM
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7EB6E297-9F68-449B-BE88-48B1AE275CF0}" = Natalie Brooks: The Treasures of the Lost Kingdom
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{84BBFA13-C40E-4287-85EF-E8B1034451AA}" = Windows Media Encoder 9 Series SDK
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89D3EF5A-C9F4-44D1-B4F7-1B99D5D4F2D0}" = PH Science Explorer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B1F92C4-4358-4B76-8631-0A768A34F0A1}" = Quick Look Electronic Drug Reference 2007
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD277ED4-7E41-4074-911D-D34AF41B9D49}" = HP Officejet Pro K5300/5400 Series
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B40DCEFF-9B7B-4c36-B4FA-6CE7EABFB4B8}" = K5400
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D49EE5B7-1AEB-49C9-B77D-4AEE7249F505}" = BPD_HPSU
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{e6376152-2c26-404c-a704-64cdf3600738}" = Nero 9
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CF6B5-8594-4D3A-B96F-30FD3BC1AAA5}" = Embedded Security for HP ProtectTools
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FA0CE30A-B8EF-4b6b-85BF-D2B2C354A32C}" = ProductContext
"{FB5CB59C-D4F6-4303-A414-83D533EE773B}" = Pure Networks Platform
"{FBA70FCC-BD23-4120-BA30-3E0DDF66AE82}" = 5300_5400_Readme
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Beginning Medical Transcription 2nd edition_is1" = Beginning Medical Transcription Version 2nd edition version 1.1
"Beginning Medical Transcription_is1" = Beginning Medical Transcription Version 2.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"DVDx_is1" = DVDx
"Fiddler2" = Fiddler2
"Free Realms Installer" = Free Realms Installer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"ImTOO MOV Converter" = ImTOO MOV Converter
"Lizard Safeguard - PDF Viewer_is1" = Lizard Safeguard - PDF Viewer 2.5.50
"MediaCoder" = MediaCoder 0.6.0
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MostFun.com Games - Natalie Brooks: The Treasures of the Lost Kingdom" = MostFun.com Games - Natalie Brooks: The Treasures of the Lost Kingdom (remove only)
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Network MagicUninstall" = Network Magic
"PDF Complete" = PDF Complete
"PROHYBRIDR" = 2007 Microsoft Office system
"PROR" = Microsoft Office Professional 2007
"PROSetDX" = Intel(R) PRO Network Connections 12.1.14.1
"Rosetta Stone 2.1.5.1A" = Rosetta Stone 2.1.5.1A
"SoundTap" = SoundTap
"Super Collapse! II" = Super Collapse! II
"The AAMT Book of Style Electronic 2E" = The AAMT Book of Style Electronic 2E 1.0
"ToolBox" = NCH Toolbox Uninstall
"Uninstaller_B4D93000_Quick Look Electronic Drug Reference 2007" = Quick Look Electronic Drug Reference 2007 (Shared Components)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Again, sorry for the delay. Not sure why I didn't get any email notifications. Will check on that.

I'm thinking we have a pretty nasty rootkit running here. Let's try this next step.

Remove/delete any versions of combofix you had downloaded and download a fresh copy, following the instructions given to rename it first before downloading.

Please read through the instructions to familiarize yourself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Here (http://www.forospyware.com/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**


If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files".

During the download, rename Combofix to Combo-Fix as follows:


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif


It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)

Double click on ComboFix.exe & follow the prompts.Close all other windows/browser first.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do Not run combofix more than once. If you have problems please post back for further instructions.
3.CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.

Thanks for getting back to me. :) I appreciate the help!

So, I ran Combo-fix and it seemed to find several things. It said that it fixed them and ran *almost* to the end of the program. BUT when the time came to compile the log the computer rebooted itself.

The good news is when I tried to rerun combo-fix spy bot popped up with a warning window. SpyBot hasn't been able to run up until now........

Not sure on what to do next.......

Is there a log file from combofix? Should be here...

C:\ComboFix.txt

If so can you post that.

I can't find one. I *think* the computer rebooted before it could write the file.

OH! I can now load and run SpyBot - should I do that?

No, please hold off on doing anything else for the moment. I'll get right back to you.

Can you check the following folder for a log file.

C:\Qoobox

Can you check the following folder for a log file.

C:\Qoobox

In that folder I am finding one text file (in the quarantine section):

catchme.txt is the name

Okay can you go ahead and try running combofix again. Disable Spybot for the time being if it gets in the way.

I was able to get the log this time BUT I am now unable to pull up a browser (Ihave tried firefox and IE) so I am now using my daughter's net book (LOL forgive the typos - the keypadj is TINY!!) :)

ComboFix 10-01-04.01 - Medical Transcriptio 01/05/2010 17:31:27.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2002.960 [GMT -5:00]
Running from: c:\users\Medical Transcriptio\Desktop\Combo-Fix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Cheat Engine\dbk32.sys
c:\program files\MalwareRemovalBot\DataBase.ref
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\H8SRTrbhuwrcrha.sys
c:\windows\system32\H8SRTbpfvtxtpqo.dll
c:\windows\system32\H8SRTbusxguykxb.dll
c:\windows\system32\H8SRTipkipxlofj.dll
c:\windows\system32\H8SRTwxryoxvpgp.dat
c:\windows\system32\srcr.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 22:37 . 2010-01-05 22:37 -------- d-----w- c:\users\Russell\AppData\Local\temp
2010-01-05 22:37 . 2010-01-05 22:37 -------- d-----w- c:\users\Russ\AppData\Local\temp
2010-01-05 22:37 . 2010-01-05 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-05 22:37 . 2010-01-05 22:37 -------- d-----w- c:\users\Cassie\AppData\Local\temp
2010-01-05 18:24 . 2010-01-05 22:37 -------- d-----w- c:\users\Medical Transcriptio\AppData\Local\temp
2010-01-03 15:38 . 2010-01-03 15:38 -------- d-----w- c:\users\Medical Transcriptio\AppData\Local\Apps
2010-01-03 15:19 . 2010-01-03 15:19 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-02 01:20 . 2010-01-02 01:20 -------- dc----w- C:\91f3b0ea281e7577d7ff
2009-12-31 16:03 . 2009-12-31 16:03 -------- d-----w- c:\program files\Trend Micro
2009-12-31 14:43 . 2009-12-31 14:43 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 02:41 . 2009-12-31 02:41 -------- dc----w- C:\d36eaf4d68bef20749ed699a
2009-12-31 02:00 . 2005-12-13 15:38 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-12-31 02:00 . 2005-12-11 16:55 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-12-31 02:00 . 2005-10-21 20:56 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-31 02:00 . 2004-10-14 15:29 11904 ----a-w- c:\windows\system32\anio4.sys
2009-12-31 02:00 . 2009-12-31 02:00 -------- d-----w- c:\program files\ANI
2009-12-31 02:00 . 2006-07-21 20:14 196608 ----a-w- c:\windows\system32\WlanApp.dll
2009-12-31 02:00 . 2006-07-05 21:23 663552 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-31 02:00 . 2006-04-07 19:40 184320 ----a-w- c:\windows\system32\aIPH.dll
2009-12-31 02:00 . 2005-10-27 13:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-31 02:00 . 2005-10-19 23:19 57407 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-31 02:00 . 2005-10-19 23:19 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-31 02:00 . 2005-10-19 23:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-31 00:05 . 2009-12-31 00:05 -------- d-----w- c:\program files\Alwil Software
2009-12-30 20:36 . 2009-12-30 20:36 -------- dc----w- C:\55ca3c2950db9fa8c1f60fb8ceba
2009-12-30 20:30 . 2009-12-30 22:10 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot
2009-12-30 02:28 . 2009-12-30 02:28 -------- dc----w- C:\0626a7d6b1686d3664116dc6b72f3d
2009-12-30 01:02 . 2009-12-30 01:02 -------- d-----w- c:\programdata\SiteAdvisor
2009-12-30 00:28 . 2009-12-30 00:28 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\Uniblue
2009-12-29 22:23 . 2009-12-29 22:23 -------- d-----w- c:\program files\SiteAdvisor
2009-12-29 22:22 . 2009-12-29 22:22 108 ----a-w- c:\users\Medical Transcriptio\AppData\Local\fusioncache.dat
2009-12-29 22:22 . 2009-12-31 01:58 -------- d-----w- c:\users\Medical Transcriptio\AppData\Local\ApplicationHistory
2009-12-29 22:19 . 2009-12-31 02:03 -------- d-----w- c:\program files\McAfee
2009-12-29 22:17 . 2009-11-04 21:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-29 22:11 . 2009-12-31 02:03 -------- d-----w- c:\programdata\McAfee
2009-12-29 21:16 . 2009-12-29 21:16 -------- d-----w- c:\users\Medical Transcriptio\AppData\Local\Tific
2009-12-29 21:16 . 2009-12-29 21:16 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\Tific
2009-12-29 21:15 . 2009-12-29 21:15 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\AVG8
2009-12-29 20:56 . 2009-12-29 21:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-29 20:55 . 2009-12-29 21:34 -------- d-----w- c:\programdata\Norton
2009-12-29 20:51 . 2009-12-29 20:57 -------- d-----w- c:\programdata\NortonInstaller
2009-12-29 18:56 . 2009-12-29 18:56 -------- dc----w- C:\8f769eca39453ab529768da9b6f60b2d
2009-12-29 17:56 . 2009-12-29 17:56 -------- dc----w- C:\34df1b089c6347b81781d7728f
2009-12-29 17:03 . 2009-12-29 17:03 -------- dc----w- C:\d240aec59b299a30ff68c9
2009-12-29 16:08 . 2009-12-29 16:09 -------- dc----w- C:\c891f66fbd98def760
2009-12-29 15:59 . 2009-12-31 02:42 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-12-29 15:59 . 2009-12-29 15:59 -------- dc----w- C:\5fa6c63c152843e01729cf3619a0e589
2009-12-29 15:36 . 2010-01-03 00:33 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-29 15:18 . 2009-12-29 15:18 -------- dc----w- C:\4281221f06b1cf30841743
2009-12-29 15:15 . 2009-12-29 15:15 -------- dc----w- C:\0be319f2efcd1b5e6d3413d7
2009-12-29 13:35 . 2009-12-29 13:35 -------- dc----w- C:\b3bf961c2f57de6aacf2a473
2009-12-29 10:04 . 2010-01-02 01:22 871 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-26 22:17 . 2009-12-26 22:17 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\Leadertech
2009-12-14 17:23 . 2009-12-14 17:23 -------- d-----w- c:\users\Medical Transcriptio\Library
2009-12-14 17:22 . 2009-12-14 17:22 -------- d-----w- c:\programdata\Titanium
2009-12-14 17:22 . 2009-12-14 17:22 -------- d-----w- c:\program files\Club Penguin Money Maker
2009-12-14 17:22 . 2009-12-14 17:22 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\Titanium
2009-12-11 08:01 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 08:01 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 08:01 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 22:04 . 2008-01-20 18:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-05 18:23 . 2009-04-27 13:48 -------- d-----w- c:\program files\Cheat Engine
2010-01-02 23:08 . 2008-02-29 19:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-31 15:44 . 2008-01-20 18:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 15:42 . 2007-12-29 23:56 -------- d-----w- c:\program files\DivX
2009-12-31 15:42 . 2007-12-29 23:56 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-31 15:00 . 2007-10-30 11:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 01:52 . 2008-12-20 15:25 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\CyberScrub
2009-12-23 09:31 . 2009-06-20 19:43 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-23 09:31 . 2009-11-25 09:29 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-23 09:31 . 2009-06-20 19:43 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-23 09:31 . 2009-06-20 19:43 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-23 09:31 . 2009-06-20 19:42 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-23 09:31 . 2009-06-20 19:43 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-23 09:30 . 2009-06-20 19:42 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-23 09:30 . 2009-06-20 19:42 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-23 09:30 . 2009-06-20 19:42 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-23 09:30 . 2009-06-20 19:42 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-23 09:30 . 2009-06-20 19:42 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-23 09:30 . 2009-06-20 19:42 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-23 09:30 . 2009-06-20 19:42 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-14 17:23 . 2008-05-11 20:52 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\Apple Computer
2009-12-10 08:05 . 2007-10-30 11:38 -------- d-----w- c:\programdata\Microsoft Help
2009-11-27 22:42 . 2009-11-27 22:42 -------- d-----w- c:\program files\Linksys
2009-11-26 06:59 . 2007-12-29 22:32 103936 ----a-w- c:\users\Russell\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 09:25 . 2009-11-25 09:25 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-25 08:12 . 2008-03-24 16:06 103936 ----a-w- c:\users\Medical Transcriptio\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 08:04 . 2007-10-30 11:40 -------- d-----w- c:\program files\Microsoft Works
2009-11-13 00:02 . 2009-02-26 23:25 -------- d-----w- c:\program files\Yahoo!
2009-11-12 23:42 . 2009-06-10 13:20 -------- d-----w- c:\program files\Coupons
2009-11-11 13:11 . 2009-11-11 13:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-11 13:07 . 2009-11-11 13:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-11 13:07 . 2009-11-11 13:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-11 13:02 . 2008-01-16 15:32 -------- d-----w- c:\program files\Zune
2009-11-04 21:54 . 2009-11-04 21:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-03 01:42 . 2009-10-03 04:43 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-25 08:07 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20 . 2009-12-09 23:16 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-09 23:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-09 23:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-13 23:58 . 2009-10-13 23:58 241664 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\template\kboot.exe
2009-10-13 23:58 . 2009-10-13 23:58 241664 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\kboot.exe
2009-10-13 23:58 . 2009-10-13 23:58 610304 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\installer\Installer.exe
2009-10-13 18:07 . 2009-10-13 18:07 5981184 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\WebKit.dll
2009-10-13 17:47 . 2009-10-13 17:47 626688 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\Microsoft.VC80.CRT\msvcr80.dll
2009-10-13 17:47 . 2009-10-13 17:47 626688 ----a-w- c:\programdata\Titanium\modules\win32\php\0.7.0\Microsoft.VC80.CRT\msvcr80.dll
2009-10-13 17:47 . 2009-10-13 17:47 548864 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\Microsoft.VC80.CRT\msvcp80.dll
2009-10-13 17:47 . 2009-10-13 17:47 548864 ----a-w- c:\programdata\Titanium\modules\win32\php\0.7.0\Microsoft.VC80.CRT\msvcp80.dll
2009-10-13 17:47 . 2009-10-13 17:47 479232 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\Microsoft.VC80.CRT\msvcm80.dll
2009-10-13 17:47 . 2009-10-13 17:47 479232 ----a-w- c:\programdata\Titanium\modules\win32\php\0.7.0\Microsoft.VC80.CRT\msvcm80.dll
2009-10-13 17:06 . 2009-10-13 17:06 790016 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\JavaScriptCore.dll
2007-10-30 11:10 . 2007-10-30 11:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-05-02 1773568]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-07 408344]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"HostManager"="c:\program files\Common Files\AOL\1198686107\ee\AOLSoftware.exe" [2007-05-25 42032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-25 129560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-26 1261568]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-14 648488]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-01-07 705832]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-23 788880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11/25/2009 4:30 AM 64288]
R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [10/9/2006 3:31 PM 44720]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [6/14/2007 6:22 PM 13184]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [4/18/2007 9:32 PM 39080]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [6/13/2007 7:53 PM 5808]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [9/30/2008 3:06 AM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [9/30/2008 3:06 AM 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [7/9/2007 7:03 PM 221184]
R2 IOPort;IOPort;c:\windows\System32\drivers\IOPORT.SYS [9/20/2004 11:00 AM 6144]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/30/2007 6:44 AM 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [10/30/2007 6:31 AM 2521880]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\System32\drivers\ndiszapu.sys [6/20/2009 11:38 PM 26000]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\System32\drivers\A5AGU.sys [5/8/2006 6:10 PM 347648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [11/2/2006 5:25 AM 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 14:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-05 c:\windows\Tasks\NeroLiveEpgUpdate-Christy-PC_Russell.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 17:51]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{287F291C-9DC6-46E8-97FD-FEF76861EFB0}.job
- c:\windows\system32\msfeedssync.exe [2008-09-30 07:33]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{467C3339-6B4F-4E8D-A30F-28B400872803}.job
- c:\windows\system32\msfeedssync.exe [2008-09-30 07:33]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{C5E9871D-6D60-4EB1-9DB8-48047F733DAC}.job
- c:\windows\system32\msfeedssync.exe [2008-09-30 07:33]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{ED685222-1AC4-4F25-AD9D-144AAE95E65F}.job
- c:\windows\system32\msfeedssync.exe [2008-09-30 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/web?o=14482&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Medical Transcriptio\AppData\Roaming\Mozilla\Firefox\Profiles\javw7hc6.default\
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-MSWUpdate - c:\users\Medical Transcriptio\AppData\Roaming\lsass.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-AltoMP3 Gold - c:\program files\AltoMP3 Gold\uninst.exe
AddRemove-Super Collapse! II - g:\docume~1\DOWNLO~1\SUPERC~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 17:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0x45453D3D

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(652)
c:\windows\SbHpNp.dll

- - - - - - - > 'Explorer.exe'(2304)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
Completion time: 2010-01-05 17:38:58
ComboFix-quarantined-files.txt 2010-01-05 22:38

Pre-Run: 22,059,548,672 bytes free
Post-Run: 22,032,728,064 bytes free

- - End Of File - - D177A0703B2EFA90CB202676457B60A8

When trying to open either browser I get the error message:

Illegal operation attempted on a registry key that has been marked for deletion.

Have you tried rebooting after running combofix?

Is this a work machine?

Rebooting now.....

This is a home machine

Rebooting now.....
Hopefully that will clear up the error.



This is a home machine
Okay, just unusual to see a Business OS on a home machine. And some of the other software looks like Business also. Just making sure.

:) the reboot cleared up the browser loading problem......

Mom works for HP......they had a deal on the computer and MS Office....... LOL but it is a home machine.

Very good! :bigthumb:

Well it appears combofix took out the nasty rootkit that was blocking tools. But let's go back and try running GMER again to make sure nothing else is lurking. Instructions back at this post (http://forums.spybot.info/showpost.php?p=353636&postcount=2).

NOTE: It's the second tool in that post. Not DDS.

LOL I should have paid closer attention.......I ran DDS pretty quickly but waited to post until the 2nd one finished. It took forever and then hung up at the end....I'm going to rerun the program and then post the results......

I might not be able to post it until the morning -- it is close to bed time. Going back to work after a week off is kicking my butt! LOL

well.......I could only run the program in the safe mode -- otherwise it would crash. As a result it didn't scan nearly as many areas. Just the last 4. Here is what was saved:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-06 19:09:36
Windows 6.0.6001 Service Pack 1
Running: iw8jlrlj.exe; Driver: C:\Users\MEDICA~1\AppData\Local\Temp\kgtdafod.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

Okay I think the rootkit is clear. Not sure what's blocking GMER.

Use ATF Cleaner to remove temp files, cookies, cache, ect...
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php)
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire report in your next reply along with a DDS log.


Let me know how it's running too please.

Here is the Malwarebytes log and I'll run DDS next......

Malwarebytes' Anti-Malware 1.43
Database version: 3505
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/6/2010 7:59:41 PM
mbam-log-2010-01-06 (19-59-41).txt

Scan type: Quick Scan
Objects scanned: 135840
Time elapsed: 22 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd140a75-b643-4124-97c5-82ba9de5ee99} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\malwareremovalbot\(default) (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\QuarantineW\2009-02-25 23-22-200 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\QuarantineW\2009-02-25 23-22-200 (Rogue.ErrorFix) -> Files: 553 -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Settings (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Medical Transcriptio\downloads\WinProtectionUpdate_10.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\resultsw.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-25 23-21-010.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-26 12-00-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-26 12-00-001.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-26 23-45-150.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-27 01-04-180.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-27 12-00-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-27 12-00-001.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-28 08-36-390.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-28 12-00-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-28 12-00-001.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\rs.dat (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Log\2009 Dec 30 - 03_30_48 PM_711.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Log\2009 Dec 30 - 05_04_18 PM_892.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Log\2009 Dec 30 - 05_04_27 PM_379.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Log\2009 Dec 30 - 05_06_24 PM_146.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Settings\ScanResults.pie (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\windows\System32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Here is the DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Medical Transcriptio at 20:03:42.01 on Wed 01/06/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2002.770 [GMT -5:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Medical Transcriptio\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/web?o=14482&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\hp\setrefresh\SetRefresh.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HostManager] c:\program files\common files\aol\1198686107\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = SbHpNp scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\medica~1\appdata\roaming\mozilla\firefox\profiles\javw7hc6.default\
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-25 64288]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [2004-9-20 6144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-10-30 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-10-30 2521880]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\system32\drivers\ndiszapu.sys [2009-6-20 26000]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-5-8 347648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-29 34248]

=============== Created Last 30 ================

2010-01-07 00:33:59 0 d-----w- c:\users\medica~1\appdata\roaming\Malwarebytes
2010-01-07 00:33:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 00:33:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 00:33:52 0 d-----w- c:\programdata\Malwarebytes
2010-01-07 00:33:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 21:56:29 293376 ----a-w- C:\iw8jlrlj.exe
2010-01-06 11:37:25 225614 ----a-w- c:\users\medical transcriptio\orderform.pdf
2010-01-06 01:28:31 93056 -c--a-w- C:\kgtdafod.sys
2010-01-05 22:38:31 0 dcsh--w- C:\$RECYCLE.BIN
2010-01-05 22:30:28 0 dc----w- C:\Combo-Fix
2010-01-05 18:09:27 98816 ----a-w- c:\windows\sed.exe
2010-01-05 18:09:27 77312 ----a-w- c:\windows\MBR.exe
2010-01-05 18:09:27 261632 ----a-w- c:\windows\PEV.exe
2010-01-05 18:09:27 161792 ----a-w- c:\windows\SWREG.exe
2010-01-03 15:19:43 0 d-----w- c:\programdata\Office Genuine Advantage
2010-01-02 01:20:34 0 dc----w- C:\91f3b0ea281e7577d7ff
2009-12-31 16:03:18 0 d-----w- c:\program files\Trend Micro
2009-12-31 14:43:49 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 02:41:51 0 dc----w- C:\d36eaf4d68bef20749ed699a
2009-12-31 02:00:36 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-12-31 02:00:36 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-31 02:00:36 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-12-31 02:00:36 16997 ----a-w- c:\windows\system32\ANIO.VXD
2009-12-31 02:00:36 11904 ----a-w- c:\windows\system32\anio4.sys
2009-12-31 02:00:24 663552 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-31 02:00:24 57407 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-31 02:00:24 196608 ----a-w- c:\windows\system32\WlanApp.dll
2009-12-31 02:00:24 184320 ----a-w- c:\windows\system32\aIPH.dll
2009-12-31 02:00:24 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-31 02:00:24 0 d-----w- c:\program files\ANI
2009-12-30 20:36:35 0 dc----w- C:\55ca3c2950db9fa8c1f60fb8ceba
2009-12-30 02:28:57 0 dc----w- C:\0626a7d6b1686d3664116dc6b72f3d
2009-12-30 01:02:19 0 d-----w- c:\programdata\SiteAdvisor
2009-12-30 00:28:08 0 d-----w- c:\users\medica~1\appdata\roaming\Uniblue
2009-12-29 22:23:46 0 d-----w- c:\program files\SiteAdvisor
2009-12-29 22:19:48 0 d-----w- c:\program files\McAfee
2009-12-29 22:17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-29 22:11:06 0 d-----w- c:\programdata\McAfee
2009-12-29 21:16:25 0 d-----w- c:\users\medica~1\appdata\roaming\Tific
2009-12-29 21:15:28 0 d-----w- c:\users\medica~1\appdata\roaming\AVG8
2009-12-29 20:56:21 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-29 20:55:55 0 d-----w- c:\programdata\Norton
2009-12-29 20:51:04 0 d-----w- c:\programdata\NortonInstaller
2009-12-29 18:56:31 0 dc----w- C:\8f769eca39453ab529768da9b6f60b2d
2009-12-29 17:56:59 0 dc----w- C:\34df1b089c6347b81781d7728f
2009-12-29 17:03:50 0 dc----w- C:\d240aec59b299a30ff68c9
2009-12-29 16:08:59 0 dc----w- C:\c891f66fbd98def760
2009-12-29 15:59:40 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-29 15:59:28 0 dc----w- C:\5fa6c63c152843e01729cf3619a0e589
2009-12-29 15:18:13 0 dc----w- C:\4281221f06b1cf30841743
2009-12-29 15:15:33 0 dc----w- C:\0be319f2efcd1b5e6d3413d7
2009-12-29 13:35:48 0 dc----w- C:\b3bf961c2f57de6aacf2a473
2009-12-14 17:23:01 0 d-----w- c:\users\medical transcriptio\Library
2009-12-14 17:22:30 0 d-----w- c:\programdata\Titanium
2009-12-14 17:22:21 0 d-----w- c:\program files\Club Penguin Money Maker
2009-12-14 17:22:01 0 d-----w- c:\users\medica~1\appdata\roaming\Titanium
2009-12-11 08:01:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 08:01:03 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 08:01:03 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2009-11-25 09:29:52 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-25 09:29:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-11 13:11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-11 13:07:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-11 13:07:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-11 13:02:41 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-11 13:02:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-11 13:02:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-28 22:56:35 174 --sha-w- c:\program files\desktop.ini
2008-10-28 22:46:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007122620071227\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2007-10-30 11:10:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:06:05.37 ===============

HOW is it running?

:) So much better!! The pop ups have stopped completely -- woohoo!!!

Thank you for all of your help!! :D:D:D

I think one more scan is in order.

I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Please do a scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition
files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run. (At times it may appear to stall)
* Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
* Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
* Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419

In your next reply post:
Kaspersky log
New DDS log taken after the above scan has run

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, January 7, 2010
Operating system: Microsoft Windows Vista Business Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, January 07, 2010 01:51:48
Records in database: 3331725
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 163081
Threats found: 5
Infected objects found: 6
Suspicious objects found: 1
Scan duration: 02:11:58


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\windows\System32\H8SRTbusxguykxb.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\windows\System32\H8SRTipkipxlofj.dll.vir Infected: Trojan.Win32.FraudPack.ajss 1
C:\Users\Christy\AppData\Local\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Medical Transcriptio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\650996da-5d146537 Infected: Trojan-Downloader.Java.Agent.ab 1
C:\Users\Medical Transcriptio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\12a49b83-76c33ae4 Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\Users\Medical Transcriptio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\38c12a4-27ce0356 Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\Users\Medical Transcriptio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\38c12a4-3ed689a2 Infected: Trojan-Downloader.Java.OpenStream.ad 1

Selected area has been scanned.

And here is the DDS. :) Thank you so much for your help!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Medical Transcriptio at 5:12:48.20 on Thu 01/07/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2002.838 [GMT -5:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Medical Transcriptio\AppData\Local\temp\jkos-Medical Transcriptio\binaries\ScanningProcess.exe
C:\Users\Medical Transcriptio\AppData\Local\temp\jkos-Medical Transcriptio\binaries\ScanningProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\aol\1198686107\ee\anotify.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Medical Transcriptio\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/web?o=14482&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\hp\setrefresh\SetRefresh.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HostManager] c:\program files\common files\aol\1198686107\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = SbHpNp scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\medica~1\appdata\roaming\mozilla\firefox\profiles\javw7hc6.default\
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-25 64288]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [2004-9-20 6144]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-10-30 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-10-30 2521880]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\system32\drivers\ndiszapu.sys [2009-6-20 26000]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-5-8 347648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-29 34248]

=============== Created Last 30 ================

2010-01-07 00:33:59 0 d-----w- c:\users\medica~1\appdata\roaming\Malwarebytes
2010-01-07 00:33:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 00:33:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 00:33:52 0 d-----w- c:\programdata\Malwarebytes
2010-01-07 00:33:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 21:56:29 293376 ----a-w- C:\iw8jlrlj.exe
2010-01-06 11:37:25 225614 ----a-w- c:\users\medical transcriptio\orderform.pdf
2010-01-06 01:28:31 93056 -c--a-w- C:\kgtdafod.sys
2010-01-05 22:38:31 0 dcsh--w- C:\$RECYCLE.BIN
2010-01-05 22:30:28 0 dc----w- C:\Combo-Fix
2010-01-05 18:09:27 98816 ----a-w- c:\windows\sed.exe
2010-01-05 18:09:27 77312 ----a-w- c:\windows\MBR.exe
2010-01-05 18:09:27 261632 ----a-w- c:\windows\PEV.exe
2010-01-05 18:09:27 161792 ----a-w- c:\windows\SWREG.exe
2010-01-03 15:19:43 0 d-----w- c:\programdata\Office Genuine Advantage
2010-01-02 01:20:34 0 dc----w- C:\91f3b0ea281e7577d7ff
2009-12-31 16:03:18 0 d-----w- c:\program files\Trend Micro
2009-12-31 14:43:49 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 02:41:51 0 dc----w- C:\d36eaf4d68bef20749ed699a
2009-12-31 02:00:36 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-12-31 02:00:36 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-31 02:00:36 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-12-31 02:00:36 16997 ----a-w- c:\windows\system32\ANIO.VXD
2009-12-31 02:00:36 11904 ----a-w- c:\windows\system32\anio4.sys
2009-12-31 02:00:24 663552 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-31 02:00:24 57407 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-31 02:00:24 196608 ----a-w- c:\windows\system32\WlanApp.dll
2009-12-31 02:00:24 184320 ----a-w- c:\windows\system32\aIPH.dll
2009-12-31 02:00:24 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-31 02:00:24 0 d-----w- c:\program files\ANI
2009-12-30 20:36:35 0 dc----w- C:\55ca3c2950db9fa8c1f60fb8ceba
2009-12-30 02:28:57 0 dc----w- C:\0626a7d6b1686d3664116dc6b72f3d
2009-12-30 01:02:19 0 d-----w- c:\programdata\SiteAdvisor
2009-12-30 00:28:08 0 d-----w- c:\users\medica~1\appdata\roaming\Uniblue
2009-12-29 22:23:46 0 d-----w- c:\program files\SiteAdvisor
2009-12-29 22:19:48 0 d-----w- c:\program files\McAfee
2009-12-29 22:17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-29 22:11:06 0 d-----w- c:\programdata\McAfee
2009-12-29 21:16:25 0 d-----w- c:\users\medica~1\appdata\roaming\Tific
2009-12-29 21:15:28 0 d-----w- c:\users\medica~1\appdata\roaming\AVG8
2009-12-29 20:56:21 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-29 20:55:55 0 d-----w- c:\programdata\Norton
2009-12-29 20:51:04 0 d-----w- c:\programdata\NortonInstaller
2009-12-29 18:56:31 0 dc----w- C:\8f769eca39453ab529768da9b6f60b2d
2009-12-29 17:56:59 0 dc----w- C:\34df1b089c6347b81781d7728f
2009-12-29 17:03:50 0 dc----w- C:\d240aec59b299a30ff68c9
2009-12-29 16:08:59 0 dc----w- C:\c891f66fbd98def760
2009-12-29 15:59:40 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-29 15:59:28 0 dc----w- C:\5fa6c63c152843e01729cf3619a0e589
2009-12-29 15:18:13 0 dc----w- C:\4281221f06b1cf30841743
2009-12-29 15:15:33 0 dc----w- C:\0be319f2efcd1b5e6d3413d7
2009-12-29 13:35:48 0 dc----w- C:\b3bf961c2f57de6aacf2a473
2009-12-14 17:23:01 0 d-----w- c:\users\medical transcriptio\Library
2009-12-14 17:22:30 0 d-----w- c:\programdata\Titanium
2009-12-14 17:22:21 0 d-----w- c:\program files\Club Penguin Money Maker
2009-12-14 17:22:01 0 d-----w- c:\users\medica~1\appdata\roaming\Titanium
2009-12-11 08:01:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 08:01:03 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 08:01:03 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2009-11-25 09:29:52 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-25 09:29:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-11 13:11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-11 13:07:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-11 13:07:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-11 13:02:41 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-11 13:02:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-11 13:02:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-28 22:56:35 174 --sha-w- c:\program files\desktop.ini
2008-10-28 22:46:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007122620071227\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2007-10-30 11:10:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 5:14:04.23 ===============

Need to clear out the Java cache.

To clear the Java Runtime Environment (JRE) cache, do this:
Click Start Orb > Control Panel.
Click on Programs
Double-click the Java icon.
- The Java Control Panel appears.
Click "Settings" under Temporary Internet Files.
- The Temporary Files Settings dialog box appears.
Click "Delete Files" at the bottom.
- The Delete Temporary Files dialog box appears with options to delete:
Applications and Applets
Trace and Log Files

Click "OK".
Click "OK" on the Temporary Files Settings window.
Close the Java Control Panel.


It appears you may have some infected emails in your Outlook folders. There is no easy way to clear these out with Kaspersky. You can try scanning with your Antivirus, and see if that will clear them out. Or go in and manually delete any suspicious emails/attachments. Do not open them.

We can also clean up any of the tools that were used.

Uninstall Combofix

Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

The above procedure will:

Delete the following: ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

Run OTL and click on the CleanUp button. Reboot if asked.


Let's also check for any security updates that may be needed.

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Need to clear out the Java cache.

To clear the Java Runtime Environment (JRE) cache, do this:
Click Start Orb > Control Panel.
Click on Programs
Double-click the Java icon.
- The Java Control Panel appears.
Click "Settings" under Temporary Internet Files.
- The Temporary Files Settings dialog box appears.
Click "Delete Files" at the bottom.
- The Delete Temporary Files dialog box appears with options to delete:
Applications and Applets
Trace and Log Files

Click "OK".
Click "OK" on the Temporary Files Settings window.
Close the Java Control Panel.




After going to the control panel and clicking programs Java is not a choice.....any other way there?

Take a look at the following link and see if that helps.

http://www.bu.edu/webcentral/learning/vista/howto/clearjava/pc-cacheissues.html

I figured out Java - it's done.
combo-fix is deleted
OTL is done
here is the log:

Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Spybot - Search & Destroy
HijackThis 2.0.2
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

What are you running for an Antivirus program? If any?

Even though the security check doesn't state so, Java is out of date.

Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Also, you should update to SP2 for Vista. This can be done by running Windows Update, or going to the MS site. Or through IE (Tools, Windows Upate).

JAVA is completed......
I did the windows update and before I knew it -- it was updating for SP3. Is that OK?
I was using AVG but sometime during this mess I was prompted to uninstall it....

I did the windows update and before I knew it -- it was updating for SP3. Is that OK?
yes, that's fine



I was using AVG but sometime during this mess I was prompted to uninstall it....
Okay, I'll give you my whole wrap up which will give you a couple other free options if you'd like to try one.

In addition to updating and using what you currently have you may want to consider the following:

Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Here is a list of some free and evaluation versions to try:
AVG AntiVirus (http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-virus-free)
Avast Antivirus Home Version--Free (http://www.avast.com/eng/avast_4_home.html)
Antivir Personal - Free (http://www.free-av.com/)


Install SpywareBlaster - SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/index.php?showtutorial=49)

Install Winpatrol -
Use Winpatrol (http://www.winpatrol.com/) to take control of your PC and provide another layer of security.
Help file and tutorial can be found Here (http://www.winpatrol.com/features.html)

Block unwanted parasites with a custom hosts file -
http://www.mvps.org/winhelp2002/hosts.htm

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

Keep your applications up to date -
Use Secunia Personal Software Inspector (http://secunia.com/vulnerability_scanning/personal/) to help stay on top of application updates that could leave your PC vulnerable to attack.

I'll leave the thread open a few days in case you have questions or issues.

Regards,
Dave

:) thank you SO much for all of your help! I have finished as you have recommended and everything seems to be running GREAT! I truly appreciate the time you have taken and all of the help you have offered. I was at my wits end and I really didn't know what to do next........

Thanks again!
Christy