Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:53 PM, on 2/24/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Webroot\Security\current\plugins\sync\WRSyncManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\test\Desktop\HijackThis.exe
C:\Windows\system32\RunDll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Webroot Browser Helper Object - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\Program Files\Webroot\Security\current\products\WISC\LPBar.dll
O2 - BHO: WRCommonBHO - {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\Program Files\Webroot\Security\current\products\WISC\LPBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [snp2uvc] "C:\Windows\vsnp2uvc.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [PLFSetL] "C:\Windows\PLFSetL.exe"
O4 - HKLM\..\Run: [SNUVCDSM] "C:\Windows\snuvcdsm.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photogize.com/bponet/ImageUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB770838-CCE1-4690-B7C7-6B3D3E025775}: NameServer = 207.70.1.8,198.60.204.8
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14001 bytes

Thanks very much for your help
Jim

Hi Jim,

What are the issues you're having with the system?

Hi- I am getting a whole lot of redirects. Most are to google.com. I am encountering many times when IE8 will stop working and close down my tabs. I have three files/sites that I think have gotten inside my firewall.
1. I.NUSEEK.COM
2. JS.USERS.51.LA
3. AD.OUTERINFOADS.COM

I can't seem to cleanse any of them.
Thanks
Jim

Hi,

Thank you for the description.

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.



Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Hi, copied the DDS files below. I downloaded the GMER file and scanned. The three times I ran GMER my computer I got the dreaded blue screen and it rebooted. I don't have a file from it.

Jim




DDS (Ver_09-12-01.01) - NTFSx86
Run by test at 7:48:41.59 on Sat 03/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.611 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnp2uvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\PROGRA~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE
C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Webroot\Security\current\plugins\sync\WRSyncManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMW7OI6B\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\program files\webroot\security\current\products\wisc\LPBar.dll
BHO: WebrootBHO Class: {d93ec24d-8741-4d41-b83d-a5793b998416} - c:\program files\webroot\security\current\plugins\browserextension\WebrootBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - c:\program files\webroot\security\current\products\wisc\LPBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [HPAdvisor] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Spark] "c:\program files\spark\Spark.exe"
mRun: [snp2uvc] "c:\windows\vsnp2uvc.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [hpWirelessAssistant] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [WAWifiMessage] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
mRun: [PLFSetL] "c:\windows\PLFSetL.exe"
mRun: [SNUVCDSM] "c:\windows\snuvcdsm.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\test\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\test\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.photogize.com/bponet/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {CB770838-CCE1-4690-B7C7-6B3D3E025775} = 207.70.1.8,198.60.204.8
TCP: 351494E44514C435F5055524C49434 = 207.70.1.8,198.60.204.8
TCP: 3696E616 = 207.70.1.8,198.60.204.8
TCP: 6427564602D4569756270275966496 = 207.70.1.8,198.60.204.8
TCP: 8497164747 = 207.70.1.8,198.60.204.8
TCP: E45445745414250205F435 = 207.70.1.8,198.60.204.8
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-7 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2009-12-18 102224]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-22 1153368]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2009-12-18 39400]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2009-12-18 3769736]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2009-12-10 2397536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-29 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-29 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-29 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-29 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-29 118800]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

=============== Created Last 30 ================

2010-03-06 12:33:08 0 d-----w- c:\programdata\WinZip
2010-03-05 04:10:13 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-01 01:28:38 0 d-----w- c:\users\test\.jmf
2010-03-01 01:28:37 89 ----a-w- c:\users\test\userdic.tlx
2010-03-01 01:27:42 0 d-----w- c:\users\test\Spark
2010-03-01 01:27:14 0 d-----w- c:\program files\Spark
2010-02-24 19:05:52 1223 ----a-w- C:\content.xml
2010-02-24 14:29:47 0 d-----w- c:\users\test\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-24 06:49:12 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 06:49:09 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-02-24 06:49:08 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 06:49:06 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 06:48:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 00:51:03 0 d-----w- c:\programdata\NOS
2010-02-20 15:59:40 0 d-----w- c:\program files\Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
2010-02-20 14:29:53 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 20:23:22 0 d-----w- c:\users\test\appdata\roaming\GetRightToGo
2010-02-11 15:04:16 0 d-----w- c:\programdata\McAfee

==================== Find3M ====================

2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-27 17:40:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18:02 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-19 09:02:55 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 20:10:41 4991352 ----a-w- c:\program files\common files\wruninstall.exe
2009-12-18 20:10:39 712072 ----a-w- c:\program files\common files\GenericSB.dll
2009-12-08 11:40:12 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40:12 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32:02 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 7:49:24.74 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2009 2:32:09 PM
System Uptime: 3/6/2010 3:02:50 AM (4 hours ago)

Motherboard: Quanta | | 30BB
Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz | U2E1 | 1733/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 142 GiB total, 88.174 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.67 GiB free.
E: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C6100 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart C6100 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID:
Description: Photosmart C6100 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: Photosmart C6100 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader 9.3
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
AutoUpdate
Bonjour
BufferChm
C4500
CamQuest6 Cam Selection.0408
Conexant HD Audio
Copy
Destinations
DeviceDiscovery
DivX
ERUNT 1.1j
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Connections (remove only)
HP Customer Participation Program 13.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 13.0
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
HP Product Detection
HP QuickPlay 3.0
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HP User Guide 0048
HP Wireless Assistant
HPNetworkAssistant
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
iTunes
Java(TM) 6 Update 17
Java(TM) SE Runtime Environment 6
Junk Mail filter update
LightScribe 1.4.124.1
MarketResearch
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 7.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Media Player
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
My HP Games
Network
OGA Notifier 2.0.0048.0
PANTECH PC USB Modem Software
PhotoshopdotcomInspirationBrowser
PS_AIO_04_C4500_Software_Min
QuickTime
RealPlayer
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shop for HP Supplies
Skype™ 4.1
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Spark 2.5.8
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
System Requirements Lab
Toolbox
TrayApp
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 whiiper
TurboTax 2009 widiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
UM150 Firmware Updates
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio Tools for the Office system 3.0 Runtime
VZAccess Manager
WebReg
Webroot Software
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
WinZip 14.0

==== Event Viewer Messages From Past Week ========

3/5/2010 6:10:45 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/5/2010 6:07:59 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/5/2010 3:12:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
3/5/2010 3:12:03 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2010 3:09:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
3/5/2010 3:09:07 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2010 3:08:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
3/5/2010 3:08:12 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2010 3:07:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000009, 0xc0000001, 0x00000001, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030510-28891-01.
3/4/2010 9:21:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/2/2010 8:21:57 PM, Error: RasMan [20276] - CoId={AB6A42C9-F7EF-4872-992A-FC4360AC0C15}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: COM5 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection
3/2/2010 7:03:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/2/2010 7:03:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
3/1/2010 6:42:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.143.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x80072f76 Error description: The requested header was not found
3/1/2010 5:59:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WebrootSpySweeperService service.
2/28/2010 6:24:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
2/27/2010 6:05:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000009, 0xc0000001, 0x00000001, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022710-23431-01.

==== End Of File ===========================

Hello again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Hi- I downloaded and ran combo-fix. The 50 steps ran fine. The screen indicated that the log report was being generated. The next line said not to run any other programs while it was running. It has stayed that way for over 13 hours now. Is it still working correctly? I am posting this from another computer.
Thanks
Jim

Hi,

Please open task manager and see if there's PEV process running. If it's running, end the process to see if ComboFix finishes its run. Reboot system if run doesn't get finished.

Whew!! Finally able to get this run. Thanks for all your help.

Here are the files.

ComboFix 10-03-08.01 - test 03/08/2010 20:55:53.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.961 [GMT -5:00]
Running from: c:\users\test\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Autorun.inf
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-750201605-1351213844-562018856-500
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-09 02:14 . 2010-03-09 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-07 14:02 . 2010-03-07 14:02 -------- d-----w- c:\program files\IKEA HomePlanner
2010-03-06 22:41 . 2010-03-06 22:41 -------- d-----w- C:\7ffedab50166b21aa56df2d5d6f345fc
2010-03-06 12:33 . 2010-03-06 12:33 -------- d-----w- c:\programdata\WinZip
2010-03-05 04:10 . 2010-03-07 14:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-02 08:11 . 2010-03-02 08:11 -------- d-----w- c:\windows\Sun
2010-03-01 01:28 . 2010-03-01 01:28 -------- d-----w- c:\users\test\.jmf
2010-03-01 01:27 . 2010-03-01 01:30 -------- d-----w- c:\users\test\Spark
2010-03-01 01:27 . 2010-03-01 01:27 -------- d-----w- c:\program files\Spark
2010-02-24 19:12 . 2010-02-24 19:12 -------- d-----w- c:\program files\ERUNT
2010-02-24 14:29 . 2010-02-24 14:29 -------- d-----w- c:\users\test\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-24 06:49 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 06:49 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 06:49 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 06:48 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 00:52 . 2010-02-24 00:52 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-24 00:51 . 2010-02-24 00:51 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-24 00:51 . 2010-02-24 13:19 -------- d-----w- c:\programdata\NOS
2010-02-20 17:48 . 2010-02-23 04:36 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-20 15:59 . 2010-02-20 15:59 3262 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{AACD915A-A897-43FA-BC5B-00D06DFDCD2F}\_13B08E6A0151F39DE3437C.exe
2010-02-20 15:59 . 2010-02-20 15:59 2238 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{AACD915A-A897-43FA-BC5B-00D06DFDCD2F}\_6FEFF9B68218417F98F549.exe
2010-02-20 15:59 . 2010-02-20 15:59 -------- d-----w- c:\program files\Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
2010-02-20 14:29 . 2010-02-20 14:30 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 20:23 . 2010-02-19 04:34 -------- d-----w- c:\users\test\AppData\Roaming\GetRightToGo
2010-02-11 15:04 . 2010-02-11 15:04 -------- d-----w- c:\programdata\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 23:30 . 2009-12-18 20:07 -------- d-----w- c:\programdata\Webroot
2010-03-07 21:41 . 2009-03-18 06:30 -------- d-----w- c:\users\test\AppData\Roaming\Skype
2010-03-01 10:32 . 2009-09-21 13:03 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-24 14:16 . 2009-10-03 13:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 00:55 . 2006-12-18 04:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 00:52 . 2009-06-02 14:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-24 00:52 . 2009-06-02 14:50 38784 ----a-w- c:\users\test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-21 12:54 . 2006-12-18 04:50 -------- d-----w- c:\programdata\Microsoft Help
2010-02-11 14:42 . 2009-02-15 05:31 -------- d-----w- c:\program files\Google
2010-02-05 18:17 . 2009-10-28 18:34 106648 ----a-w- c:\users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-05 17:38 . 2009-06-19 04:24 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-05 17:38 . 2009-06-19 04:23 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-05 17:38 . 2009-06-19 04:23 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-02 02:26 . 2010-02-02 02:26 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb64AB.tmp.exe
2010-01-30 22:43 . 2010-01-30 22:43 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5E1D.tmp.exe
2010-01-27 17:40 . 2009-06-19 04:24 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 17:40 . 2009-06-01 13:40 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 17:40 . 2009-04-13 14:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 17:40 . 2009-06-19 04:24 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 17:40 . 2009-06-19 04:24 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 17:40 . 2009-11-07 23:38 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 17:40 . 2009-06-01 13:38 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 17:40 . 2009-06-19 04:24 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 17:40 . 2009-06-19 04:24 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 17:39 . 2009-06-01 13:28 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 17:39 . 2009-06-01 13:28 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 17:39 . 2009-06-19 04:24 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 17:39 . 2009-06-19 04:23 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 17:39 . 2009-06-19 04:23 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 17:39 . 2009-06-19 04:23 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-23 00:14 . 2009-06-23 01:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 00:03 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 00:03 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 00:03 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 00:03 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-13 20:00 . 2009-02-23 03:59 -------- d-----w- c:\program files\TurboTax
2010-01-08 03:18 . 2010-02-10 00:03 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 00:03 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-29 17:17 . 2009-12-29 17:17 25214 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{E296E0ED-038F-4A5A-9513-642F2FA17A59}\ARPPRODUCTICON.exe
2009-12-29 17:14 . 2009-12-29 17:10 32262536 ----a-w- c:\users\test\AppData\Roaming\Smith Micro\Updates\VZAM_7.2.1_2420b_Pantech_UM150.exe
2009-12-19 09:02 . 2010-01-22 00:19 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 00:03 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 00:03 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 00:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 00:03 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 00:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 00:03 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 20:10 . 2009-12-18 20:10 4991352 ----a-w- c:\program files\Common Files\wruninstall.exe
2009-12-18 20:10 . 2009-12-18 20:10 712072 ----a-w- c:\program files\Common Files\GenericSB.dll
2009-12-10 21:14 . 2009-12-18 20:11 102224 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2009-12-10 21:14 . 2009-12-18 20:07 3075800 -c--a-w- c:\programdata\{66408EAA-F401-427A-BE50-FF5A650CBF07}\WRInstall.exe
2009-12-10 21:12 . 2009-12-18 20:05 261512 -c--a-w- c:\programdata\{66408EAA-F401-427A-BE50-FF5A650CBF07}\OFFLINE\54E229FA\DE0A17F3\WRInstallProgressHelper.dll
2009-12-10 21:12 . 2009-12-18 20:05 190528 -c--a-w- c:\programdata\{66408EAA-F401-427A-BE50-FF5A650CBF07}\OFFLINE\FA6F4296\DE0A17F3\WRSvcAssist.exe
2009-12-10 21:12 . 2009-12-18 20:05 407888 -c--a-w- c:\programdata\{66408EAA-F401-427A-BE50-FF5A650CBF07}\OFFLINE\6952AC12\49E79619\WRCtxMenu.dll
2009-12-10 21:12 . 2009-12-18 20:05 328072 -c--a-w- c:\programdata\{66408EAA-F401-427A-BE50-FF5A650CBF07}\OFFLINE\FB578C53\DE0A17F3\WRCtxMenu.dll
2009-12-10 21:12 . 2009-12-18 20:05 1034616 -c--a-w- c:\programdata\{66408EAA-F401-427A-BE50-FF5A650CBF07}\OFFLINE\B2785152\DE0A17F3\WRTray.exe
2009-12-10 21:10 . 2009-12-18 20:05 50984 -c--a-w- c:\programdata\{66408EAA-F401-427A-BE50-FF5A650CBF07}\OFFLINE\C3BEFA\DE0A17F3\WRConsumerServicePS.dll
2009-12-10 21:08 . 2009-12-18 20:05 2397536 -c--a-w- c:\programdata\{66408EAA-F401-427A-BE50-FF5A650CBF07}\OFFLINE\E3131F5C\DE0A17F3\WRConsumerService.exe
2009-12-10 21:05 . 2009-12-18 20:05 121856 -c--a-w- c:\programdata\{66408EAA-F401-427A-BE50-FF5A650CBF07}\OFFLINE\EA369C90\DE0A17F3\xmllite.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{6B78A880-15CA-468f-8422-A7960AD6FBB9}"
[HKEY_CLASSES_ROOT\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{4EE7A346-5845-471e-9FAB-002EAF83F8B0}"
[HKEY_CLASSES_ROOT\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}"
[HKEY_CLASSES_ROOT\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{493FC96E-B938-4924-9B38-C4088E9B8AC2}"
[HKEY_CLASSES_ROOT\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"Spark"="c:\program files\Spark\Spark.exe" [2007-11-14 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2009-12-10 1034616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-12 150552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-27 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2009-11-03 55056]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2009-11-03 160912]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2009-11-03 160912]
R3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDMWFLT.sys [2009-11-03 13456]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2009-11-03 118800]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys [2009-12-10 102224]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-27 1153368]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2009-12-03 39400]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2009-12-10 2397536]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-06-19 42480]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-08 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-08 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-08 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-08 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
.
------- Supplementary Scan -------
.
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: {CB770838-CCE1-4690-B7C7-6B3D3E025775} = 207.70.1.8,198.60.204.8
TCP: 351494E44514C435F5055524C49434 = 207.70.1.8,198.60.204.8
TCP: 3696E616 = 207.70.1.8,198.60.204.8
TCP: 6427564602D4569756270275966496 = 207.70.1.8,198.60.204.8
TCP: 8497164747 = 207.70.1.8,198.60.204.8
TCP: E45445745414250205F435 = 207.70.1.8,198.60.204.8
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
AddRemove-HijackThis - c:\users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22Z4T89B\HijackThis.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-03-08 21:20:56
ComboFix-quarantined-files.txt 2010-03-09 02:20

Pre-Run: 94,208,327,680 bytes free
Post-Run: 94,118,948,864 bytes free

- - End Of File - - 5E5B0160694DC91548B8046F6E363910



DDS (Ver_09-12-01.01) - NTFSx86
Run by test at 21:34:48.73 on Mon 03/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1008 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Users\test\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\program files\webroot\security\current\products\wisc\LPBar.dll
BHO: WebrootBHO Class: {d93ec24d-8741-4d41-b83d-a5793b998416} - c:\program files\webroot\security\current\plugins\browserextension\WebrootBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - c:\program files\webroot\security\current\products\wisc\LPBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Spark] "c:\program files\spark\Spark.exe"
mRun: [snp2uvc] "c:\windows\vsnp2uvc.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [hpWirelessAssistant] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [WAWifiMessage] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
mRun: [PLFSetL] "c:\windows\PLFSetL.exe"
mRun: [SNUVCDSM] "c:\windows\snuvcdsm.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\test\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\test\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.photogize.com/bponet/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {CB770838-CCE1-4690-B7C7-6B3D3E025775} = 207.70.1.8,198.60.204.8
TCP: 351494E44514C435F5055524C49434 = 207.70.1.8,198.60.204.8
TCP: 3696E616 = 207.70.1.8,198.60.204.8
TCP: 6427564602D4569756270275966496 = 207.70.1.8,198.60.204.8
TCP: 8497164747 = 207.70.1.8,198.60.204.8
TCP: E45445745414250205F435 = 207.70.1.8,198.60.204.8
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-7 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2009-12-18 102224]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-22 1153368]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2009-12-18 39400]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2009-12-18 3769736]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2009-12-10 2397536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-29 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-29 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-29 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-29 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-29 118800]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

=============== Created Last 30 ================

2010-03-09 02:21:12 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-07 21:42:12 77312 ----a-w- c:\windows\MBR.exe
2010-03-07 21:42:11 98816 ----a-w- c:\windows\sed.exe
2010-03-07 21:42:11 261632 ----a-w- c:\windows\PEV.exe
2010-03-07 21:42:11 161792 ----a-w- c:\windows\SWREG.exe
2010-03-07 14:02:13 0 d-----w- c:\program files\IKEA HomePlanner
2010-03-06 22:41:42 0 d-----w- C:\7ffedab50166b21aa56df2d5d6f345fc
2010-03-06 12:33:08 0 d-----w- c:\programdata\WinZip
2010-03-05 04:10:13 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-01 01:28:38 0 d-----w- c:\users\test\.jmf
2010-03-01 01:28:37 89 ----a-w- c:\users\test\userdic.tlx
2010-03-01 01:27:42 0 d-----w- c:\users\test\Spark
2010-03-01 01:27:14 0 d-----w- c:\program files\Spark
2010-02-24 19:05:52 1237 ----a-w- C:\content.xml
2010-02-24 14:29:47 0 d-----w- c:\users\test\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-24 06:49:12 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 06:49:09 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-02-24 06:49:08 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 06:49:06 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 06:48:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 00:51:03 0 d-----w- c:\programdata\NOS
2010-02-20 15:59:40 0 d-----w- c:\program files\Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
2010-02-20 14:29:53 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 20:23:22 0 d-----w- c:\users\test\appdata\roaming\GetRightToGo
2010-02-11 15:04:16 0 d-----w- c:\programdata\McAfee

==================== Find3M ====================

2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-27 17:40:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18:02 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-19 09:02:55 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 20:10:41 4991352 ----a-w- c:\program files\common files\wruninstall.exe
2009-12-18 20:10:39 712072 ----a-w- c:\program files\common files\GenericSB.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:42:26.24 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2009 2:32:09 PM
System Uptime: 3/8/2010 9:31:20 PM (0 hours ago)

Motherboard: Quanta | | 30BB
Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz | U2E1 | 1733/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 142 GiB total, 87.808 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.67 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is FIXED (NTFS) - 932 GiB total, 718.012 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C6100 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart C6100 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID:
Description: Photosmart C6100 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: Photosmart C6100 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader 9.3
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
AutoUpdate
Bonjour
BufferChm
C4500
CamQuest6 Cam Selection.0408
Conexant HD Audio
Copy
Destinations
DeviceDiscovery
DivX
ERUNT 1.1j
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HP Active Support Library
HP Connections (remove only)
HP Customer Participation Program 13.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 13.0
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
HP Product Detection
HP QuickPlay 3.0
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HP User Guide 0048
HP Wireless Assistant
HPNetworkAssistant
HPPhotoGadget
HPProductAssistant
HPSSupply
IKEA Home Planner
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
iTunes
Java(TM) 6 Update 17
Java(TM) SE Runtime Environment 6
Junk Mail filter update
LightScribe 1.4.124.1
MarketResearch
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 7.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Media Player
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
My HP Games
Network
OGA Notifier 2.0.0048.0
PANTECH PC USB Modem Software
PhotoshopdotcomInspirationBrowser
PS_AIO_04_C4500_Software_Min
QuickTime
RealPlayer
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shop for HP Supplies
Skype™ 4.1
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Spark 2.5.8
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
System Requirements Lab
Toolbox
TrayApp
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 whiiper
TurboTax 2009 widiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
UM150 Firmware Updates
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio Tools for the Office system 3.0 Runtime
VZAccess Manager
WebReg
Webroot Software
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
WinZip 14.0

==== Event Viewer Messages From Past Week ========

3/8/2010 9:37:38 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/8/2010 9:35:38 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/8/2010 9:30:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WebrootSpySweeperService service.
3/8/2010 9:15:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/8/2010 8:54:29 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 7:50:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/7/2010 6:15:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
3/7/2010 4:40:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR1.
3/7/2010 3:51:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/6/2010 8:18:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xd226800b, 0x00000000, 0x856b3f60, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030610-23680-01.
3/6/2010 5:43:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xc1b7f000, 0x00000000, 0xae49afec, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030610-26005-01.
3/6/2010 5:28:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xc7f1d000, 0x00000000, 0x983dafec, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030610-33555-01.
3/5/2010 3:12:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
3/5/2010 3:12:03 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2010 3:09:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
3/5/2010 3:09:07 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2010 3:08:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
3/5/2010 3:08:12 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2010 3:07:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000009, 0xc0000001, 0x00000001, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030510-28891-01.
3/2/2010 8:21:57 PM, Error: RasMan [20276] - CoId={AB6A42C9-F7EF-4872-992A-FC4360AC0C15}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: COM5 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection
3/2/2010 7:03:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/1/2010 6:42:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.143.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x80072f76 Error description: The requested header was not found

==== End Of File ===========================

Hi,

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Please post contents of that file in your next reply.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/9/2010 8:13:51 PM
mbam-log-2010-03-09 (20-13-51).txt

Scan type: Quick Scan
Objects scanned: 106074
Time elapsed: 9 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi again,


Get update 9.3.1 for Adobe Reader here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Uninstall this vulnerable Java:
Java(TM) SE Runtime Environment 6



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report & a fresh dds.txt log. Is the redirecting still occuring?

Hi- The redirects seem to have slowed down considerably.

Here are the KAS, DDS & Attach files

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, March 11, 2010
Operating system: Microsoft Home Edition (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, March 11, 2010 15:12:56
Records in database: 3768631
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 349987
Threats found: 5
Infected objects found: 12
Suspicious objects found: 2
Scan duration: 09:25:02


File name / Threat / Threats count
C:\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro. 2c8\Deleted Items\4BAD261C-00000A4D.eml Infected: Trojan.Win32.Agent2.cpgi 1
C:\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro. 2c8\Deleted Items\57772B56-00000AAC.eml Infected: Trojan.Win32.Agent.dmyq 1
C:\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro. 2c8\Deleted Items\7BA1006C-00000A87.eml Infected: Trojan.Win32.Agent.dmyq 1
C:\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro. 2c8\Deleted Items\7F983557-00000AC7.eml Infected: Backdoor.Win32.Bredolab.czy 1
C:\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro.net\Deleted Items\021F0113-00000891.eml Infected: Trojan.Win32.FraudPack.aoda 1
C:\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro.net\Deleted Items\5C11230A-00000869.eml Infected: Trojan.Win32.Agent.dmyq 1
G:\JIMSLAPTOP\Backup Set 2009-01-22 102547\Backup Files 2009-01-22 102547\Backup files 23.zip Suspicious: Trojan-Spy.HTML.Fraud.gen 1
G:\Seagate Backup\JIMSLAPTOP\C\Users\Jim\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\1B994F1C-00000724.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
G:\Seagate Backup\TEST-PC\C\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro. 2c8\Deleted Items\4BAD261C-00000A4D.eml Infected: Trojan.Win32.Agent2.cpgi 1
G:\Seagate Backup\TEST-PC\C\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro. 2c8\Deleted Items\57772B56-00000AAC.eml Infected: Trojan.Win32.Agent.dmyq 1
G:\Seagate Backup\TEST-PC\C\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro. 2c8\Deleted Items\7BA1006C-00000A87.eml Infected: Trojan.Win32.Agent.dmyq 1
G:\Seagate Backup\TEST-PC\C\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro. 2c8\Deleted Items\7F983557-00000AC7.eml Infected: Backdoor.Win32.Bredolab.czy 1
G:\Seagate Backup\TEST-PC\C\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro.net\Deleted Items\021F0113-00000891.eml Infected: Trojan.Win32.FraudPack.aoda 1
G:\Seagate Backup\TEST-PC\C\Users\test\AppData\Local\Microsoft\Windows Live Mail\email.spro.net\Deleted Items\5C11230A-00000869.eml Infected: Trojan.Win32.Agent.dmyq 1

Selected area has been scanned.



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2009 2:32:09 PM
System Uptime: 3/11/2010 12:32:26 PM (12 hours ago)

Motherboard: Quanta | | 30BB
Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz | U2E1 | 797/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 142 GiB total, 87.355 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.67 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is FIXED (NTFS) - 932 GiB total, 717.739 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C6100 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart C6100 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID:
Description: Photosmart C6100 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: Photosmart C6100 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
AutoUpdate
Bonjour
BufferChm
C4500
CamQuest6 Cam Selection.0408
Conexant HD Audio
Copy
Destinations
DeviceDiscovery
DivX
ERUNT 1.1j
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HP Active Support Library
HP Connections (remove only)
HP Customer Participation Program 13.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 13.0
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
HP Product Detection
HP QuickPlay 3.0
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HP User Guide 0048
HP Wireless Assistant
HPNetworkAssistant
HPPhotoGadget
HPProductAssistant
HPSSupply
IKEA Home Planner
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 7.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Media Player
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
My HP Games
Network
OGA Notifier 2.0.0048.0
PANTECH PC USB Modem Software
PhotoshopdotcomInspirationBrowser
PS_AIO_04_C4500_Software_Min
QuickTime
RealPlayer
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shop for HP Supplies
Skype™ 4.1
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Spark 2.5.8
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
System Requirements Lab
Toolbox
TrayApp
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 whiiper
TurboTax 2009 widiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
UM150 Firmware Updates
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio Tools for the Office system 3.0 Runtime
VZAccess Manager
WebReg
Webroot Software
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
WinZip 14.0

==== Event Viewer Messages From Past Week ========

3/8/2010 9:15:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/8/2010 8:54:29 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 10:55:19 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/7/2010 4:40:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR1.
3/7/2010 3:51:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/6/2010 8:18:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xd226800b, 0x00000000, 0x856b3f60, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030610-23680-01.
3/6/2010 5:43:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xc1b7f000, 0x00000000, 0xae49afec, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030610-26005-01.
3/6/2010 5:28:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xc7f1d000, 0x00000000, 0x983dafec, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030610-33555-01.
3/5/2010 3:12:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
3/5/2010 3:12:03 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2010 3:09:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
3/5/2010 3:09:07 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2010 3:08:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
3/5/2010 3:08:12 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2010 3:07:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000009, 0xc0000001, 0x00000001, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030510-28891-01.
3/11/2010 5:16:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
3/11/2010 5:16:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
3/11/2010 5:16:36 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/11/2010 5:15:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WebrootSpySweeperService service.
3/11/2010 5:14:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
3/11/2010 3:38:42 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/11/2010 2:05:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

==== End Of File ===========================



DDS (Ver_09-12-01.01) - NTFSx86
Run by test at 23:59:01.08 on Thu 03/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.697 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnp2uvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\snuvcdsm.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Webroot\Security\current\plugins\sync\WRSyncManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Users\test\AppData\Local\Temp\jkos-test\binaries\ScanningProcess.exe
C:\Users\test\AppData\Local\Temp\jkos-test\binaries\ScanningProcess.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\test\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\program files\webroot\security\current\products\wisc\LPBar.dll
BHO: WebrootBHO Class: {d93ec24d-8741-4d41-b83d-a5793b998416} - c:\program files\webroot\security\current\plugins\browserextension\WebrootBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - c:\program files\webroot\security\current\products\wisc\LPBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Spark] "c:\program files\spark\Spark.exe"
mRun: [snp2uvc] "c:\windows\vsnp2uvc.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [hpWirelessAssistant] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [WAWifiMessage] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
mRun: [PLFSetL] "c:\windows\PLFSetL.exe"
mRun: [SNUVCDSM] "c:\windows\snuvcdsm.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\test\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\test\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.photogize.com/bponet/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {CB770838-CCE1-4690-B7C7-6B3D3E025775} = 207.70.1.8,198.60.204.8
TCP: 351494E44514C435F5055524C49434 = 207.70.1.8,198.60.204.8
TCP: 3696E616 = 207.70.1.8,198.60.204.8
TCP: 6427564602D4569756270275966496 = 207.70.1.8,198.60.204.8
TCP: 8497164747 = 207.70.1.8,198.60.204.8
TCP: E45445745414250205F435 = 207.70.1.8,198.60.204.8
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-7 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 149040]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2009-12-18 102224]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2009-12-18 39400]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42368]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-29 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-29 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-29 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-29 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-29 118800]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

=============== Created Last 30 ================

2010-03-10 01:02:03 0 d-----w- c:\users\test\appdata\roaming\Malwarebytes
2010-03-10 01:01:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 01:01:42 0 d-----w- c:\programdata\Malwarebytes
2010-03-10 01:01:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 01:01:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-09 02:21:12 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-07 21:42:12 77312 ----a-w- c:\windows\MBR.exe
2010-03-07 21:42:11 98816 ----a-w- c:\windows\sed.exe
2010-03-07 21:42:11 261632 ----a-w- c:\windows\PEV.exe
2010-03-07 21:42:11 161792 ----a-w- c:\windows\SWREG.exe
2010-03-07 14:02:13 0 d-----w- c:\program files\IKEA HomePlanner
2010-03-06 22:41:42 0 d-----w- C:\7ffedab50166b21aa56df2d5d6f345fc
2010-03-06 12:33:08 0 d-----w- c:\programdata\WinZip
2010-03-05 04:10:13 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-01 01:28:38 0 d-----w- c:\users\test\.jmf
2010-03-01 01:28:37 89 ----a-w- c:\users\test\userdic.tlx
2010-03-01 01:27:42 0 d-----w- c:\users\test\Spark
2010-03-01 01:27:14 0 d-----w- c:\program files\Spark
2010-02-24 19:05:52 1250 ----a-w- C:\content.xml
2010-02-24 14:29:47 0 d-----w- c:\users\test\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-24 06:49:12 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 06:49:09 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-02-24 06:49:08 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 06:49:06 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 06:48:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 00:51:03 0 d-----w- c:\programdata\NOS
2010-02-20 15:59:40 0 d-----w- c:\program files\Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
2010-02-20 14:29:53 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 20:23:22 0 d-----w- c:\users\test\appdata\roaming\GetRightToGo
2010-02-11 15:04:16 0 d-----w- c:\programdata\McAfee

==================== Find3M ====================

2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-27 17:40:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-12-19 09:02:55 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 20:10:41 4991352 ----a-w- c:\program files\common files\wruninstall.exe
2009-12-18 20:10:39 712072 ----a-w- c:\program files\common files\GenericSB.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:01:25.03 ===============

Hi,

Empty "deleted items" folders of your email accounts. How's the system running now?

Hi,
The system is runnign better overall. Faster to load. The three programs were finally removed. I still have the rediredt issue. Doesn't happen all the time. When I try to load a web page, I will get redirected usually to Google.

Hi,
just tried a few things out. I made a search through Google, Bing and Yahoo for a printer I am looking to buy. Each of the search engines, returned a result for Amazon. Each time I click on the Amazon link, Amazon loads up and thena few seconds later, the page is redirected back to the original search engine.
Hope that helps

Hi,

Are you familiar with these IP addresses: 207.70.1.8,198.60.204.8 ?

Please try to run GMER now by deselecting sections and devices before hitting the scan.

Hi, I am not familiar with those two IP addresses. All three of the websites that were trying to access the computer are back. You didn't ask, but I have pasted the file from the GMER run. BTW, the first time I ran GMER, I got the dreaded blue screen and the computer rebooted.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-12 23:12:52
Windows 6.1.7600
Running: GMER.exe; Driver: C:\Users\test\AppData\Local\Temp\kxldipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwAdjustPrivilegesToken [0x8EBBBF00]
SSDT 85D46BE8 ZwAllocateVirtualMemory
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwConnectPort [0x8EBBC400]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateFile [0x8EBBAD60]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateKey [0x8EBBBBC0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreatePort [0x8EBBC760]
SSDT 85D43120 ZwCreateProcess
SSDT 85087268 ZwCreateProcessEx
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateThread [0x8EBBCA60]
SSDT 85D46A08 ZwCreateThreadEx
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateUserProcess [0x8EBB9F60]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDebugActiveProcess [0x8EBBB6D0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteKey [0x8EBB9920]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteValueKey [0x8EBB9A80]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeviceIoControlFile [0x8EBBB7D0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenFile [0x8EBBAFF0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenProcess [0x8EBB9C40]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenSection [0x8EBBB260]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenThread [0x8EBBBDC0]
SSDT 85D46C60 ZwQueueApcThread
SSDT 85D46AF8 ZwReadVirtualMemory
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwResumeThread [0x8EBB9EB0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSecureConnectPort [0x8EBBC5B0]
SSDT 85D46D50 ZwSetContextThread
SSDT 955CADA8 ZwSetDefaultHardErrorPort
SSDT 85D46FA8 ZwSetInformationProcess
SSDT 85D46DC8 ZwSetInformationThread
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSetValueKey [0x8EBB9780]
SSDT 85D46F30 ZwSuspendProcess
SSDT 85D46CD8 ZwSuspendThread
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwTerminateProcess [0x8EBB9670]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwTerminateThread [0x8EBB9D90]
SSDT 85D46B70 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C25AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C25104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C253F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0D634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0D898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C251DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C25958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C256F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C25F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C261A8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\RunDll32.exe[1140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[1140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[1140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[1140] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[1140] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[1140] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744D2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744B5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744B56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744D250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744C8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744C4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744C50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744C51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744C66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744C82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744C8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744C907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744CE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744C4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5752] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5752] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5752] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5752] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5752] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5752] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5752] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75CC5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Hi,

Open notepad and copy/paste the text in the quotebox below into it:



DDS::
TCP: {CB770838-CCE1-4690-B7C7-6B3D3E025775} = 207.70.1.8,198.60.204.8
TCP: 351494E44514C435F5055524C49434 = 207.70.1.8,198.60.204.8
TCP: 3696E616 = 207.70.1.8,198.60.204.8
TCP: 6427564602D4569756270275966496 = 207.70.1.8,198.60.204.8
TCP: 8497164747 = 207.70.1.8,198.60.204.8
TCP: E45445745414250205F435 = 207.70.1.8,198.60.204.8
Reboot::



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. Any issues still left?

Hi,

Ran the CFScript as directed. combofix ran its 50 tasks. Computer rebooted and Combofix continued. The file is copied below. Still having same redirect problems and the three programs are still trying to access my computer.



ComboFix 10-03-08.01 - test 03/13/2010 7:16.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.878 [GMT -5:00]
Running from: c:\users\test\Desktop\ComboFix.exe
Command switches used :: c:\users\test\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))))))))))))))))))))))))))
.

2010-03-13 12:35 . 2010-03-13 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-11 03:18 . 2010-03-12 12:38 -------- d-----w- c:\users\test\AppData\Local\Adobe
2010-03-10 01:02 . 2010-03-10 01:02 -------- d-----w- c:\users\test\AppData\Roaming\Malwarebytes
2010-03-10 01:01 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 01:01 . 2010-03-10 01:01 -------- d-----w- c:\programdata\Malwarebytes
2010-03-10 01:01 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 01:01 . 2010-03-10 01:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 14:02 . 2010-03-07 14:02 -------- d-----w- c:\program files\IKEA HomePlanner
2010-03-06 22:41 . 2010-03-06 22:41 -------- d-----w- C:\7ffedab50166b21aa56df2d5d6f345fc
2010-03-06 12:33 . 2010-03-06 12:33 -------- d-----w- c:\programdata\WinZip
2010-03-05 04:10 . 2010-03-07 14:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-02 08:11 . 2010-03-02 08:11 -------- d-----w- c:\windows\Sun
2010-03-01 01:28 . 2010-03-01 01:28 -------- d-----w- c:\users\test\.jmf
2010-03-01 01:27 . 2010-03-01 01:30 -------- d-----w- c:\users\test\Spark
2010-03-01 01:27 . 2010-03-01 01:27 -------- d-----w- c:\program files\Spark
2010-02-24 19:12 . 2010-02-24 19:12 -------- d-----w- c:\program files\ERUNT
2010-02-24 14:29 . 2010-02-24 14:29 -------- d-----w- c:\users\test\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-24 06:49 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 06:49 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 06:49 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 06:48 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 00:51 . 2010-02-24 13:19 -------- d-----w- c:\programdata\NOS
2010-02-20 17:48 . 2010-02-23 04:36 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-20 15:59 . 2010-02-20 15:59 -------- d-----w- c:\program files\Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
2010-02-20 14:29 . 2010-03-11 08:11 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 20:23 . 2010-02-19 04:34 -------- d-----w- c:\users\test\AppData\Roaming\GetRightToGo
2010-02-11 15:04 . 2010-02-11 15:04 -------- d-----w- c:\programdata\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 12:25 . 2009-12-18 20:07 -------- d-----w- c:\programdata\Webroot
2010-03-13 02:56 . 2009-03-18 06:30 -------- d-----w- c:\users\test\AppData\Roaming\Skype
2010-03-11 08:13 . 2006-12-18 04:50 -------- d-----w- c:\programdata\Microsoft Help
2010-03-11 00:24 . 2006-12-18 05:26 -------- d-----w- c:\program files\Java
2010-02-24 14:16 . 2009-10-03 13:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 00:55 . 2006-12-18 04:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 00:52 . 2009-06-02 14:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-11 14:42 . 2009-02-15 05:31 -------- d-----w- c:\program files\Google
2010-02-05 18:17 . 2009-10-28 18:34 106648 ----a-w- c:\users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-27 17:40 . 2009-04-13 14:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-23 00:14 . 2009-06-23 01:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 00:03 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 00:03 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 00:03 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 00:03 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-13 20:00 . 2009-02-23 03:59 -------- d-----w- c:\program files\TurboTax
2010-01-08 03:18 . 2010-02-10 00:03 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 00:03 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-19 09:02 . 2010-01-22 00:19 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 00:03 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 00:03 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 00:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 00:03 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 00:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 00:03 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 20:10 . 2009-12-18 20:10 4991352 ----a-w- c:\program files\Common Files\wruninstall.exe
2009-12-18 20:10 . 2009-12-18 20:10 712072 ----a-w- c:\program files\Common Files\GenericSB.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{6B78A880-15CA-468f-8422-A7960AD6FBB9}"
[HKEY_CLASSES_ROOT\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{4EE7A346-5845-471e-9FAB-002EAF83F8B0}"
[HKEY_CLASSES_ROOT\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}"
[HKEY_CLASSES_ROOT\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{493FC96E-B938-4924-9B38-C4088E9B8AC2}"
[HKEY_CLASSES_ROOT\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"Spark"="c:\program files\Spark\Spark.exe" [2007-11-14 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2009-12-10 1034616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-12 150552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-27 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2009-11-03 55056]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2009-11-03 160912]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2009-11-03 160912]
R3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDMWFLT.sys [2009-11-03 13456]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2009-11-03 118800]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys [2009-12-10 102224]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-27 1153368]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2009-12-03 39400]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2009-12-10 2397536]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]

2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: 351494E44514C435F5055524C49434 = 207.70.1.8,198.60.204.8
TCP: 3696E616 = 207.70.1.8,198.60.204.8
TCP: 6427564602D4569756270275966496 = 207.70.1.8,198.60.204.8
TCP: 8497164747 = 207.70.1.8,198.60.204.8
TCP: E45445745414250205F435 = 207.70.1.8,198.60.204.8
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5300)
c:\program files\Webroot\Security\Current\plugins\antispam\Hooks32.dll
c:\program files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\progra~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE
c:\program files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Webroot\Security\current\plugins\antimalware\SSU.EXE
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Completion time: 2010-03-13 07:52:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-13 12:52
ComboFix2.txt 2010-03-09 02:20

Pre-Run: 94,788,001,792 bytes free
Post-Run: 94,851,760,128 bytes free

- - End Of File - - 02B53D07C5537820D4F237C31DD29DB3

Hi,

Turn off Webroot protection and Microsoft Security Essentials. Then run ComboFix with the script again.

ComboFix 10-03-13.01 - test 03/13/2010 20:00:29.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1045 [GMT -5:00]
Running from: c:\users\test\Desktop\Security Issues 03.2010\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 01:20 . 2010-03-14 01:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-14 01:20 . 2010-03-14 01:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-11 03:18 . 2010-03-12 12:38 -------- d-----w- c:\users\test\AppData\Local\Adobe
2010-03-10 10:21 . 2010-03-10 10:24 20829680 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-10 10:21 . 2010-03-10 10:21 8405312 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-10 10:20 . 2010-03-10 10:20 149000 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-10 10:19 . 2010-03-10 10:20 10309448 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-10 10:17 . 2010-03-10 10:17 181768 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-10 10:17 . 2010-03-10 10:17 283280 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-10 10:17 . 2010-03-10 10:17 79368 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-10 10:17 . 2010-03-10 10:17 64000 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-10 10:17 . 2010-03-10 10:17 52288 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-10 10:17 . 2010-03-10 10:17 50688 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-10 10:17 . 2010-03-10 10:17 118784 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-10 10:17 . 2010-03-10 10:17 49152 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-10 01:06 . 2010-03-10 01:06 439816 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-10 01:02 . 2010-03-10 01:02 -------- d-----w- c:\users\test\AppData\Roaming\Malwarebytes
2010-03-10 01:01 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 01:01 . 2010-03-10 01:01 -------- d-----w- c:\programdata\Malwarebytes
2010-03-10 01:01 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 01:01 . 2010-03-10 01:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 14:02 . 2010-03-07 14:02 -------- d-----w- c:\program files\IKEA HomePlanner
2010-03-06 22:41 . 2010-03-06 22:41 -------- d-----w- C:\7ffedab50166b21aa56df2d5d6f345fc
2010-03-06 12:33 . 2010-03-06 12:33 -------- d-----w- c:\programdata\WinZip
2010-03-05 04:10 . 2010-03-07 14:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-02 08:11 . 2010-03-02 08:11 -------- d-----w- c:\windows\Sun
2010-03-01 01:28 . 2010-03-01 01:28 -------- d-----w- c:\users\test\.jmf
2010-03-01 01:27 . 2010-03-01 01:30 -------- d-----w- c:\users\test\Spark
2010-03-01 01:27 . 2010-03-01 01:27 -------- d-----w- c:\program files\Spark
2010-02-24 19:12 . 2010-02-24 19:12 -------- d-----w- c:\program files\ERUNT
2010-02-24 14:29 . 2010-02-24 14:29 -------- d-----w- c:\users\test\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-24 06:49 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 06:49 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 06:49 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 06:48 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 00:52 . 2010-02-24 00:52 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-24 00:51 . 2010-02-24 00:51 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-24 00:51 . 2010-02-24 13:19 -------- d-----w- c:\programdata\NOS
2010-02-20 17:48 . 2010-02-23 04:36 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-20 15:59 . 2010-02-20 15:59 3262 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{AACD915A-A897-43FA-BC5B-00D06DFDCD2F}\_13B08E6A0151F39DE3437C.exe
2010-02-20 15:59 . 2010-02-20 15:59 2238 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{AACD915A-A897-43FA-BC5B-00D06DFDCD2F}\_6FEFF9B68218417F98F549.exe
2010-02-20 15:59 . 2010-02-20 15:59 -------- d-----w- c:\program files\Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
2010-02-20 14:29 . 2010-03-13 19:01 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 20:23 . 2010-02-19 04:34 -------- d-----w- c:\users\test\AppData\Roaming\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 01:13 . 2009-12-18 20:07 -------- d-----w- c:\programdata\Webroot
2010-03-13 19:27 . 2009-03-18 06:30 -------- d-----w- c:\users\test\AppData\Roaming\Skype
2010-03-11 08:13 . 2006-12-18 04:50 -------- d-----w- c:\programdata\Microsoft Help
2010-03-11 00:24 . 2006-12-18 05:26 -------- d-----w- c:\program files\Java
2010-03-01 10:32 . 2009-09-21 13:03 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-24 14:16 . 2009-10-03 13:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 00:55 . 2006-12-18 04:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 00:52 . 2009-06-02 14:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-24 00:52 . 2009-06-02 14:50 38784 ----a-w- c:\users\test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-11 15:04 . 2010-02-11 15:04 -------- d-----w- c:\programdata\McAfee
2010-02-11 14:42 . 2009-02-15 05:31 -------- d-----w- c:\program files\Google
2010-02-05 18:17 . 2009-10-28 18:34 106648 ----a-w- c:\users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-05 17:38 . 2009-06-19 04:24 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-05 17:38 . 2009-06-19 04:23 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-05 17:38 . 2009-06-19 04:23 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-02 02:26 . 2010-02-02 02:26 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb64AB.tmp.exe
2010-01-30 22:43 . 2010-01-30 22:43 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5E1D.tmp.exe
2010-01-27 17:40 . 2009-06-19 04:24 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 17:40 . 2009-06-01 13:40 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 17:40 . 2009-04-13 14:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 17:40 . 2009-06-19 04:24 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 17:40 . 2009-06-19 04:24 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 17:40 . 2009-11-07 23:38 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 17:40 . 2009-06-01 13:38 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 17:40 . 2009-06-19 04:24 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 17:40 . 2009-06-19 04:24 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 17:39 . 2009-06-01 13:28 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 17:39 . 2009-06-01 13:28 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 17:39 . 2009-06-19 04:24 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 17:39 . 2009-06-19 04:23 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 17:39 . 2009-06-19 04:23 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 17:39 . 2009-06-19 04:23 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-23 00:14 . 2009-06-23 01:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 00:03 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 00:03 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 00:03 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 00:03 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-13 20:00 . 2009-02-23 03:59 -------- d-----w- c:\program files\TurboTax
2010-01-08 03:18 . 2010-02-10 00:03 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 00:03 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-29 17:17 . 2009-12-29 17:17 25214 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{E296E0ED-038F-4A5A-9513-642F2FA17A59}\ARPPRODUCTICON.exe
2009-12-29 17:14 . 2009-12-29 17:10 32262536 ----a-w- c:\users\test\AppData\Roaming\Smith Micro\Updates\VZAM_7.2.1_2420b_Pantech_UM150.exe
2009-12-19 09:02 . 2010-01-22 00:19 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 00:03 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 00:03 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 00:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 00:03 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 00:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 00:03 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 20:10 . 2009-12-18 20:10 4991352 ----a-w- c:\program files\Common Files\wruninstall.exe
2009-12-18 20:10 . 2009-12-18 20:10 712072 ----a-w- c:\program files\Common Files\GenericSB.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-09_02.15.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-29 04:19 . 2010-03-09 03:51 33182 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-03-14 00:55 36312 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-30 14:13 . 2010-03-14 00:55 10372 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2613721486-2466184251-1953233058-1000_UserData.bin
+ 2009-10-28 17:36 . 2010-03-14 00:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-28 17:36 . 2010-03-08 23:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-28 17:36 . 2010-03-14 00:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-28 17:36 . 2010-03-08 23:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-03-14 00:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-03-08 23:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2010-03-13 03:24 78752 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-10-28 22:13 . 2010-03-14 01:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-28 22:13 . 2010-03-09 02:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-28 22:13 . 2010-03-14 01:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-28 22:13 . 2010-03-09 02:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-28 22:13 . 2010-03-09 02:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-28 22:13 . 2010-03-14 01:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-19 04:29 . 2010-02-21 12:54 35088 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-02-19 04:29 . 2010-03-11 08:13 35088 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-02-19 04:29 . 2010-02-21 12:54 18704 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-02-19 04:29 . 2010-03-11 08:13 18704 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-02-19 04:29 . 2010-02-21 12:54 20240 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-19 04:29 . 2010-03-11 08:13 20240 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-13 23:26 . 2009-07-14 01:03 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7600.20655_none_0ca29ea86ca54783\AcRes.dll
+ 2009-07-13 23:26 . 2009-07-14 01:03 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7600.16539_none_0c32a2dd5373d533\AcRes.dll
+ 2010-03-09 03:46 . 2010-03-09 03:46 3584 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4F5248D4-2B2E-11DF-A8BE-001B245685E9}.dat
+ 2010-03-09 03:46 . 2010-03-09 03:46 4096 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4F5248D5-2B2E-11DF-A8BE-001B245685E9}.dat
- 2010-03-06 16:55 . 2010-03-08 23:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-13 12:05 . 2010-03-14 00:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-06 16:55 . 2010-03-08 23:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-13 12:05 . 2010-03-14 00:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:26 . 2009-07-14 01:14 211968 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.20655_none_0ca69fd06ca1acdf\AcXtrnal.dll
+ 2009-07-13 23:27 . 2009-07-14 01:14 559616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.20655_none_0ca69fd06ca1acdf\AcLayers.dll
+ 2009-07-13 23:26 . 2009-07-14 01:14 211968 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.16539_none_0c36a40553703a8f\AcXtrnal.dll
+ 2009-07-13 23:27 . 2009-07-14 01:14 559616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.16539_none_0c36a40553703a8f\AcLayers.dll
+ 2009-10-28 20:02 . 2010-03-11 19:06 291656 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:05 . 2010-03-08 23:17 617036 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-03-14 01:00 617036 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-03-14 01:00 104418 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-03-08 23:17 104418 c:\windows\System32\perfc009.dat
- 2009-12-01 22:15 . 2009-10-11 11:17 149280 c:\windows\System32\javaws.exe
+ 2010-03-11 00:23 . 2009-10-11 11:17 149280 c:\windows\System32\javaws.exe
- 2009-12-01 22:15 . 2009-10-11 11:17 145184 c:\windows\System32\javaw.exe
+ 2010-03-11 00:23 . 2009-10-11 11:17 145184 c:\windows\System32\javaw.exe
+ 2010-03-11 00:23 . 2009-10-11 11:17 145184 c:\windows\System32\java.exe
- 2009-12-01 22:15 . 2009-10-11 11:17 145184 c:\windows\System32\java.exe
+ 2010-03-10 23:15 . 2010-03-10 23:15 295606 c:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
- 2010-02-19 04:29 . 2010-02-21 12:54 239376 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\pj11icon.exe
+ 2010-02-19 04:29 . 2010-03-11 08:13 239376 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\pj11icon.exe
- 2010-02-19 04:29 . 2010-02-21 12:54 217864 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\misc.exe
+ 2010-02-19 04:29 . 2010-03-11 08:13 217864 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\misc.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-04-10 14:20 . 2008-04-10 14:20 638976 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA746454382090000000040\9.0.0\AdobeLinguistic.dll
+ 2010-03-13 12:07 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\3-13-2010\ERDNT.EXE
+ 2010-03-13 03:14 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\3-12-2010\ERDNT.EXE
+ 2010-03-11 10:16 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\3-11-2010\ERDNT.EXE
- 2009-07-14 02:03 . 2010-03-08 23:31 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-03-13 14:12 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 04:34 . 2010-02-24 10:28 3843942 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-03-11 08:39 . 2010-03-11 08:39 3843942 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-02-04 22:24 . 2010-02-04 22:24 9122304 c:\windows\Installer\b3336c1.msp
+ 2010-02-21 06:00 . 2010-02-21 06:00 8480768 c:\windows\Installer\b333667.msp
+ 2010-02-24 10:16 . 2010-02-24 10:16 5527040 c:\windows\Installer\9515f9e.msp
+ 2006-12-18 04:53 . 2010-03-11 08:12 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-10-28 03:34 . 2009-10-28 03:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2010-03-13 12:07 . 2010-03-13 12:07 4653056 c:\windows\ERDNT\AutoBackup\3-13-2010\Users\00000002\UsrClass.dat
+ 2010-03-13 12:07 . 2010-03-13 12:07 4562944 c:\windows\ERDNT\AutoBackup\3-13-2010\Users\00000001\NTUSER.DAT
+ 2010-03-13 03:14 . 2010-03-13 03:14 4653056 c:\windows\ERDNT\AutoBackup\3-12-2010\Users\00000002\UsrClass.dat
+ 2010-03-13 03:14 . 2010-03-13 03:14 4562944 c:\windows\ERDNT\AutoBackup\3-12-2010\Users\00000001\NTUSER.DAT
+ 2010-03-11 10:16 . 2010-03-11 10:16 4653056 c:\windows\ERDNT\AutoBackup\3-11-2010\Users\00000002\UsrClass.dat
+ 2010-03-11 10:16 . 2010-03-11 10:16 4562944 c:\windows\ERDNT\AutoBackup\3-11-2010\Users\00000001\NTUSER.DAT
+ 2009-07-14 07:18 . 2010-03-10 10:28 63061549 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
+ 2009-11-11 14:35 . 2010-03-02 05:30 31648712 c:\windows\System32\MRT.exe
+ 2009-11-21 04:46 . 2009-11-21 04:46 11524608 c:\windows\Installer\b3336d4.msp
+ 2010-03-10 23:14 . 2010-03-10 23:14 20672000 c:\windows\Installer\9516051.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{6B78A880-15CA-468f-8422-A7960AD6FBB9}"
[HKEY_CLASSES_ROOT\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{4EE7A346-5845-471e-9FAB-002EAF83F8B0}"
[HKEY_CLASSES_ROOT\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}"
[HKEY_CLASSES_ROOT\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{493FC96E-B938-4924-9B38-C4088E9B8AC2}"
[HKEY_CLASSES_ROOT\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"Spark"="c:\program files\Spark\Spark.exe" [2007-11-14 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2009-12-10 1034616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-12 150552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-27 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2009-11-03 55056]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2009-11-03 160912]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2009-11-03 160912]
R3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDMWFLT.sys [2009-11-03 13456]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2009-11-03 118800]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys [2009-12-10 102224]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-27 1153368]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2009-12-03 39400]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2009-12-10 2397536]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: 351494E44514C435F5055524C49434 = 207.70.1.8,198.60.204.8
TCP: 3696E616 = 207.70.1.8,198.60.204.8
TCP: 6427564602D4569756270275966496 = 207.70.1.8,198.60.204.8
TCP: 8497164747 = 207.70.1.8,198.60.204.8
TCP: E45445745414250205F435 = 207.70.1.8,198.60.204.8
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-03-13 20:26:45
ComboFix-quarantined-files.txt 2010-03-14 01:26
ComboFix2.txt 2010-03-13 12:53
ComboFix3.txt 2010-03-09 02:20

Pre-Run: 95,168,356,352 bytes free
Post-Run: 95,117,672,448 bytes free

- - End Of File - - C0355E651C54379380B76E04A27CB21E

Hi,

Please try to run ComboFix with that script in safe mode.

ComboFix 10-03-14.03 - test 03/14/2010 16:55:55.9.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1488 [GMT -4:00]
Running from: c:\users\test\Desktop\Security Issues 03.2010\ComboFix.exe
Command switches used :: c:\users\test\Desktop\Security Issues 03.2010\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 21:03 . 2010-03-14 21:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-14 21:03 . 2010-03-14 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-14 20:54 . 2010-03-14 20:54 -------- d-----w- C:\32788R22FWJFW
2010-03-11 03:18 . 2010-03-12 12:38 -------- d-----w- c:\users\test\AppData\Local\Adobe
2010-03-10 01:02 . 2010-03-10 01:02 -------- d-----w- c:\users\test\AppData\Roaming\Malwarebytes
2010-03-10 01:01 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 01:01 . 2010-03-10 01:01 -------- d-----w- c:\programdata\Malwarebytes
2010-03-10 01:01 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 01:01 . 2010-03-10 01:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 14:02 . 2010-03-07 14:02 -------- d-----w- c:\program files\IKEA HomePlanner
2010-03-06 22:41 . 2010-03-06 22:41 -------- d-----w- C:\7ffedab50166b21aa56df2d5d6f345fc
2010-03-06 12:33 . 2010-03-06 12:33 -------- d-----w- c:\programdata\WinZip
2010-03-05 04:10 . 2010-03-07 14:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-02 08:11 . 2010-03-02 08:11 -------- d-----w- c:\windows\Sun
2010-03-01 01:28 . 2010-03-01 01:28 -------- d-----w- c:\users\test\.jmf
2010-03-01 01:27 . 2010-03-01 01:30 -------- d-----w- c:\users\test\Spark
2010-03-01 01:27 . 2010-03-01 01:27 -------- d-----w- c:\program files\Spark
2010-02-24 19:12 . 2010-02-24 19:12 -------- d-----w- c:\program files\ERUNT
2010-02-24 14:29 . 2010-02-24 14:29 -------- d-----w- c:\users\test\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-24 06:49 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 06:49 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 06:49 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 06:48 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 00:51 . 2010-02-24 13:19 -------- d-----w- c:\programdata\NOS
2010-02-20 17:48 . 2010-02-23 04:36 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-20 15:59 . 2010-02-20 15:59 -------- d-----w- c:\program files\Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
2010-02-20 14:29 . 2010-03-13 19:01 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 20:23 . 2010-02-19 04:34 -------- d-----w- c:\users\test\AppData\Roaming\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 19:53 . 2009-12-18 20:07 -------- d-----w- c:\programdata\Webroot
2010-03-14 17:32 . 2009-03-18 06:30 -------- d-----w- c:\users\test\AppData\Roaming\Skype
2010-03-11 08:13 . 2006-12-18 04:50 -------- d-----w- c:\programdata\Microsoft Help
2010-03-11 00:24 . 2006-12-18 05:26 -------- d-----w- c:\program files\Java
2010-02-24 13:16 . 2009-10-03 13:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 00:55 . 2006-12-18 04:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 00:52 . 2009-06-02 14:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-11 15:04 . 2010-02-11 15:04 -------- d-----w- c:\programdata\McAfee
2010-02-11 14:42 . 2009-02-15 05:31 -------- d-----w- c:\program files\Google
2010-02-05 18:17 . 2009-10-28 18:34 106648 ----a-w- c:\users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-27 17:40 . 2009-04-13 14:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-23 00:14 . 2009-06-23 01:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 00:03 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 00:03 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 00:03 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 00:03 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18 . 2010-02-10 00:03 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 00:03 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-19 09:02 . 2010-01-22 00:19 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 00:03 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 00:03 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 00:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 00:03 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 00:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 00:03 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 20:10 . 2009-12-18 20:10 4991352 ----a-w- c:\program files\Common Files\wruninstall.exe
2009-12-18 20:10 . 2009-12-18 20:10 712072 ----a-w- c:\program files\Common Files\GenericSB.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{6B78A880-15CA-468f-8422-A7960AD6FBB9}"
[HKEY_CLASSES_ROOT\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{4EE7A346-5845-471e-9FAB-002EAF83F8B0}"
[HKEY_CLASSES_ROOT\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}"
[HKEY_CLASSES_ROOT\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{493FC96E-B938-4924-9B38-C4088E9B8AC2}"
[HKEY_CLASSES_ROOT\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"Spark"="c:\program files\Spark\Spark.exe" [2007-11-14 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF27041.cfxxe" [X]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2009-12-10 1034616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-12 150552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-27 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF27041.cfxxe" [X]
"GrpConv"="grpconv -o" [X]

c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2009-11-03 55056]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2009-11-03 160912]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2009-11-03 160912]
R3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDMWFLT.sys [2009-11-03 13456]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2009-11-03 118800]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys [2009-12-10 102224]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-27 1153368]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2009-12-03 39400]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2009-12-10 2397536]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: 351494E44514C435F5055524C49434 = 207.70.1.8,198.60.204.8
TCP: 3696E616 = 207.70.1.8,198.60.204.8
TCP: 6427564602D4569756270275966496 = 207.70.1.8,198.60.204.8
TCP: 8497164747 = 207.70.1.8,198.60.204.8
TCP: E45445745414250205F435 = 207.70.1.8,198.60.204.8
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5052)
c:\program files\Webroot\Security\Current\plugins\antispam\Hooks32.dll
c:\program files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\progra~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE
c:\program files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Webroot\Security\current\plugins\antimalware\SSU.EXE
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Completion time: 2010-03-14 17:18:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-14 21:18
ComboFix2.txt 2010-03-14 17:58
ComboFix3.txt 2010-03-14 01:26
ComboFix4.txt 2010-03-13 12:53
ComboFix5.txt 2010-03-14 19:23

Pre-Run: 95,016,308,736 bytes free
Post-Run: 94,976,409,600 bytes free

- - End Of File - - E9E014AE7CAA2EC226ED9D63B645B5D5

Hi,

Let's try with HijackThis. Make sure all your protection software is disabled.

Right-click Hijackthis icon and select 'run as administrator', do a system scan only, checkmark:
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB770838-CCE1-4690-B7C7-6B3D3E025775}: NameServer = 207.70.1.8,198.60.204.8

Close browser windows and fix checked.

Reboot and post a fresh hjt log.

Hi,
When I ran Hijackthis, the line number 017 didn't appear in the scan results. Here is the scan log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:40 PM, on 3/15/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\snuvcdsm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
C:\Users\test\Desktop\Security Issues 03.2010\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Webroot Browser Helper Object - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\Program Files\Webroot\Security\current\products\WISC\LPBar.dll
O2 - BHO: WRCommonBHO - {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\Program Files\Webroot\Security\current\products\WISC\LPBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [snp2uvc] "C:\Windows\vsnp2uvc.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [PLFSetL] "C:\Windows\PLFSetL.exe"
O4 - HKLM\..\Run: [SNUVCDSM] "C:\Windows\snuvcdsm.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [GrpConv] "grpconv" -o
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Spark] "C:\Program Files\Spark\Spark.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photogize.com/bponet/ImageUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13118 bytes

Hi,

How's the system running now?

Hi, sorry it took so long. The redirect issue seems to be gone for now. I still have the three programs that are trying to access my computer. I.NUSEEK.COM, JS.USERS.51.LA & AD.OUTERINFOADS.COM

Hi,

What program detects those addresses?

Webroot is finding them.

Hi,

I think it's possibly your hosts file conflicting with Webroot. Let's reset the file and see if it helps.

Download the HostsXpert (http://www.majorgeeks.com/Hoster_d4626.html).

* Unzip HostsXpert to a convenient folder such as C:\HostsXpert
* Right click HostsXpert.exe and select 'run as administrator' to Run HostsXpert from its new home
* Click
Make Hosts Writable?
in the upper right corner (If available).
* Click Restore Microsoft's Hosts file and then click OK.
* Click the X to exit the program.
* Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Hi, ran HostsXpert. Still have the three programs

Hi,

Archive c:\windows\system32\drivers\etc\HOSTS file into a zip file and attach it to your post, please.

Hope I did it right. The zip file is attached.

Looks ok. When Webroot makes alert about those three items you mentioned does it happen while surfing some specific sites? Could you provide a screenshot of one of those alerts?

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.