Malware Infection

[DaReelDeel]

My Spybot S&D is showing that I have been infected with Win32.agent.ieu

Here is the DDS log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Darlin at 13:40:46.40 on 12/07/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1478 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Eropea.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Darlin\Downloads\dds.scr
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uSearch Page =
uSearch Bar =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\darlin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [pacqwen] rundll32 "c:\users\darlin\appdata\roaming\nb-NOM.dll",UDPNTWWWQJ
uRun: [JDK5SWFMZY] c:\users\darlin\appdata\local\temp\Ez1.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PopRock] c:\users\darlin\appdata\local\temp\a.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [RogersServicepointAgent.exe] "c:\program files\rogers online protection\rogers servicepoint agent\RogersServicepointAgent.exe" /AUTORUN
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
StartupFolder: c:\users\darlin\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\darlin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\darlin\appdata\roaming\microsoft\windows\start menu\programs\startup\wwwxbv32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files\xmlbar\youku downloader\YoukuDownloader(xmlbar).exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\rogers online protection\rogers servicepoint agent\nprpspa.dll
FF - plugin: c:\users\darlin\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-11 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-11 193840]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca2cdcaf95cfe9;Google Update Service (gupdate1ca2cdcaf95cfe9);c:\program files\google\update\GoogleUpdate.exe [2009-9-3 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-07-12 16:25:33 0 d-----w- c:\program files\Safer Networking
2010-07-12 13:25:28 8 ----a-w- c:\users\darlin\appdata\roaming\vdnxlf.dat
2010-07-12 13:25:24 4 ----a-w- c:\users\darlin\appdata\roaming\avdrn.dat
2010-07-12 03:08:05 255227926 ----a-w- c:\windows\MEMORY.DMP
2010-07-12 01:05:43 0 d-----w- c:\program files\CCleaner
2010-07-11 23:58:21 0 d-----w- c:\program files\Microsoft Security Essentials
2010-07-11 23:54:59 0 d-----w- c:\program files\TweetDeck
2010-07-11 21:46:31 88 ----a-w- c:\windows\wininit.ini
2010-07-11 21:16:36 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-11 21:16:36 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-11 20:03:40 206336 ----a-w- c:\windows\Eropea.exe
2010-07-11 18:14:26 0 d-sh--w- c:\programdata\SMACCEEAV
2010-07-10 03:20:48 88576 --sha-r- c:\users\darlin\appdata\roaming\nb-NOM.dll
2010-07-01 03:07:30 0 d-----w- c:\users\darlin\dwhelper
2010-06-23 16:25:13 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 16:25:13 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 16:25:13 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 16:25:13 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 16:25:13 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-22 23:32:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 23:32:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-20 19:29:53 0 d-----w- c:\program files\iPod
2010-06-20 19:29:48 0 d-----w- c:\program files\iTunes
2010-06-20 19:24:01 0 d-----w- c:\program files\Bonjour
2010-06-14 17:32:43 0 d-----w- c:\programdata\LightScribe

==================== Find3M ====================

2010-07-12 17:29:44 31966 ----a-w- c:\programdata\nvModes.dat
2010-06-25 15:20:20 62236 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-25 15:20:20 19286 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-20 19:25:57 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-20 19:25:57 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-20 19:25:56 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 19:15:20 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 02:15:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-28 14:25:59 97420 ----a-w- c:\windows\fonts\leelawdb.ttf
2010-04-27 21:28:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2008-08-11 10:55:35 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2008-08-11 10:55:35 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2008-08-11 10:55:35 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2008-08-11 10:55:35 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-10 23:05:08 59232800 --sha-w- c:\windows\system32\drivers\fidbox.dat
2008-08-11 10:58:25 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:42:56.27 ===============

[ken545]

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

You do have some issue going on , the infections you picked up are most likely from using programs like Limewire Read this please
http://forums.spybot.info/showthread.php?t=282

Its advisable to remove Limewire via Programs and Features in the Control Panel.





Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

[DaReelDeel]

Thank you for helping me. I uninstalled Limewire. I ran combofix. I have attached the requested ComboFix.txt file. Hope to hear from you soon.

ComboFix 10-07-16.01 - Darlin 17/07/2010 20:53:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1866 [GMT -4:00]
Running from: c:\users\Darlin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Bhing or J.A\.COMMgr
c:\users\Darlin\AppData\Local\{108057BE-9388-4000-ABFC-367BF24447FD}
c:\users\Darlin\AppData\Local\{108057BE-9388-4000-ABFC-367BF24447FD}\chrome.manifest
c:\users\Darlin\AppData\Local\{108057BE-9388-4000-ABFC-367BF24447FD}\chrome\content\_cfg.js
c:\users\Darlin\AppData\Local\{108057BE-9388-4000-ABFC-367BF24447FD}\chrome\content\overlay.xul
c:\users\Darlin\AppData\Local\{108057BE-9388-4000-ABFC-367BF24447FD}\install.rdf
c:\users\Darlin\AppData\Roaming\avdrn.dat
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\FS.dll
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\FS.drv
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\SM.tmp
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwwxbv32.exe
c:\windows\system32\system

.
((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-18 01:04 . 2010-07-18 01:04 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-07-18 01:04 . 2010-07-18 01:04 -------- d-----w- c:\users\TEMP.Darlin-PC\AppData\Local\temp
2010-07-18 01:04 . 2010-07-18 01:04 -------- d-----w- c:\users\TEMP.Darlin-PC.000\AppData\Local\temp
2010-07-18 01:04 . 2010-07-18 01:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-18 01:04 . 2010-07-18 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-18 01:04 . 2010-07-18 01:04 -------- d-----w- c:\users\Bhing or J.A\AppData\Local\temp
2010-07-12 16:25 . 2010-07-12 16:25 -------- d-----w- c:\program files\Safer Networking
2010-07-12 13:25 . 2010-07-12 13:25 -------- d-----w- c:\windows\Sun
2010-07-12 01:05 . 2010-07-12 01:05 -------- d-----w- c:\program files\CCleaner
2010-07-11 23:54 . 2010-07-11 23:54 -------- d-----w- c:\program files\TweetDeck
2010-07-11 21:16 . 2010-07-12 01:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-11 21:16 . 2010-07-11 21:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-11 18:14 . 2010-07-11 18:14 -------- d-sh--w- c:\programdata\SMACCEEAV
2010-07-10 03:20 . 2010-07-10 03:20 88576 --sha-r- c:\users\Darlin\AppData\Roaming\nb-NOM.dll
2010-07-01 03:07 . 2010-07-01 03:07 -------- d-----w- c:\users\Darlin\dwhelper
2010-06-29 20:36 . 2010-06-14 16:08 103424 ----a-w- c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-06-29 20:36 . 2010-06-14 16:08 4687872 ----a-w- c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-06-29 20:36 . 2010-06-14 16:08 545280 ----a-w- c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-06-29 20:36 . 2010-06-14 16:08 4687360 ----a-w- c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-06-29 20:36 . 2010-06-14 16:08 425984 ----a-w- c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-06-29 20:36 . 2010-06-14 16:08 152064 ----a-w- c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-06-29 20:36 . 2010-06-14 16:08 57856 ----a-w- c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-06-23 16:25 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 16:25 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 16:25 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 16:25 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 16:25 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-22 23:32 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-22 23:32 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-20 19:29 . 2010-06-20 19:29 -------- d-----w- c:\program files\iPod
2010-06-20 19:29 . 2010-06-20 19:31 -------- d-----w- c:\program files\iTunes
2010-06-20 19:24 . 2010-06-20 19:24 -------- d-----w- c:\program files\Bonjour
2010-06-20 19:20 . 2010-06-20 19:20 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 00:48 . 2009-08-21 23:44 -------- d-----w- c:\users\Darlin\AppData\Roaming\LimeWire
2010-07-18 00:44 . 2009-08-21 23:40 -------- d-----w- c:\program files\LimeWire
2010-07-18 00:38 . 2009-09-05 23:39 48670 ----a-w- c:\programdata\nvModes.dat
2010-07-18 00:36 . 2008-08-11 12:18 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-15 14:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-14 02:07 . 2009-08-14 18:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-12 13:25 . 2010-07-12 13:25 8 ----a-w- c:\users\Darlin\AppData\Roaming\vdnxlf.dat
2010-07-12 02:07 . 2009-08-24 20:51 1356 ----a-w- c:\users\Darlin\AppData\Local\d3d9caps.dat
2010-07-11 17:54 . 2009-12-30 23:37 -------- d-----w- c:\users\Darlin\AppData\Roaming\vlc
2010-06-25 15:20 . 2008-08-11 10:56 62236 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-25 15:20 . 2008-08-11 10:56 19286 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-25 15:15 . 2009-08-24 21:08 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 17:56 . 2009-08-22 01:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-20 19:29 . 2009-08-21 23:38 -------- d-----w- c:\program files\Common Files\Apple
2010-06-14 17:32 . 2010-06-14 17:32 -------- d-----w- c:\programdata\LightScribe
2010-06-11 17:22 . 2009-08-14 18:59 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 21:01 . 2009-08-21 22:23 77944 ----a-w- c:\users\Darlin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-08 17:24 . 2009-08-21 23:45 -------- d-----w- c:\users\Darlin\AppData\Roaming\Apple Computer
2010-06-08 17:24 . 2009-08-21 23:38 -------- d-----w- c:\programdata\Apple
2010-06-08 15:10 . 2009-12-02 20:45 -------- d-----w- c:\programdata\Norton
2010-06-05 17:27 . 2010-02-15 18:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 22:46 . 2010-06-02 22:28 -------- d-----w- c:\users\Darlin\AppData\Roaming\BitComet
2010-06-01 17:37 . 2009-10-03 03:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-10 18:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 18:58 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-16 01:16 . 2010-05-16 01:16 101376 ----a-w- c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
2010-05-16 01:16 . 2010-05-16 01:16 52224 ----a-w- c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-05-04 19:15 . 2010-06-10 18:58 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-10 18:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-10 18:57 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 02:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-23 14:13 . 2010-05-25 23:39 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-10 23:05 . 2009-10-03 04:02 59232800 --sha-w- c:\windows\System32\drivers\fidbox.dat
2008-08-11 10:58 . 2008-08-11 10:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"Google Update"="c:\users\Darlin\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-21 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"pacqwen"="c:\users\Darlin\AppData\Roaming\nb-NOM.dll" [2010-07-10 88576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-05 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Darlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2f,48,75,21,55,e6,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca2cdcaf95cfe9;Google Update Service (gupdate1ca2cdcaf95cfe9);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-03 21:21]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 21:22]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 21:22]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1042238982-2704989617-889929576-1000Core.job
- c:\users\Darlin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-21 23:27]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1042238982-2704989617-889929576-1000UA.job
- c:\users\Darlin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-21 23:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files\Xmlbar\Youku Downloader\YoukuDownloader(xmlbar).exe
FF - ProfilePath - c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll
FF - plugin: c:\users\Darlin\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
HKLM-Run-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 21:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe??es ???????owser Search\uninstalSGPU.exe??r????????m??_????????6??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-17 21:09:19
ComboFix-quarantined-files.txt 2010-07-18 01:09

Pre-Run: 140,048,392,192 bytes free
Post-Run: 139,231,453,184 bytes free

- - End Of File - - C82E3F144D9A2D17DDCE6BB5455E7A83

[ken545]

Hi,

Please just copy and paste the reports into this thread , its easier for me to see and analyze.

CF logs are quite intense, just looking it over quickly it looks fairly good, what I would like you to do is to run both these programs and post the log for Malwarebytes, then reboot and run DDS and post a new DDS log please

Remember with Vista you may have to right click the program and select RUN AS ADMINISTRATOR


Please download ATF Cleaner by Atribune to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.




Please download Malwarebytes from Here or Here

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

[DaReelDeel]

I ran ATF Cleaner and the Malwarebytes' scan. Here is the log.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

18/07/2010 12:56:17 PM
mbam-log-2010-07-18 (12-56-17).txt

Scan type: Quick scan
Objects scanned: 161010
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\00412209 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

_________________________________________________________________

Here is the new DDS log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Darlin at 13:10:18.48 on 18/07/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1579 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Darlin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Darlin\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\darlin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [pacqwen] rundll32 "c:\users\darlin\appdata\roaming\nb-NOM.dll",UDPNTWWWQJ
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [JDK5SWFMZY] c:\users\darlin\appdata\local\temp\Ez1.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RogersServicepointAgent.exe] "c:\program files\rogers online protection\rogers servicepoint agent\RogersServicepointAgent.exe" /AUTORUN
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
StartupFolder: c:\users\darlin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files\xmlbar\youku downloader\YoukuDownloader(xmlbar).exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\rogers online protection\rogers servicepoint agent\nprpspa.dll
FF - plugin: c:\users\darlin\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\darlin\appdata\roaming\mozilla\firefox\profiles\15fd17a9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-11 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-11 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca2cdcaf95cfe9;Google Update Service (gupdate1ca2cdcaf95cfe9);c:\program files\google\update\GoogleUpdate.exe [2009-9-3 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-07-18 16:48:42 0 d-----w- c:\users\darlin\appdata\roaming\Malwarebytes
2010-07-18 16:48:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-18 16:48:31 0 d-----w- c:\programdata\Malwarebytes
2010-07-18 16:48:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 16:48:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 01:09:24 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-18 00:50:15 98816 ----a-w- c:\windows\sed.exe
2010-07-18 00:50:15 77312 ----a-w- c:\windows\MBR.exe
2010-07-18 00:50:15 256512 ----a-w- c:\windows\PEV.exe
2010-07-18 00:50:15 161792 ----a-w- c:\windows\SWREG.exe
2010-07-18 00:50:07 0 d-----w- C:\ComboFix
2010-07-12 16:25:33 0 d-----w- c:\program files\Safer Networking
2010-07-12 13:25:28 8 ----a-w- c:\users\darlin\appdata\roaming\vdnxlf.dat
2010-07-12 03:08:05 255227926 ----a-w- c:\windows\MEMORY.DMP
2010-07-12 01:05:43 0 d-----w- c:\program files\CCleaner
2010-07-11 23:54:59 0 d-----w- c:\program files\TweetDeck
2010-07-11 21:46:31 88 ----a-w- c:\windows\wininit.ini
2010-07-11 21:16:36 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-11 21:16:36 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-11 18:14:26 0 d-sh--w- c:\programdata\SMACCEEAV
2010-07-10 03:20:48 88576 --sha-r- c:\users\darlin\appdata\roaming\nb-NOM.dll
2010-07-01 03:07:30 0 d-----w- c:\users\darlin\dwhelper
2010-06-23 16:25:13 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 16:25:13 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 16:25:13 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 16:25:13 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 16:25:13 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-22 23:32:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 23:32:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-20 19:29:53 0 d-----w- c:\program files\iPod
2010-06-20 19:29:48 0 d-----w- c:\program files\iTunes
2010-06-20 19:24:01 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-07-18 17:02:42 48670 ----a-w- c:\programdata\nvModes.dat
2010-06-25 15:20:20 62236 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-25 15:20:20 19286 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-20 19:25:57 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-20 19:25:57 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-20 19:25:56 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 19:15:20 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 02:15:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-28 14:25:59 97420 ----a-w- c:\windows\fonts\leelawdb.ttf
2010-04-27 21:28:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2008-08-11 10:55:35 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2008-08-11 10:55:35 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2008-08-11 10:55:35 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2008-08-11 10:55:35 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-10 23:05:08 59232800 --sha-w- c:\windows\system32\drivers\fidbox.dat
2008-08-11 10:58:25 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:12:01.78 ===============

Thanks again for your help. Hope to hear from you soon.

[ken545]

Hello,

You still have some things going on, lets do this, make sure you follow the instructions in the picture to check and uncheck whats shown

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[DaReelDeel]

Hi! I had a problem with the GMER Rookit Scanner. I unzipped gmer.exe to my desktop and started the scan. The scan stops and an error message popped up. I tried again, and then my laptop shut down.

[ken545]

OK, GMER sometimes acts differently on some systems,

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scan box paste this in
  
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

[DaReelDeel]

Hi again! I ran OTL and only one .txt file popped up. Here is the OTL.txt log, but I couldn't find the Extras.txt file.


OTL logfile created on: 19/07/2010 1:07:16 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Darlin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.54 Gb Total Space | 130.92 Gb Free Space | 58.57% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.70 Gb Free Space | 18.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARLIN-PC
Current User Name: Darlin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Darlin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\SMINST\BLService.exe ()
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Darlin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe ()
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (RPSKT) Security Services Driver (x86) -- C:\Windows\System32\DRIVERS\rp_skt32.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Darlin\AppData\Local\Temp\catchme.sys File not found
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTSTOR) -- C:\WINDOWS\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\WINDOWS\System32\drivers\LV561AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Labtec Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...esario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/11 16:51:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/09 19:03:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/09 19:03:01 | 000,000,000 | ---D | M]

[2010/03/17 16:27:38 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Extensions
[2009/08/21 19:44:39 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/09 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions
[2010/06/16 15:38:47 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/04/27 17:10:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/18 20:51:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/03/18 20:51:56 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/05/25 20:18:05 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/03/28 14:09:55 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010/03/18 21:34:21 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/03/18 21:01:38 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/06/08 11:09:24 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/04/19 12:34:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/30 22:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/05/10 10:13:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/18 21:34:21 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2010/06/02 19:11:22 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/12 10:07:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/15 21:16:08 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/03/18 20:51:55 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/06/29 16:37:12 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/04/15 10:12:43 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\FirefoxAddon@similarWeb.com
[2010/03/18 21:39:06 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\googletube@googletube.com
[2010/03/18 20:51:55 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\illimitux@illimitux.net
[2010/04/12 10:07:29 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\isreaditlater@ideashower.com
[2010/04/14 10:14:52 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\personas@christopher.beard
[2010/06/29 16:36:48 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\piclens@cooliris.com
[2010/06/29 16:36:48 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\piclens@cooliris.com-trash
[2010/03/18 21:01:33 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\SkipScreen@SkipScreen
[2010/06/16 15:38:34 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\smarterwiki@wikiatic.com
[2010/07/04 17:21:46 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\unplug@compunach
[2010/06/16 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\videosurf_enhanced@videosurf.com
[2010/04/21 10:16:53 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\15fd17a9.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/03/05 15:29:29 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions
[2010/03/04 18:20:44 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/03/04 17:52:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/04 17:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/03/05 15:04:55 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010/03/04 17:52:58 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/03/04 18:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2010/03/04 18:20:43 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/03/04 17:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/03/04 18:20:43 | 000,000,000 | ---D | M] (QuickWiki) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}
[2010/03/04 17:52:58 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/03/04 18:20:44 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2010/03/04 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\FirefoxAddon@myfacebook.com
[2010/03/04 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\FirefoxAddon@similarWeb.com
[2010/03/04 18:20:46 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\firefox-extension@shareaholic.com
[2010/03/04 18:20:46 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\googletube@googletube.com
[2010/03/04 18:20:43 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\illimitux@illimitux.net
[2010/03/04 17:52:54 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\isreaditlater@ideashower.com
[2010/03/04 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\personas@christopher.beard
[2010/03/04 17:53:00 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\piclens@cooliris.com
[2010/03/04 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010/03/04 18:20:45 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\extensions\firefox-extension@shareaholic.com\chrome
[2010/03/04 18:32:31 | 000,007,972 | ---- | M] () -- C:\Users\Darlin\AppData\Roaming\Mozilla\Firefox\Profiles\ky0tyjts.default\searchplugins\oneriot-social-web-search.xml
[2010/03/04 17:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/21 06:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/07/17 21:05:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [JDK5SWFMZY] C:\Users\Darlin\AppData\Local\Temp\Ez1.exe File not found
O4 - HKCU..\Run: [pacqwen] C:\Users\Darlin\AppData\Roaming\nb-NOM.DLL ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Darlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run YoukuDownloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files\Xmlbar\Youku Downloader\YoukuDownloader(xmlbar).exe File not found
O9 - Extra 'Tools' menuitem : Youku Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files\Xmlbar\Youku Downloader\YoukuDownloader(xmlbar).exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198 192.168.1.1
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Darlin\Pictures\wild_shutterstock_8532871.jpg
O24 - Desktop BackupWallPaper: C:\Users\Darlin\Pictures\wild_shutterstock_8532871.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/11 09:46:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/19 13:03:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Darlin\Desktop\OTL.exe
[2010/07/18 15:12:02 | 000,000,000 | ---D | C] -- C:\Users\Darlin\AppData\Local\Apple
[2010/07/18 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Darlin\AppData\Local\Adobe
[2010/07/18 13:28:51 | 000,000,000 | ---D | C] -- C:\Users\Darlin\AppData\Local\Apple Computer
[2010/07/18 12:48:42 | 000,000,000 | ---D | C] -- C:\Users\Darlin\AppData\Roaming\Malwarebytes
[2010/07/18 12:48:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/18 12:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/18 12:48:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/18 12:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/17 21:09:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/17 21:09:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/17 20:50:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/17 20:50:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/17 20:50:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/17 20:50:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/17 20:50:07 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/07/17 20:49:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/17 20:49:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/12 12:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/07/12 09:25:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/11 21:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/11 19:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2010/07/11 17:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/11 17:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/11 14:14:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMACCEEAV
[2010/06/30 23:07:30 | 000,000,000 | ---D | C] -- C:\Users\Darlin\dwhelper
[2010/06/23 12:25:13 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/23 12:25:13 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/23 12:25:13 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/22 19:32:16 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/22 19:32:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/20 15:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 15:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/20 15:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[4 C:\Users\Darlin\Documents\*.tmp files -> C:\Users\Darlin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/19 13:08:35 | 008,126,464 | -HS- | M] () -- C:\Users\Darlin\ntuser.dat
[2010/07/19 13:03:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Darlin\Desktop\OTL.exe
[2010/07/19 13:02:54 | 000,018,171 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 5 Activity 2.docx
[2010/07/19 12:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/19 12:54:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/19 12:49:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1042238982-2704989617-889929576-1000UA.job
[2010/07/19 12:42:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/19 12:42:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/19 10:46:10 | 000,000,246 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/07/19 10:44:27 | 000,048,670 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/19 10:44:27 | 000,048,670 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/19 10:44:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/19 10:42:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/19 10:42:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/19 10:42:05 | 2951,024,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/19 10:42:04 | 266,659,862 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/18 22:11:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/18 22:11:32 | 000,524,288 | -HS- | M] () -- C:\Users\Darlin\ntuser.dat{222d7bbb-2541-11df-b6a1-001d7263ad85}.TMContainer00000000000000000001.regtrans-ms
[2010/07/18 22:11:32 | 000,065,536 | -HS- | M] () -- C:\Users\Darlin\ntuser.dat{222d7bbb-2541-11df-b6a1-001d7263ad85}.TM.blf
[2010/07/18 22:11:24 | 002,448,920 | -H-- | M] () -- C:\Users\Darlin\AppData\Local\IconCache.db
[2010/07/18 21:20:34 | 000,039,597 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 4 Activity 6.docx
[2010/07/18 17:49:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1042238982-2704989617-889929576-1000Core.job
[2010/07/18 13:28:45 | 000,002,255 | ---- | M] () -- C:\Users\Darlin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/18 12:48:34 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/17 21:05:16 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/17 21:05:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/15 21:42:33 | 000,016,231 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 4 Activity 2.docx
[2010/07/14 21:56:30 | 000,019,630 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 4 Activity 1.docx
[2010/07/13 22:15:38 | 000,023,396 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 3 Activity 3.docx
[2010/07/13 16:47:10 | 000,000,104 | ---- | M] () -- C:\Users\Darlin\Desktop\Recycle Bin - Shortcut.lnk
[2010/07/12 21:50:52 | 000,017,444 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 3 Activity 1.docx
[2010/07/12 13:52:59 | 000,006,105 | ---- | M] () -- C:\Users\Darlin\Documents\Attach.zip
[2010/07/12 09:25:29 | 000,000,008 | ---- | M] () -- C:\Users\Darlin\AppData\Roaming\vdnxlf.dat
[2010/07/11 22:07:45 | 000,001,356 | ---- | M] () -- C:\Users\Darlin\AppData\Local\d3d9caps.dat
[2010/07/11 21:56:48 | 000,013,944 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 2 Activity 7.docx
[2010/07/11 19:55:01 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010/07/11 19:19:13 | 000,311,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/11 17:46:31 | 000,000,088 | ---- | M] () -- C:\Windows\wininit.ini
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-183614.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-183519.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-183518.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-183517.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-183516.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180651.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180650.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180647.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180645.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180643.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180642.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180641.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180616.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180615.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180614.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180613.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-180612.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-174936.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-174923.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-174920.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-174919.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-174917.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-174843.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-174842.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-174840.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-174646.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-174644.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-174627.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173902.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173617.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173616.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173615.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173608.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173607.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173606.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173605.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173604.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173603.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173602.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173601.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173557.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-173518.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-172944.backup
[2010/07/11 16:12:13 | 000,002,731 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-172848.backup
[2010/07/09 23:20:49 | 000,088,576 | RHS- | M] () -- C:\Users\Darlin\AppData\Roaming\nb-NOM.dll
[2010/07/08 00:38:14 | 000,019,441 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 2 Activity 3.docx
[2010/07/06 23:28:16 | 000,018,895 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 1 Activity 8.docx
[2010/07/06 21:59:03 | 000,012,800 | ---- | M] () -- C:\Users\Darlin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 21:37:18 | 000,013,435 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 1 Activity 5.docx
[2010/07/04 20:35:36 | 000,020,474 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 1 Assignment 4.docx
[2010/07/02 23:37:59 | 000,015,047 | ---- | M] () -- C:\Users\Darlin\Documents\Unit 1 Assignment 1.docx
[2010/07/01 21:49:49 | 000,002,047 | ---- | M] () -- C:\Users\Darlin\Desktop\Google Chrome.lnk
[2010/07/01 21:49:49 | 000,002,009 | ---- | M] () -- C:\Users\Darlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/06/25 11:20:20 | 002,325,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/25 11:20:20 | 000,062,236 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/06/25 11:20:20 | 000,019,286 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/06/25 11:20:19 | 000,685,978 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/25 11:20:19 | 000,620,982 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/20 15:31:10 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[4 C:\Users\Darlin\Documents\*.tmp files -> C:\Users\Darlin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/19 13:02:53 | 000,018,171 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 5 Activity 2.docx
[2010/07/18 21:20:20 | 000,039,597 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 4 Activity 6.docx
[2010/07/18 12:48:34 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/17 20:50:15 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/17 20:50:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/17 20:50:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/17 20:50:15 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/17 20:50:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/15 21:41:27 | 000,016,231 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 4 Activity 2.docx
[2010/07/14 18:31:52 | 000,019,630 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 4 Activity 1.docx
[2010/07/13 22:14:05 | 000,023,396 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 3 Activity 3.docx
[2010/07/13 16:47:10 | 000,000,104 | ---- | C] () -- C:\Users\Darlin\Desktop\Recycle Bin - Shortcut.lnk
[2010/07/12 17:29:08 | 000,017,444 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 3 Activity 1.docx
[2010/07/12 13:52:59 | 000,006,105 | ---- | C] () -- C:\Users\Darlin\Documents\Attach.zip
[2010/07/12 09:25:28 | 000,000,008 | ---- | C] () -- C:\Users\Darlin\AppData\Roaming\vdnxlf.dat
[2010/07/11 23:08:05 | 266,659,862 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/11 22:13:06 | 2951,024,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/11 21:12:54 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/07/11 21:12:54 | 000,001,111 | ---- | C] () -- C:\Users\Darlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/07/11 21:07:22 | 000,013,944 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 2 Activity 7.docx
[2010/07/11 17:46:31 | 000,000,088 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/09 23:20:48 | 000,088,576 | RHS- | C] () -- C:\Users\Darlin\AppData\Roaming\nb-NOM.dll
[2010/07/08 00:08:30 | 000,019,441 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 2 Activity 3.docx
[2010/07/06 23:28:16 | 000,018,895 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 1 Activity 8.docx
[2010/07/06 21:37:17 | 000,013,435 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 1 Activity 5.docx
[2010/07/04 20:35:24 | 000,020,474 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 1 Assignment 4.docx
[2010/07/02 23:37:58 | 000,015,047 | ---- | C] () -- C:\Users\Darlin\Documents\Unit 1 Assignment 1.docx
[2010/06/20 18:55:00 | 000,002,255 | ---- | C] () -- C:\Users\Darlin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/06/20 15:31:10 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/17 16:23:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/01/20 22:24:38 | 000,033,794 | ---- | C] () -- C:\Windows\System32\unelwin.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/01/19 09:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2010/06/02 18:46:13 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\BitComet
[2009/10/09 21:17:54 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\iWin
[2010/07/17 20:48:54 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\LimeWire
[2010/06/08 13:18:41 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Opera
[2009/10/10 23:06:18 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\PlayFirst
[2010/03/10 18:32:47 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Rogers Online Protection
[2009/10/17 15:25:15 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\Template
[2009/08/21 21:22:19 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/11/30 17:12:48 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/09/05 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Darlin\AppData\Roaming\WildTangent
[2010/07/18 22:11:38 | 000,032,644 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\ERDNT\cache\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\ERDNT\cache\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 01:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

========== Files - Unicode (All) ==========
[2009/10/02 23:23:37 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?????????????????????????????????????????????????) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/10/02 23:23:37 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?????????????????????????????????????????????????) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
< End of report >

[ken545]

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [JDK5SWFMZY] C:\Users\Darlin\AppData\Local\Temp\Ez1.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )