I'm stuck.....

Status
Not open for further replies.
C

clcakes

New member
I have picked something up on my computer. :( It is causing an insane amount of pop-ups and I can't get rid of it. I also can not install SpyBot S&D. When I try to the computer reboots and gives me this message when it comes back on it states that Spybot has stopped working. This is the details under the message:

Problem signature:
Problem Event Name: APPCRASH
Application Name: SpybotSD.exe
Application Version: 1.6.2.46
Application Timestamp: 2a425e19
Fault Module Name: SpybotSD.exe
Fault Module Version: 1.6.2.46
Fault Module Timestamp: 2a425e19
Exception Code: 80000003
Exception Offset: 002e5bb0
OS Version: 6.0.6001.2.1.0.256.6
Locale ID: 1033
Additional Information 1: d18c
Additional Information 2: d916fd58afed57c995b7d8ef5bc81b76
Additional Information 3: 1534
Additional Information 4: c0e2885634414ca20f82a6a628faa4bd

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409


I have run hijackthis and here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:38 AM, on 12/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\hkcmd.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?o=14482&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198686107\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [winupdate86.exe] C:\Windows\system32\winupdate86.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSWUpdate] C:\Users\Medical Transcriptio\AppData\Roaming\lsass.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 12696 bytes

Any help would be greatly appreciated.......

Thank you!
 
Hi clcakes and welcome to the forums here at Spybot S&D.

I'd like to get better look at things before we make any changes.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
 
Happy New Year! Thanks for getting back to me -- I really appreciate the help.

I was able to do the first part that you requested (let me know if I didn't do the upload correctly) but I'm having problems w/the 2nd program. It gets almost to the end and the computer reboots itself. I'm going to try again -- wish me luck!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Medical Transcriptio at 18:28:43.56 on Thu 12/31/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2002.800 [GMT -5:00]

SP: MalwareRemovalBot *disabled* (Updated) {17AEFC99-0DC8-4940-90B8-08A89D9706CF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k Cognizance
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Medical Transcriptio\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/web?o=14482&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [<NO NAME>]
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MSWUpdate] c:\users\medical transcriptio\appdata\roaming\lsass.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\hp\setrefresh\SetRefresh.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HostManager] c:\program files\common files\aol\1198686107\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [winupdate86.exe] c:\windows\system32\winupdate86.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: APSHook.dll
LSA: Notification Packages = SbHpNp scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\medica~1\appdata\roaming\mozilla\firefox\profiles\javw7hc6.default\
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-25 64288]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [2004-9-20 6144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-10-30 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-10-30 2521880]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\system32\drivers\ndiszapu.sys [2009-6-20 26000]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-5-8 347648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-29 34248]

=============== Created Last 30 ================

2009-12-31 16:03:18 0 d-----w- c:\program files\Trend Micro
2009-12-31 14:43:49 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 02:41:51 0 dc----w- C:\d36eaf4d68bef20749ed699a
2009-12-31 02:00:36 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-12-31 02:00:36 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-31 02:00:36 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-12-31 02:00:36 16997 ----a-w- c:\windows\system32\ANIO.VXD
2009-12-31 02:00:36 11904 ----a-w- c:\windows\system32\anio4.sys
2009-12-31 02:00:24 663552 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-31 02:00:24 57407 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-31 02:00:24 196608 ----a-w- c:\windows\system32\WlanApp.dll
2009-12-31 02:00:24 184320 ----a-w- c:\windows\system32\aIPH.dll
2009-12-31 02:00:24 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-31 02:00:24 0 d-----w- c:\program files\ANI
2009-12-30 20:36:35 0 dc----w- C:\55ca3c2950db9fa8c1f60fb8ceba
2009-12-30 20:30:48 0 d-----w- c:\users\medica~1\appdata\roaming\MalwareRemovalBot
2009-12-30 20:28:28 0 d-----w- c:\program files\MalwareRemovalBot
2009-12-30 02:28:57 0 dc----w- C:\0626a7d6b1686d3664116dc6b72f3d
2009-12-30 01:02:19 0 d-----w- c:\programdata\SiteAdvisor
2009-12-30 00:28:08 0 d-----w- c:\users\medica~1\appdata\roaming\Uniblue
2009-12-29 22:23:46 0 d-----w- c:\program files\SiteAdvisor
2009-12-29 22:19:48 0 d-----w- c:\program files\McAfee
2009-12-29 22:17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-29 22:11:06 0 d-----w- c:\programdata\McAfee
2009-12-29 21:16:25 0 d-----w- c:\users\medica~1\appdata\roaming\Tific
2009-12-29 21:15:28 0 d-----w- c:\users\medica~1\appdata\roaming\AVG8
2009-12-29 20:56:21 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-29 20:55:55 0 d-----w- c:\programdata\Norton
2009-12-29 20:51:04 0 d-----w- c:\programdata\NortonInstaller
2009-12-29 18:56:31 0 dc----w- C:\8f769eca39453ab529768da9b6f60b2d
2009-12-29 17:56:59 0 dc----w- C:\34df1b089c6347b81781d7728f
2009-12-29 17:03:50 0 dc----w- C:\d240aec59b299a30ff68c9
2009-12-29 16:08:59 0 dc----w- C:\c891f66fbd98def760
2009-12-29 15:59:40 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-29 15:59:28 0 dc----w- C:\5fa6c63c152843e01729cf3619a0e589
2009-12-29 15:18:13 0 dc----w- C:\4281221f06b1cf30841743
2009-12-29 15:15:33 0 dc----w- C:\0be319f2efcd1b5e6d3413d7
2009-12-29 13:35:48 0 dc----w- C:\b3bf961c2f57de6aacf2a473
2009-12-29 10:04:17 487 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-29 10:03:16 160 ----a-w- c:\windows\system32\srcr.dat
2009-12-14 17:23:01 0 d-----w- c:\users\medical transcriptio\Library
2009-12-14 17:22:30 0 d-----w- c:\programdata\Titanium
2009-12-14 17:22:21 0 d-----w- c:\program files\Club Penguin Money Maker
2009-12-14 17:22:01 0 d-----w- c:\users\medica~1\appdata\roaming\Titanium
2009-12-11 08:01:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 08:01:03 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 08:01:03 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2009-11-25 09:29:52 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-25 09:29:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-11 13:11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-11 13:07:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-11 13:07:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-11 13:02:41 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-11 13:02:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-11 13:02:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-04 21:54:12 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-07 12:41:32 244224 ----a-w- c:\windows\system32\rastls.dll
2009-10-07 12:41:31 281600 ----a-w- c:\windows\system32\raschap.dll
2008-10-28 22:56:35 174 --sha-w- c:\program files\desktop.ini
2008-10-28 22:46:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007122620071227\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2007-10-30 11:10:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:31:13.81 ===============
 
Per the instructions at the following post you must uninstall any and all P2P/BitTorrent/File Sharing Software prior to getting help here.

http://forums.spybot.info/showpost.php?p=218503&postcount=4


AskBar.dll (Ask Toolbar) process can be removed to free up resources without compromising system performance. http://vil.nai.com/vil/content/v_146646.htm
This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.
Click to expand...
Ben Edelman http://blogs.zdnet.com/Spyware/?p=858
I discourage users from running Ask's toolbars for two reasons. First, Ask moves the browser's Address Bar from top-left (where it is found in every browser I've ever seen) to top-right. Ask puts its own search box in the top-left. So Ask's software makes it highly likely that users will accidentally conduct searches when they intend simply to navigate to sites they request by name.

Second, Ask's toolbar leads to landing pages that are objectionable in their own right. Ask's landing pages show ten ads - ten! - above the first organic result. On a 800×600 screen, that means 2 full pages of ads, plus a little bit more after that, all before the first organic result. That's ridiculous. No user deserves that, especially since organic results are safer than sponsored links.
Click to expand...
It is advised that you uninstall this program to protect your privacy and computer security and to free up necessary resources. To uninstall the AskToolbar.
  1. Click Start > Control Panel.
  2. In Control Panel, double-click Uninstall Programs.
  3. In Add or Remove Programs, highlight Ask Toolbar , click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.
  5. Using Windows Explorer (Windows key+e), search for the Ask Toolbar folder. If the program folder is still there, select/highlight the Ask Toolbar folder. DELETE it. (File > Delete.) If Windows is not installed on the C drive, replace C:\ with the appropriate drive letter.

Please do that, run DDS again, and post the log.
 
Thanks! I'm still trying to do part #2. The computer is in safe mode running the program now, but it is just taking forever. I will follow through with the next set of instructions as soon as I can get that computer back online.

I really appreciate all of your help - thank you. BTW I'm in NE too....hope you don't get too much snow tomorrow w/the storm....
 
Don't worry too much if the GMER scan won't go. Just move ahead with uninstalling uTorrent and we'll proceed with the fix after that.

What part of NE? I'm in MA, southeastern.
 
ok thanks - I'll shut it down then and proceed to the next step.

I'm in Southern NH - I don't think we will be getting too much. Maybe just a couple of inches......
 
I *think* I got rid of everything....here you go........


DDS (Ver_09-12-01.01) - NTFSx86
Run by Medical Transcriptio at 13:11:30.83 on Fri 01/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2002.666 [GMT -5:00]

SP: MalwareRemovalBot *disabled* (Updated) {17AEFC99-0DC8-4940-90B8-08A89D9706CF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k Cognizance
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Medical Transcriptio\Downloads\dds(2).scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/web?o=14482&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [<NO NAME>]
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MSWUpdate] c:\users\medical transcriptio\appdata\roaming\lsass.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\hp\setrefresh\SetRefresh.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HostManager] c:\program files\common files\aol\1198686107\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [winupdate86.exe] c:\windows\system32\winupdate86.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: APSHook.dll
LSA: Notification Packages = SbHpNp scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\medica~1\appdata\roaming\mozilla\firefox\profiles\javw7hc6.default\
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-25 64288]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [2004-9-20 6144]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-10-30 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-10-30 2521880]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\system32\drivers\ndiszapu.sys [2009-6-20 26000]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-5-8 347648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-29 34248]

=============== Created Last 30 ================

2009-12-31 16:03:18 0 d-----w- c:\program files\Trend Micro
2009-12-31 14:43:49 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 02:41:51 0 dc----w- C:\d36eaf4d68bef20749ed699a
2009-12-31 02:00:36 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-12-31 02:00:36 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-31 02:00:36 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-12-31 02:00:36 16997 ----a-w- c:\windows\system32\ANIO.VXD
2009-12-31 02:00:36 11904 ----a-w- c:\windows\system32\anio4.sys
2009-12-31 02:00:24 663552 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-31 02:00:24 57407 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-31 02:00:24 196608 ----a-w- c:\windows\system32\WlanApp.dll
2009-12-31 02:00:24 184320 ----a-w- c:\windows\system32\aIPH.dll
2009-12-31 02:00:24 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-31 02:00:24 0 d-----w- c:\program files\ANI
2009-12-30 20:36:35 0 dc----w- C:\55ca3c2950db9fa8c1f60fb8ceba
2009-12-30 20:30:48 0 d-----w- c:\users\medica~1\appdata\roaming\MalwareRemovalBot
2009-12-30 20:28:28 0 d-----w- c:\program files\MalwareRemovalBot
2009-12-30 02:28:57 0 dc----w- C:\0626a7d6b1686d3664116dc6b72f3d
2009-12-30 01:02:19 0 d-----w- c:\programdata\SiteAdvisor
2009-12-30 00:28:08 0 d-----w- c:\users\medica~1\appdata\roaming\Uniblue
2009-12-29 22:23:46 0 d-----w- c:\program files\SiteAdvisor
2009-12-29 22:19:48 0 d-----w- c:\program files\McAfee
2009-12-29 22:17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-29 22:11:06 0 d-----w- c:\programdata\McAfee
2009-12-29 21:16:25 0 d-----w- c:\users\medica~1\appdata\roaming\Tific
2009-12-29 21:15:28 0 d-----w- c:\users\medica~1\appdata\roaming\AVG8
2009-12-29 20:56:21 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-29 20:55:55 0 d-----w- c:\programdata\Norton
2009-12-29 20:51:04 0 d-----w- c:\programdata\NortonInstaller
2009-12-29 18:56:31 0 dc----w- C:\8f769eca39453ab529768da9b6f60b2d
2009-12-29 17:56:59 0 dc----w- C:\34df1b089c6347b81781d7728f
2009-12-29 17:03:50 0 dc----w- C:\d240aec59b299a30ff68c9
2009-12-29 16:08:59 0 dc----w- C:\c891f66fbd98def760
2009-12-29 15:59:40 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-29 15:59:28 0 dc----w- C:\5fa6c63c152843e01729cf3619a0e589
2009-12-29 15:18:13 0 dc----w- C:\4281221f06b1cf30841743
2009-12-29 15:15:33 0 dc----w- C:\0be319f2efcd1b5e6d3413d7
2009-12-29 13:35:48 0 dc----w- C:\b3bf961c2f57de6aacf2a473
2009-12-29 10:04:17 873 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-29 10:03:16 199 ----a-w- c:\windows\system32\srcr.dat
2009-12-14 17:23:01 0 d-----w- c:\users\medical transcriptio\Library
2009-12-14 17:22:30 0 d-----w- c:\programdata\Titanium
2009-12-14 17:22:21 0 d-----w- c:\program files\Club Penguin Money Maker
2009-12-14 17:22:01 0 d-----w- c:\users\medica~1\appdata\roaming\Titanium
2009-12-11 08:01:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 08:01:03 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 08:01:03 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2009-11-25 09:29:52 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-25 09:29:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-11 13:11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-11 13:07:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-11 13:07:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-11 13:02:41 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-11 13:02:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-11 13:02:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-04 21:54:12 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-07 12:41:32 244224 ----a-w- c:\windows\system32\rastls.dll
2009-10-07 12:41:31 281600 ----a-w- c:\windows\system32\raschap.dll
2008-10-28 22:56:35 174 --sha-w- c:\program files\desktop.ini
2008-10-28 22:46:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007122620071227\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2007-10-30 11:10:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:14:12.68 ===============
 
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Please also post an updated HijackThis log and let me know how it's running.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
I'm having a hard time with ComboFix. One download crashes as soon as I try to run it. The second *looks* like it is trying to load (green progress bar) then it doesn't do anything......
 
Let's see if we can use another tool to clean up some of the Malware then we can try combofix again after.

Run OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
OTL.txt:

OTL logfile created on: 1/1/2010 2:29:41 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Medical Transcriptio\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.49 Gb Total Space | 14.83 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive D: | 12.05 Gb Total Space | 6.73 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
Drive E: | 1.98 Gb Total Space | 1.78 Gb Free Space | 89.77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTY-PC
Current User Name: Medical Transcriptio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/01 14:27:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Medical Transcriptio\Downloads\OTL.exe
PRC - [2009/12/23 04:30:26 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/23 04:30:25 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/18 11:10:14 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/23 02:55:40 | 00,707,704 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2009/09/04 13:16:54 | 00,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/01/21 22:48:48 | 00,222,592 | R--- | M] (Adobe Systems, Inc.) -- C:\windows\System32\Macromed\Flash\FlashUtil9h.exe
PRC - [2009/01/07 07:38:43 | 00,705,832 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\windows\explorer.exe
PRC - [2008/09/24 13:32:48 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/14 18:38:42 | 00,648,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/09/14 18:38:42 | 00,648,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/06/09 09:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/09 09:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 02:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\unsecapp.exe
PRC - [2008/01/19 02:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/08/24 19:54:12 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\windows\System32\igfxtray.exe
PRC - [2007/08/24 19:54:10 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\windows\System32\igfxsrvc.exe
PRC - [2007/08/24 19:54:08 | 00,129,560 | ---- | M] (Intel Corporation) -- C:\windows\System32\igfxpers.exe
PRC - [2007/08/24 19:54:00 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\windows\System32\hkcmd.exe
PRC - [2007/08/07 12:59:50 | 00,540,184 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/08/07 12:59:48 | 00,331,288 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe
PRC - [2007/07/09 19:03:00 | 00,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/06/07 10:38:14 | 02,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/06/07 10:38:10 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/06/07 10:38:00 | 00,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/05/25 12:16:08 | 00,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
PRC - [2007/05/23 16:04:02 | 00,677,408 | ---- | M] (Infineon Technologies AG) -- C:\windows\System32\IFXSPMGT.exe
PRC - [2007/05/23 15:37:42 | 00,853,536 | ---- | M] (Infineon Technologies AG) -- C:\windows\System32\IFXTCS.exe
PRC - [2007/05/01 20:09:24 | 01,773,568 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/04/26 07:10:10 | 01,261,568 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/04/18 21:35:38 | 00,181,792 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2007/04/18 21:32:38 | 00,140,832 | ---- | M] (Infineon Technologies AG) -- C:\windows\System32\IfxPsdSv.exe
PRC - [2007/04/18 21:30:00 | 00,550,432 | ---- | M] (Infineon Technologies AG) -- C:\windows\System32\IfxUAGUI.exe
PRC - [2007/03/21 15:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 15:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/06 20:30:00 | 00,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/02/06 01:44:24 | 00,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\System32\AEADISRV.EXE
PRC - [2007/01/09 17:52:36 | 00,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/02 21:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/12/10 21:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/12/10 21:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe


========== Modules (SafeList) ==========

MOD - [2010/01/01 14:27:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Medical Transcriptio\Downloads\OTL.exe
MOD - [2008/01/19 02:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/02/25 22:49:00 | 00,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\windows\System32\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/23 04:30:25 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/04 13:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/24 13:32:48 | 00,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/14 18:38:42 | 00,648,488 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/06/09 09:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/03/25 15:31:22 | 00,072,704 | ---- | M] (WoltersKluwerLWW) [On_Demand | Stopped] -- C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe -- (LWWLicenseService)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/08/07 12:59:50 | 00,540,184 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/07/09 19:03:00 | 00,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/06/07 10:38:14 | 02,521,880 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel(R)
SRV - [2007/06/07 10:38:10 | 00,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2007/06/07 10:38:00 | 00,109,336 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2007/05/23 16:04:02 | 00,677,408 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\windows\System32\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2007/05/23 15:37:42 | 00,853,536 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\windows\System32\IFXTCS.exe -- (IFXTCS)
SRV - [2007/04/18 21:32:38 | 00,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/03/21 15:00:04 | 00,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/06 20:30:00 | 00,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/02/06 01:44:24 | 00,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/02 21:38:02 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006/12/10 23:29:24 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/07/03 15:22:58 | 00,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/06/22 00:14:00 | 00,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?o=14482&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2009/10/17 20:52:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 11:10:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/01 03:01:01 | 00,000,000 | ---D | M]

[2009/11/13 17:17:24 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Mozilla\Extensions
[2010/01/01 13:19:02 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Mozilla\Firefox\Profiles\javw7hc6.default\extensions
[2009/11/13 17:16:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (800 bytes) - C:\windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 # LMS GENERATED LINE
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] C:\Windows\System32\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [IgfxTray] C:\windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Persistence] C:\windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [winupdate86.exe] C:\Windows\System32\winupdate86.exe File not found
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [MSWUpdate] C:\Users\Medical Transcriptio\AppData\Roaming\lsass.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O9 - Extra 'Tools' menuitem : Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/06/23 11:52:22 | 00,000,023 | ---- | M] () - C:\autohook.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/30 06:52:17 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{bae44ae9-b3f7-11dc-b508-00038a000015}\Shell\AutoRun\command - "" = I:\Setup.exe -- File not found
O33 - MountPoints2\{bae44aee-b3f7-11dc-b508-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{bae44aee-b3f7-11dc-b508-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias [2008/10/28 17:49:26 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/01 14:13:40 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/01 13:37:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/31 11:03:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/31 09:43:49 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/12/30 21:41:51 | 00,000,000 | ---D | C] -- C:\d36eaf4d68bef20749ed699a
[2009/12/30 21:00:36 | 00,048,128 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIO64.sys
[2009/12/30 21:00:36 | 00,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIOApi.dll
[2009/12/30 21:00:36 | 00,028,195 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIO.sys
[2009/12/30 21:00:36 | 00,011,904 | ---- | C] (ANI ) -- C:\Windows\System32\anio4.sys
[2009/12/30 21:00:24 | 01,327,189 | ---- | C] (Funk Software, Inc.) -- C:\Windows\System32\odSupp_M.dll
[2009/12/30 21:00:24 | 00,663,552 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIWZCS2.dll
[2009/12/30 21:00:24 | 00,196,608 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\WlanApp.dll
[2009/12/30 21:00:24 | 00,184,320 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\aIPH.dll
[2009/12/30 21:00:24 | 00,057,407 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANICtl.dll
[2009/12/30 21:00:24 | 00,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\AQCKGen.dll
[2009/12/30 21:00:24 | 00,000,000 | ---D | C] -- C:\Program Files\ANI
[2009/12/30 19:05:27 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/30 15:36:35 | 00,000,000 | ---D | C] -- C:\55ca3c2950db9fa8c1f60fb8ceba
[2009/12/30 15:30:48 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot
[2009/12/30 15:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\MalwareRemovalBot
[2009/12/29 21:28:57 | 00,000,000 | ---D | C] -- C:\0626a7d6b1686d3664116dc6b72f3d
[2009/12/29 20:02:19 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/12/29 19:28:08 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Roaming\Uniblue
[2009/12/29 17:23:46 | 00,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
[2009/12/29 17:22:56 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Local\ApplicationHistory
[2009/12/29 17:19:48 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/12/29 17:17:43 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/12/29 17:11:06 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/12/29 16:16:26 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Local\Tific
[2009/12/29 16:16:25 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Roaming\Tific
[2009/12/29 16:15:28 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Roaming\AVG8
[2009/12/29 15:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/12/29 15:55:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/12/29 15:51:04 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/12/29 13:56:31 | 00,000,000 | ---D | C] -- C:\8f769eca39453ab529768da9b6f60b2d
[2009/12/29 12:56:59 | 00,000,000 | ---D | C] -- C:\34df1b089c6347b81781d7728f
[2009/12/29 12:03:50 | 00,000,000 | ---D | C] -- C:\d240aec59b299a30ff68c9
[2009/12/29 11:08:59 | 00,000,000 | ---D | C] -- C:\c891f66fbd98def760
[2009/12/29 10:59:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/12/29 10:59:28 | 00,000,000 | ---D | C] -- C:\5fa6c63c152843e01729cf3619a0e589
[2009/12/29 10:36:10 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/12/29 10:18:13 | 00,000,000 | ---D | C] -- C:\4281221f06b1cf30841743
[2009/12/29 10:15:33 | 00,000,000 | ---D | C] -- C:\0be319f2efcd1b5e6d3413d7
[2009/12/29 08:35:48 | 00,000,000 | ---D | C] -- C:\b3bf961c2f57de6aacf2a473
[2009/12/29 08:06:34 | 00,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Medical Transcriptio\Desktop\avg_free_stb_all_9_40_cnet.exe
[2009/12/26 17:17:52 | 00,000,000 | ---D | C] -- C:\Users\Medical Transcriptio\AppData\Roaming\Leadertech
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Medical Transcriptio\Documents\*.tmp files -> C:\Users\Medical Transcriptio\Documents\*.tmp -> ]
[1 C:\Users\Medical Transcriptio\Desktop\*.tmp files -> C:\Users\Medical Transcriptio\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/01 14:31:44 | 04,194,304 | -HS- | M] () -- C:\Users\Medical Transcriptio\NTUSER.DAT
[2010/01/01 14:30:00 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED685222-1AC4-4F25-AD9D-144AAE95E65F}.job
[2010/01/01 14:30:00 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{467C3339-6B4F-4E8D-A30F-28B400872803}.job
[2010/01/01 14:30:00 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{287F291C-9DC6-46E8-97FD-FEF76861EFB0}.job
[2010/01/01 14:14:02 | 00,000,448 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C5E9871D-6D60-4EB1-9DB8-48047F733DAC}.job
[2010/01/01 13:44:34 | 00,000,202 | ---- | M] () -- C:\Windows\System32\srcr.dat
[2010/01/01 13:44:11 | 00,000,392 | ---- | M] () -- C:\Windows\tasks\ErrorFix Startup.job
[2010/01/01 13:44:11 | 00,000,352 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job
[2010/01/01 13:43:42 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/01 13:43:41 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/01 13:43:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/01 13:43:33 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/01 13:42:34 | 00,524,288 | -HS- | M] () -- C:\Users\Medical Transcriptio\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/01/01 13:42:34 | 00,065,536 | -HS- | M] () -- C:\Users\Medical Transcriptio\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/01/01 13:42:25 | 04,279,058 | -H-- | M] () -- C:\Users\Medical Transcriptio\AppData\Local\IconCache.db
[2010/01/01 13:41:04 | 00,000,973 | ---- | M] () -- C:\Users\Medical Transcriptio\Desktop\ComboFix(2) - Shortcut.lnk
[2010/01/01 02:59:59 | 00,000,574 | ---- | M] () -- C:\Windows\tasks\MalwareRemovalBot Scheduled Scan.job
[2010/01/01 00:00:00 | 00,000,374 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Christy-PC_Russell.job
[2009/12/31 19:19:11 | 00,000,873 | ---- | M] () -- C:\Windows\System32\krl32mainweq.dll
[2009/12/31 17:00:00 | 00,000,364 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/12/31 12:00:00 | 00,000,452 | ---- | M] () -- C:\Windows\tasks\ErrorFix Scan.job
[2009/12/31 11:03:18 | 00,001,912 | ---- | M] () -- C:\Users\Medical Transcriptio\Desktop\HijackThis.lnk
[2009/12/31 10:44:19 | 00,001,093 | ---- | M] () -- C:\Users\Medical Transcriptio\Desktop\Spybot - Search & Destroy.lnk
[2009/12/31 03:04:00 | 00,000,346 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2009/12/30 21:42:08 | 00,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2009/12/30 21:12:45 | 00,769,132 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/30 21:12:45 | 00,650,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/30 21:12:45 | 00,122,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/30 20:17:21 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/12/29 17:22:59 | 00,000,108 | ---- | M] () -- C:\Users\Medical Transcriptio\AppData\Local\fusioncache.dat
[2009/12/29 08:06:40 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\Users\Medical Transcriptio\Desktop\avg_free_stb_all_9_40_cnet.exe
[2009/12/29 05:02:38 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2009/12/28 04:20:19 | 00,139,776 | ---- | M] () -- C:\Users\Medical Transcriptio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/24 06:47:29 | 02,077,184 | ---- | M] () -- C:\Users\Medical Transcriptio\Documents\Carmel labels.doc
[2009/12/23 12:29:59 | 00,158,720 | ---- | M] () -- C:\Users\Medical Transcriptio\Documents\Cocoa labels.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Medical Transcriptio\Documents\*.tmp files -> C:\Users\Medical Transcriptio\Documents\*.tmp -> ]
[1 C:\Users\Medical Transcriptio\Desktop\*.tmp files -> C:\Users\Medical Transcriptio\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/01 13:41:04 | 00,000,973 | ---- | C] () -- C:\Users\Medical Transcriptio\Desktop\ComboFix(2) - Shortcut.lnk
[2009/12/31 11:03:18 | 00,001,912 | ---- | C] () -- C:\Users\Medical Transcriptio\Desktop\HijackThis.lnk
[2009/12/31 10:44:19 | 00,001,093 | ---- | C] () -- C:\Users\Medical Transcriptio\Desktop\Spybot - Search & Destroy.lnk
[2009/12/30 21:42:08 | 00,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2009/12/30 21:00:36 | 00,016,997 | ---- | C] () -- C:\Windows\System32\ANIO.VXD
[2009/12/30 21:00:24 | 00,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2009/12/30 15:30:48 | 00,000,574 | ---- | C] () -- C:\Windows\tasks\MalwareRemovalBot Scheduled Scan.job
[2009/12/29 18:11:14 | 00,000,364 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/12/29 18:11:14 | 00,000,352 | ---- | C] () -- C:\Windows\tasks\RegCure Startup.job
[2009/12/29 18:11:13 | 00,000,346 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2009/12/29 17:22:59 | 00,000,108 | ---- | C] () -- C:\Users\Medical Transcriptio\AppData\Local\fusioncache.dat
[2009/12/29 05:04:17 | 00,000,873 | ---- | C] () -- C:\Windows\System32\krl32mainweq.dll
[2009/12/29 05:03:16 | 00,000,202 | ---- | C] () -- C:\Windows\System32\srcr.dat
[2009/12/29 05:02:38 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/12/24 06:47:26 | 02,077,184 | ---- | C] () -- C:\Users\Medical Transcriptio\Documents\Carmel labels.doc
[2009/12/23 12:29:58 | 00,158,720 | ---- | C] () -- C:\Users\Medical Transcriptio\Documents\Cocoa labels.doc
[2009/11/18 18:03:53 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/28 14:30:38 | 01,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/03/23 11:48:39 | 00,000,174 | ---- | C] () -- C:\Users\Medical Transcriptio\AppData\Roaming\default.rss
[2008/12/20 11:11:29 | 00,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/12/20 10:20:21 | 00,000,084 | ---- | C] () -- C:\Windows\csact.ini
[2008/12/19 18:44:32 | 00,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2008/05/21 19:36:37 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/05/19 16:58:58 | 00,028,915 | ---- | C] () -- C:\Users\Medical Transcriptio\AppData\Roaming\UserTile.png
[2008/04/01 10:09:12 | 00,000,680 | ---- | C] () -- C:\Users\Medical Transcriptio\AppData\Local\d3d9caps.dat
[2008/03/30 14:22:14 | 00,139,776 | ---- | C] () -- C:\Users\Medical Transcriptio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/01/16 11:58:29 | 00,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008/01/16 11:58:28 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007/12/26 11:30:00 | 00,003,887 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/10/30 06:35:57 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/10/30 06:35:57 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/10/30 06:35:57 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/10/30 06:35:57 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/10/30 06:35:57 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/10/30 06:35:57 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/10/18 09:12:20 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/18 09:03:58 | 01,838,408 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2007/10/18 09:03:58 | 01,399,880 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/10/18 09:03:58 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/24 19:46:48 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/24 19:38:54 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/06/13 19:53:28 | 00,101,167 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2007/05/31 06:14:00 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/05/31 05:01:22 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1998/05/06 21:10:00 | 00,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2008/07/14 13:51:23 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\ArcticLine
[2009/12/30 20:52:13 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\CyberScrub
[2009/02/28 08:36:42 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix
[2009/05/02 20:21:23 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Friday's games
[2008/03/24 11:06:12 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Infineon
[2008/05/30 15:24:47 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\InterVideo
[2009/12/26 17:17:52 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Leadertech
[2008/06/30 12:30:19 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\LockLizard
[2009/12/30 17:10:05 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot
[2008/04/29 17:55:46 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\NCH Swift Sound
[2008/05/12 18:25:09 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Participatory Culture Foundation
[2008/05/12 18:34:23 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\PCF-VLC
[2008/05/19 16:58:58 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\PeerNetworking
[2008/05/16 19:38:02 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\SampleView
[2009/12/29 16:16:25 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Tific
[2009/12/14 12:22:01 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Titanium
[2009/12/29 19:28:08 | 00,000,000 | ---D | M] -- C:\Users\Medical Transcriptio\AppData\Roaming\Uniblue
[2009/12/31 12:00:00 | 00,000,452 | ---- | M] () -- C:\windows\Tasks\ErrorFix Scan.job
[2010/01/01 13:44:11 | 00,000,392 | ---- | M] () -- C:\windows\Tasks\ErrorFix Startup.job
[2010/01/01 02:59:59 | 00,000,574 | ---- | M] () -- C:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
[2009/12/31 17:00:00 | 00,000,364 | ---- | M] () -- C:\windows\Tasks\RegCure Program Check.job
[2010/01/01 13:44:11 | 00,000,352 | ---- | M] () -- C:\windows\Tasks\RegCure Startup.job
[2009/12/31 03:04:00 | 00,000,346 | ---- | M] () -- C:\windows\Tasks\RegCure.job
[2010/01/01 13:42:38 | 00,032,618 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2010/01/01 14:30:00 | 00,000,416 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{287F291C-9DC6-46E8-97FD-FEF76861EFB0}.job
[2010/01/01 14:30:00 | 00,000,422 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{467C3339-6B4F-4E8D-A30F-28B400872803}.job
[2010/01/01 14:14:02 | 00,000,448 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{C5E9871D-6D60-4EB1-9DB8-48047F733DAC}.job
[2010/01/01 14:30:00 | 00,000,422 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{ED685222-1AC4-4F25-AD9D-144AAE95E65F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/12 15:32:25 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2008/01/12 15:32:25 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\windows\System32\drivers\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/12 15:32:25 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/03/21 14:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/03/21 07:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\swsetup\Drivers\MSD\RAID\Intel\ICH9\IaStor.sys
[2007/03/21 07:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\windows\System32\drivers\iaStor.sys
[2007/03/21 07:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2007/03/21 14:59:30 | 00,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\windows\System32\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:F59BA980
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:05D195EC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B4AF47A7
< End of report >
 
OTL Extras logfile created on: 1/1/2010 2:29:41 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Medical Transcriptio\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.49 Gb Total Space | 14.83 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive D: | 12.05 Gb Total Space | 6.73 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
Drive E: | 1.98 Gb Total Space | 1.78 Gb Free Space | 89.77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTY-PC
Current User Name: Medical Transcriptio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB1E922-F4B0-480E-8720-C27517D0294F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{348278FF-99F4-48AD-BEA0-E0C3CAA7E9AA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{49A06CEE-B538-4282-9F99-65BD66AC12B0}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{533F4BED-F47B-4675-B217-35F89EE178DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B6C7B26-38C0-4EF7-82EB-BE8CEAD3A622}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{5DC8ED4F-377F-4AEF-9E17-C0D6D4534CCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F70A375-3630-4D1B-9CDC-983F38EB0B98}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68EB48DC-2456-438C-8F76-4EA51F2C240E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7EEAD12F-370C-4081-80EA-1BE0A426034B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDAF10BA-DF47-4A25-939D-3503C9D5F747}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C448D6DC-BF0C-40FA-8B88-91A4EE6D25BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB66F24E-52E2-4E83-9B70-36D3161747C0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E51662BF-A0FA-40AD-9BBA-65C997F216DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F35CA1C7-E347-4766-82DD-25F6C4B39136}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FEB2BF8E-6442-485B-B7C2-D4DD69F1E38F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0156CD0E-9E02-4550-8F22-6165CCBB8428}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{02D2C5F2-8AB1-4D0B-A1D8-559A92B9F475}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{0A285135-EBE5-4E61-8DCB-B88B821134A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11D5ED47-DE2A-428F-B21E-839E1417CD5B}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmapp.exe |
"{141262CC-8CB2-466F-8ECC-8C709B67C78A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{29023DBD-7659-4B59-9AB4-C987F8DD2C15}" = protocol=6 | dir=out | app=system |
"{2CDCFF4F-3D23-471E-9EB3-DF60B4CE24E4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{2DFFABE4-77AF-4C88-B723-8848CE934B14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35802633-5850-4A6E-8E91-6F6F5382D5E4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3EF5830A-2F35-4874-8A03-ABE85E586E31}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{530DE124-4BB6-474F-B8A9-85517BCD6536}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1198686107\ee\aolsoftware.exe |
"{53453F01-2A81-44A8-9406-2C92358182AB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1198686107\ee\aolsoftware.exe |
"{5E41B9FC-B7F2-48F9-A00F-9AEDF0450EC6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{616C5807-7959-4B3A-8C90-349A3EDC322C}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{61993283-B497-4AD1-ADDF-EB248457BD27}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{62C83358-9BB9-4E11-97DF-8970D59BFF99}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{6C28B361-3B61-4D6B-8DA0-E24E3036BEE9}" = protocol=6 | dir=out | app=system |
"{6D036330-6643-40AF-B665-2652E0A1D610}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6E66E9F7-9F8F-4439-BE4F-667A391873DC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6E69A1CB-D0D9-4A3F-93D4-1F0E2CBFD31B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{7065B784-D1C7-4B62-ABE0-512D619E31DC}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{7A27B9B8-85EB-432F-AE58-0105679F58C4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{89F971EF-4E37-4F1C-81C5-432F5F5C981F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E4B0B7A-97FF-449C-8584-68F956E13F1B}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{92BCC00A-2A46-4E01-8342-56730C20CC7D}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{93508874-8B48-4DBC-8864-46FDAA788D12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D9C16FC-79CA-4E33-AA09-D031CB02DC47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A191B507-B45F-4A27-8543-207B0B619FF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A2DEC7BE-8A97-401C-8405-83739E8D1CC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A34D7E37-55BF-43E9-A669-0FCF1D32CF27}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A35F9037-BEF2-4E2E-B010-1E7C28592FBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAFAA501-F3C9-4AC9-B517-23FC031E1C18}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{B02A473B-54CD-4857-9D21-C9CDDFEA067E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B17507A1-ADD1-4644-96D3-1645AAD4771F}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{B41D98EE-755E-4AA7-98E2-A8F6539D2447}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B4DFF210-C92D-4826-99CB-F18FD84C382C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{C53C5407-4BCD-4357-BDB0-960193C6CE71}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C624126B-2D69-46EA-A0DD-8AFF2131FDDF}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmapp.exe |
"{E11D420D-A29C-402E-B3C6-55E0C89A168C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E5FF7EC2-6D6D-4727-8A2C-B8084373FAB5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E8988E5E-A1F3-4984-A9A1-C7F77BD04164}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6DA0374-A36E-4AF1-8B4E-A3013DD7A8A2}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{F813AE5F-6BEE-4626-831F-1F7ED7BD4351}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{F920459C-5DD3-4C13-9428-780AACB15D62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD98328D-33D7-4946-A6E5-C1C85BDA53F1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{0D5882AB-41B7-472F-80BE-E8CBA8E7B3F3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2540D378-F249-4AA5-BDDA-1A7821C2A876}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{90C6F8C0-C84B-4263-8AD0-E8BCE1B1BD37}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{A3554BE4-4C78-4040-9CE9-44908690306D}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{AD5C1B61-8421-4B33-AC1F-71899EC0505D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{B3BE6535-6BCB-4CA3-A3D9-F8CCA89B92B8}C:\program files\zapu\zapu accelerator\webseed_dl.exe" = protocol=6 | dir=in | app=c:\program files\zapu\zapu accelerator\webseed_dl.exe |
"TCP Query User{BAC9A91A-9542-4255-8BB5-21D58FDE112E}C:\program files\zapu\zapu accelerator\wdivi.exe" = protocol=6 | dir=in | app=c:\program files\zapu\zapu accelerator\wdivi.exe |
"TCP Query User{C2EC5093-E7B9-43C4-A203-9B6A82EAD0E7}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{D566E1FD-E5AB-4C2B-8B6C-4C2A49983AB8}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{E299E0B6-D858-45CC-9B39-5CF89E8DECAA}C:\program files\windows media components\encoder\wmenc.exe" = protocol=6 | dir=in | app=c:\program files\windows media components\encoder\wmenc.exe |
"UDP Query User{2C517A6A-E168-4EC9-A93B-3FB3CE717A9B}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{7E36F5D2-B352-499F-BE9E-CF1BF5B212D8}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{91335E6E-5E1F-4A10-B73E-D13B650BDAD9}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{936B51F2-A5D2-453A-9241-BB8369B7C7A6}C:\program files\zapu\zapu accelerator\webseed_dl.exe" = protocol=17 | dir=in | app=c:\program files\zapu\zapu accelerator\webseed_dl.exe |
"UDP Query User{B7F8C825-6D3B-4375-8831-155ADFA44870}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C4079358-967E-408E-8B08-8D0EEFE5E2D1}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{CAB28921-5A67-4A79-A3CF-6A19414C3639}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{CEAC6E35-4E59-4F44-9EFB-1F02838EDD47}C:\program files\windows media components\encoder\wmenc.exe" = protocol=17 | dir=in | app=c:\program files\windows media components\encoder\wmenc.exe |
"UDP Query User{E56651E3-C2DA-46CB-821B-18EBF658EC1F}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{FD988102-3070-4B6A-8073-871D2F0652F6}C:\program files\zapu\zapu accelerator\wdivi.exe" = protocol=17 | dir=in | app=c:\program files\zapu\zapu accelerator\wdivi.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}" = EverNote
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1C8646E4-DC54-4E6D-95EA-C3524B09223E}" = Ready Reference Bookshelf
"{240556C4-80D1-465F-81D8-E0B9D108548A}" = 5300_5400_Help
"{2AD74810-E122-4D37-9CE8-EC4BF9A065CC}" = Drive Encryption for HP ProtectTools
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}" = BIOS Configuration for HP ProtectTools
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE7A046-E66F-49B8-93C9-21378D9B0F24}" = Cisco Network Magic
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.14.1
"{77B3331C-1644-4C9E-9F1C-7D2A5517102E}" = BPDSoftware_Ini_CCR_Vista
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7AA60EDE-3CF6-4F15-9F69-37E415620E3B}" = Pinnacle Mobile Media Converter
"{7ABD82AD-E13E-4673-A450-0890D43C8F9D}" = MPM
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7EB6E297-9F68-449B-BE88-48B1AE275CF0}" = Natalie Brooks: The Treasures of the Lost Kingdom
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{84BBFA13-C40E-4287-85EF-E8B1034451AA}" = Windows Media Encoder 9 Series SDK
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89D3EF5A-C9F4-44D1-B4F7-1B99D5D4F2D0}" = PH Science Explorer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B1F92C4-4358-4B76-8631-0A768A34F0A1}" = Quick Look Electronic Drug Reference 2007
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD277ED4-7E41-4074-911D-D34AF41B9D49}" = HP Officejet Pro K5300/5400 Series
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B40DCEFF-9B7B-4c36-B4FA-6CE7EABFB4B8}" = K5400
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D49EE5B7-1AEB-49C9-B77D-4AEE7249F505}" = BPD_HPSU
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{e6376152-2c26-404c-a704-64cdf3600738}" = Nero 9
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CF6B5-8594-4D3A-B96F-30FD3BC1AAA5}" = Embedded Security for HP ProtectTools
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FA0CE30A-B8EF-4b6b-85BF-D2B2C354A32C}" = ProductContext
"{FB5CB59C-D4F6-4303-A414-83D533EE773B}" = Pure Networks Platform
"{FBA70FCC-BD23-4120-BA30-3E0DDF66AE82}" = 5300_5400_Readme
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Beginning Medical Transcription 2nd edition_is1" = Beginning Medical Transcription Version 2nd edition version 1.1
"Beginning Medical Transcription_is1" = Beginning Medical Transcription Version 2.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"DVDx_is1" = DVDx
"Fiddler2" = Fiddler2
"Free Realms Installer" = Free Realms Installer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"ImTOO MOV Converter" = ImTOO MOV Converter
"Lizard Safeguard - PDF Viewer_is1" = Lizard Safeguard - PDF Viewer 2.5.50
"MediaCoder" = MediaCoder 0.6.0
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MostFun.com Games - Natalie Brooks: The Treasures of the Lost Kingdom" = MostFun.com Games - Natalie Brooks: The Treasures of the Lost Kingdom (remove only)
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Network MagicUninstall" = Network Magic
"PDF Complete" = PDF Complete
"PROHYBRIDR" = 2007 Microsoft Office system
"PROR" = Microsoft Office Professional 2007
"PROSetDX" = Intel(R) PRO Network Connections 12.1.14.1
"Rosetta Stone 2.1.5.1A" = Rosetta Stone 2.1.5.1A
"SoundTap" = SoundTap
"Super Collapse! II" = Super Collapse! II
"The AAMT Book of Style Electronic 2E" = The AAMT Book of Style Electronic 2E 1.0
"ToolBox" = NCH Toolbox Uninstall
"Uninstaller_B4D93000_Quick Look Electronic Drug Reference 2007" = Quick Look Electronic Drug Reference 2007 (Shared Components)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Again, sorry for the delay. Not sure why I didn't get any email notifications. Will check on that.

I'm thinking we have a pretty nasty rootkit running here. Let's try this next step.

Remove/delete any versions of combofix you had downloaded and download a fresh copy, following the instructions given to rename it first before downloading.

Please read through the instructions to familiarize yourself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
    -Tools->Options->Main tab
    -Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif


CF_download_rename.gif


  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.Close all other windows/browser first.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do Not run combofix more than once. If you have problems please post back for further instructions.
3.CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.
 
Thanks for getting back to me. :) I appreciate the help!

So, I ran Combo-fix and it seemed to find several things. It said that it fixed them and ran *almost* to the end of the program. BUT when the time came to compile the log the computer rebooted itself.

The good news is when I tried to rerun combo-fix spy bot popped up with a warning window. SpyBot hasn't been able to run up until now........

Not sure on what to do next.......
 
Status
Not open for further replies.
Back
Top