I've got an infected computer. I've have been following the "cleaning guide" steps and I believed I deleted all the infections with Malwarebytes, but it didnt work. I have the log attached to this topic to show you what I mean. The Malwarbytes program now closes after a few seconds into another scan. Then it gives me an error saying that it can't access the file when i try to open Malwarebytes again. Also RootRepeal won't run. I get an error that says (FOPS - DeviceIocontrol Error! Error Code = 0xc0000024. The OTL program however ran without any error messages. Any suggestions?

OTL logfile created on: 11/5/2009 1:47:53 AM - Run 1
OTL by OldTimer - Version 3.1.3.4 Folder = H:\
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.20% Memory free
4.00 Gb Paging File | 2.72 Gb Available in Paging File | 68.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 84.84 Gb Total Space | 24.44 Gb Free Space | 28.80% Space Free | Partition Type: NTFS
Drive D: | 93.16 Gb Total Space | 6.00 Gb Free Space | 6.44% Space Free | Partition Type: NTFS
Drive E: | 7.27 Gb Total Space | 0.73 Gb Free Space | 10.01% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 1.05 Gb Total Space | 1.02 Gb Free Space | 96.94% Space Free | Partition Type: NTFS
Drive H: | 968.23 Mb Total Space | 778.17 Mb Free Space | 80.37% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: DPURDY2-PC
Current User Name: DPurdy2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/05 22:36:04 | 00,527,872 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2009/11/03 09:53:37 | 02,028,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/04 12:16:54 | 00,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/08/28 08:42:08 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 08:42:04 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/28 08:41:57 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/02 23:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/13 19:14:50 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/07/13 19:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 19:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 19:14:47 | 00,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/07/13 19:14:47 | 00,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/07/13 19:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:24 | 00,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/07/13 19:14:19 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/10 15:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009/02/09 23:53:51 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/04 01:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/12/02 11:02:40 | 05,668,864 | ---- | M] (Noteburner.com) -- C:\Program Files\NoteBurner\VTBurnerGUI.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/18 14:03:32 | 00,790,032 | ---- | M] (BluePenguin Software Inc.) -- C:\Program Files\SpyZooka\spyzooka.exe
PRC - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/03/28 01:06:00 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/03/28 01:05:00 | 01,045,800 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/03/25 19:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/12/19 18:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/12/19 18:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/12/19 18:27:50 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/12/05 15:30:40 | 00,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2007/10/14 20:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/07/16 11:04:40 | 00,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/05/16 08:43:04 | 00,677,432 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/03/20 16:23:40 | 01,773,568 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/03/09 11:50:02 | 04,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/01 14:18:36 | 00,472,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/01/10 17:12:08 | 00,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006/12/14 18:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/10/30 20:59:14 | 00,505,520 | ---- | M] (Symantec Corporation) -- C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
PRC - [2006/10/09 14:43:44 | 00,729,088 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2005/10/07 19:01:52 | 03,032,576 | ---- | M] () -- C:\Program Files\StorageSync\StrgSync.exe
PRC - [2005/05/07 19:07:42 | 00,406,016 | ---- | M] () -- C:\Program Files\SubliminalEzy\SubLiminalEzy.exe


========== Modules (SafeList) ==========

MOD - [2009/11/05 22:36:04 | 00,527,872 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2009/07/13 19:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 19:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/08/28 08:42:02 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 08:41:57 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/13 19:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV - [2009/07/13 19:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/07/13 19:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/13 19:14:19 | 00,557,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2009/07/13 19:14:19 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/10 15:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 15:14:05 | 00,128,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/06/10 15:14:02 | 00,878,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/04/22 17:46:06 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/04 01:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 19:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/12/19 18:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc)
SRV - [2007/12/19 18:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched)
SRV - [2007/12/05 15:30:40 | 00,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/03/05 08:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/02/17 08:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/02/12 10:36:58 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/12/14 18:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/25 15:31:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/05 00:03:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/05 00:03:08 | 00,000,000 | ---D | M]

[2009/11/05 00:05:18 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Mozilla\Extensions
[2009/11/05 00:05:18 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/05 18:00:01 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Mozilla\Firefox\Profiles\29pbjrkc.default\extensions
[2009/11/05 18:00:01 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Mozilla\Firefox\Profiles\29pbjrkc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/05 00:03:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/05 00:03:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/16 14:08:14 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/16 14:08:15 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/16 14:08:16 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/16 11:58:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/16 11:58:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 11:58:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 11:58:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/16 11:58:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 11:58:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/16 11:58:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe (Noteburner.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [WheelMouse] C:\Mouse Suite v1.2\wh_exec.exe ()
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [PopRock] C:\Users\DPurdy2\AppData\Local\Temp\a.exe File not found
O4 - HKCU..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe (BluePenguin Software Inc.)
O4 - HKCU..\Run: [SubliminalEzy] C:\Program Files\SubliminalEzy\SubLiminalEzy.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {D468BCE5-D18E-49A4-8EA7-34BD583659D5} - C:\Program Files\SpyZooka\spyguard.dll (BluePenguin Software Inc.)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/02/28 19:31:57 | 00,000,000 | ---D | M] - C:\AUTOTECH -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 00,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [1999/12/12 01:00:00 | 00,000,045 | ---- | M] () - H:\AUTOEXEC.BAT -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 20:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/05 01:27:22 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/05 01:26:36 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/05 00:03:24 | 00,000,000 | ---D | C] -- C:\Users\DPurdy2\AppData\Roaming\Mozilla
[2009/11/05 00:03:24 | 00,000,000 | ---D | C] -- C:\Users\DPurdy2\AppData\Local\Mozilla
[2009/11/05 00:03:06 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/25 18:06:49 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/10/25 17:44:14 | 00,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2009/10/25 17:28:44 | 00,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2009/10/25 16:36:51 | 00,000,000 | ---D | C] -- C:\Users\DPurdy2\AppData\Local\Diagnostics
[2009/10/25 16:23:51 | 00,000,000 | -HSD | C] -- C:\Recovery
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\Templates
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\Start Menu
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\SendTo
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\Recent
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\PrintHood
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\NetHood
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\Documents\My Videos
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\Documents\My Pictures
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\Documents\My Music
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\My Documents
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\Local Settings
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\Cookies
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\Application Data
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\AppData\Local\Temporary Internet Files
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\AppData\Local\History
[2009/10/25 15:13:27 | 00,000,000 | -HSD | C] -- C:\Users\DPurdy2\AppData\Local\Application Data
[2009/10/25 15:13:26 | 00,000,000 | --SD | C] -- C:\Users\DPurdy2\AppData\Roaming\Microsoft
[2009/10/25 15:13:26 | 00,000,000 | R--D | C] -- C:\Users\DPurdy2\Videos
[2009/10/25 15:13:26 | 00,000,000 | R--D | C] -- C:\Users\DPurdy2\Saved Games
[2009/10/25 15:13:26 | 00,000,000 | R--D | C] -- C:\Users\DPurdy2\Pictures
[2009/10/25 15:13:26 | 00,000,000 | R--D | C] -- C:\Users\DPurdy2\Music
[2009/10/25 15:13:26 | 00,000,000 | R--D | C] -- C:\Users\DPurdy2\Links
[2009/10/25 15:13:26 | 00,000,000 | R--D | C] -- C:\Users\DPurdy2\Favorites
[2009/10/25 15:13:26 | 00,000,000 | R--D | C] -- C:\Users\DPurdy2\Downloads
[2009/10/25 15:13:26 | 00,000,000 | R--D | C] -- C:\Users\DPurdy2\Documents
[2009/10/25 15:13:26 | 00,000,000 | R--D | C] -- C:\Users\DPurdy2\Desktop
[2009/10/25 15:13:26 | 00,000,000 | -H-D | C] -- C:\Users\DPurdy2\AppData
[2009/10/25 15:13:26 | 00,000,000 | ---D | C] -- C:\Users\DPurdy2\AppData\Roaming\Media Center Programs
[2009/10/25 15:13:26 | 00,000,000 | ---D | C] -- C:\Users\DPurdy2\AppData\Local\Temp
[2009/10/25 15:13:26 | 00,000,000 | ---D | C] -- C:\Users\DPurdy2\AppData\Local\Microsoft
[2009/10/25 15:12:31 | 00,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2009/10/25 15:11:25 | 00,000,000 | ---D | C] -- C:\Program Files\Motorola
[2009/10/25 15:11:12 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/10/25 15:09:40 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/10/25 01:28:26 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[4 C:\Users\DPurdy2\Documents\*.tmp files -> C:\Users\DPurdy2\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/05 21:14:49 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/05 18:30:20 | 44,732,738 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/05 18:30:20 | 00,086,225 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/05 01:50:05 | 03,670,016 | -HS- | M] () -- C:\Users\DPurdy2\NTUSER.DAT
[2009/11/05 01:47:10 | 00,000,000 | ---- | M] () -- C:\Users\DPurdy2\Desktop\settings.dat
[2009/11/05 01:42:59 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/05 01:42:59 | 00,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/05 01:42:59 | 00,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/05 01:42:38 | 00,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/05 01:42:38 | 00,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/05 01:35:57 | 00,000,247 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/11/05 01:34:48 | 00,000,290 | -H-- | M] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/11/05 01:33:56 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/05 01:33:55 | 00,135,895 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/05 01:33:55 | 00,135,895 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/05 01:33:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/05 01:33:51 | 00,000,000 | ---- | M] () -- C:\Windows\win32k.sys
[2009/11/05 01:33:48 | 16,093,75744 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/05 01:32:50 | 01,297,934 | -H-- | M] () -- C:\Users\DPurdy2\AppData\Local\IconCache.db
[2009/11/05 01:26:40 | 00,000,896 | ---- | M] () -- C:\Users\DPurdy2\Desktop\NTREGOPT.lnk
[2009/11/05 01:26:39 | 00,000,877 | ---- | M] () -- C:\Users\DPurdy2\Desktop\ERUNT.lnk
[2009/11/05 00:03:10 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/11/04 15:06:05 | 00,195,584 | ---- | M] () -- C:\Users\DPurdy2\Documents\gurnee_to_kenosha_emission.est
[2009/11/04 14:59:26 | 00,195,584 | ---- | M] () -- C:\Users\DPurdy2\Documents\5424 N 40th St, Milwaukee, WI 53209 to 624 Wildwood Rd, West Bend, WI 53090.est
[2009/10/31 19:23:09 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDPurdy2.job
[2009/10/27 10:18:34 | 00,418,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/25 18:06:36 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/10/25 16:47:12 | 00,326,601 | ---- | M] () -- C:\Users\DPurdy2\Desktop\W7_homegroup_pswrd.jpg
[2009/10/25 16:46:07 | 00,001,989 | ---- | M] () -- C:\Users\DPurdy2\Desktop\Remote Desktop Connection.lnk
[2009/10/25 16:25:37 | 00,113,136 | ---- | M] () -- C:\Users\DPurdy2\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/25 16:24:21 | 00,135,895 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/10/25 16:24:21 | 00,135,895 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/10/25 16:24:11 | 00,000,020 | -HS- | M] () -- C:\Users\DPurdy2\ntuser.ini
[2009/10/25 16:14:16 | 00,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/10/25 16:00:22 | 00,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2009/10/25 15:13:29 | 00,524,288 | -HS- | M] () -- C:\Users\DPurdy2\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/10/25 15:13:29 | 00,524,288 | -HS- | M] () -- C:\Users\DPurdy2\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/10/25 15:13:29 | 00,065,536 | -HS- | M] () -- C:\Users\DPurdy2\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/10/25 15:12:33 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2009/10/25 14:22:21 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/25 14:22:20 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/25 11:56:39 | 00,004,470 | ---- | M] () -- C:\Users\DPurdy2\Desktop\Windows Compatibility Report.htm
[2009/10/25 10:19:10 | 00,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/10/25 10:19:10 | 00,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/10/25 02:43:56 | 00,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/10/22 17:12:23 | 00,135,895 | ---- | M] () -- C:\Users\DPurdy2\AppData\Roaming\nvModes.001
[4 C:\Users\DPurdy2\Documents\*.tmp files -> C:\Users\DPurdy2\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/05 21:14:49 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/05 03:06:15 | 00,000,000 | ---- | C] () -- C:\Windows\win32k.sys
[2009/11/05 01:47:10 | 00,000,000 | ---- | C] () -- C:\Users\DPurdy2\Desktop\settings.dat
[2009/11/05 01:32:50 | 01,297,934 | -H-- | C] () -- C:\Users\DPurdy2\AppData\Local\IconCache.db
[2009/11/05 01:26:40 | 00,000,896 | ---- | C] () -- C:\Users\DPurdy2\Desktop\NTREGOPT.lnk
[2009/11/05 01:26:39 | 00,000,877 | ---- | C] () -- C:\Users\DPurdy2\Desktop\ERUNT.lnk
[2009/11/05 00:03:10 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/11/04 23:46:21 | 00,000,290 | -H-- | C] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/11/04 15:00:04 | 00,195,584 | ---- | C] () -- C:\Users\DPurdy2\Documents\gurnee_to_kenosha_emission.est
[2009/11/02 01:28:31 | 00,195,584 | ---- | C] () -- C:\Users\DPurdy2\Documents\5424 N 40th St, Milwaukee, WI 53209 to 624 Wildwood Rd, West Bend, WI 53090.est
[2009/10/25 16:44:38 | 00,326,601 | ---- | C] () -- C:\Users\DPurdy2\Desktop\W7_homegroup_pswrd.jpg
[2009/10/25 16:25:37 | 00,113,136 | ---- | C] () -- C:\Users\DPurdy2\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/25 16:24:21 | 00,135,895 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/25 16:24:21 | 00,135,895 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/25 16:24:21 | 00,135,895 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/25 16:24:21 | 00,135,895 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/25 16:24:11 | 00,000,020 | -HS- | C] () -- C:\Users\DPurdy2\ntuser.ini
[2009/10/25 16:17:06 | 16,093,75744 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/25 16:00:22 | 00,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/10/25 15:13:27 | 00,524,288 | -HS- | C] () -- C:\Users\DPurdy2\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/10/25 15:13:27 | 00,524,288 | -HS- | C] () -- C:\Users\DPurdy2\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/10/25 15:13:27 | 00,065,536 | -HS- | C] () -- C:\Users\DPurdy2\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/10/25 15:13:26 | 03,670,016 | -HS- | C] () -- C:\Users\DPurdy2\NTUSER.DAT
[2009/10/25 15:12:33 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2009/10/25 15:11:58 | 00,009,504 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/25 15:11:58 | 00,009,504 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/25 14:08:05 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2009/10/24 23:41:28 | 00,004,470 | ---- | C] () -- C:\Users\DPurdy2\Desktop\Windows Compatibility Report.htm
[2009/10/24 22:34:22 | 00,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/10/24 22:34:22 | 00,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/09/11 13:37:30 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/04 20:51:22 | 00,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/07/13 22:52:31 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/13 22:52:31 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:52:31 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:52:31 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:41:57 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009/07/13 20:04:23 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/13 17:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:32:54 | 00,061,952 | ---- | C] () -- C:\Windows\System32\logevent.dll
[2009/07/13 17:32:54 | 00,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2009/06/10 22:40:23 | 00,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/02/03 18:33:49 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/03 18:33:48 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/09/19 15:57:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/06/12 20:36:38 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/04/26 17:46:40 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/28 19:28:44 | 00,000,035 | ---- | C] () -- C:\Windows\atechloc.ini
[2008/02/28 19:28:38 | 00,000,083 | ---- | C] () -- C:\Windows\atech.ini
[2007/12/19 22:19:24 | 00,000,614 | ---- | C] () -- C:\Users\DPurdy2\AppData\Roaming\wklnhst.dat
[2007/12/05 22:43:59 | 00,135,895 | ---- | C] () -- C:\Users\DPurdy2\AppData\Roaming\nvModes.001
[2007/12/04 18:56:53 | 00,135,895 | ---- | C] () -- C:\Users\DPurdy2\AppData\Roaming\nvModes.dat
[2007/07/12 16:41:36 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/02/27 14:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 00:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 00:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006/03/09 15:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/04/25 18:38:20 | 00,006,885 | ---- | C] () -- C:\Windows\System32\drivers\whmice2k.sys
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/25 15:45:38 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Amazon
[2009/10/25 15:45:38 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Any DVD Converter Professional
[2009/10/25 15:45:38 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Any Video Converter
[2009/10/25 15:45:38 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Any Video Converter Professional
[2009/10/25 15:45:38 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Berlitz
[2009/10/25 15:45:39 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Day Trading Robot
[2009/10/25 15:46:06 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Memeo
[2009/10/25 15:46:19 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Notepad++
[2009/10/25 15:46:19 | 00,000,000 | RH-D | M] -- C:\Users\DPurdy2\AppData\Roaming\SecuROM
[2009/11/05 19:40:33 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Spyzooka
[2009/10/25 15:46:20 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Template
[2007/12/13 23:42:18 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Tunebite
[2009/10/25 15:46:20 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\uTorrent
[2009/10/25 15:46:20 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\WildTangent
[2009/11/05 01:33:56 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 22:53:46 | 00,004,884 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/05 01:34:48 | 00,000,290 | -H-- | M] () -- C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[1999/11/02 10:58:56 | 00,021,504 | ---- | M] () MD5=EF9557A7A6483D4A7480792B87631602 -- C:\Program Files\PTG Interactive\bin_plug\perl\site\lib\auto\Win32\EventLog\EventLog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009/07/13 19:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 19:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/07/13 19:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 19:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2009/07/13 19:15:06 | 00,061,952 | ---- | M] () MD5 -- C:\Windows\System32\cngaudit.dll
[2009/07/13 19:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >
[2009/07/13 19:15:06 | 00,061,952 | ---- | M] () MD5 -- C:\Windows\System32\logevent.dll

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 16:54:16 | 00,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/02/12 08:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SwSetup\Robson\Winall\Driver\iaStor.sys
[2007/02/12 08:37:22 | 00,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\SwSetup\Robson\Winall\Driver64\IaStor.sys
[2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_2d2ec4fd9937ddb4\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009/07/13 19:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 19:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 19:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2009/07/13 19:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 19:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 19:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >

This post has been edited by purdyd84: Nov 6 2009, 06:53 PM

hi

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to Combo-Fix as follows:
   
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.
9. Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

hi i tried using combofix but all i see is a bar. Once the bar is filled I don't see any messages or anything else.

rename it to svchost.com

it run then ?

if not do this

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  %SYSTEMDRIVE%\eventlog.dll /s /md5
  %SYSTEMDRIVE%\scecli.dll /s /md5
  %SYSTEMDRIVE%\netlogon.dll /s /md5
  %SYSTEMDRIVE%\cngaudit.dll /s /md5
  %SYSTEMDRIVE%\sceclt.dll /s /md5
  %SYSTEMDRIVE%\ntelogon.dll /s /md5
  %SYSTEMDRIVE%\logevent.dll /s /md5
  %SYSTEMDRIVE%\iaStor.sys /s /md5
  %SYSTEMDRIVE%\nvstor.sys /s /md5
  %SYSTEMDRIVE%\atapi.sys /s /md5
  %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
  %SYSTEMDRIVE%\viasraid.sys /s /md5
  %SYSTEMDRIVE%\AGP440.sys /s /md5
  %SYSTEMDRIVE%\vaxscsi.sys /s /md5
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Renaming the file didnt help. It did the same thing as before. I uploaded the OTL.txt file

don't attach the logs please

1. Please download The Avenger by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Here are the text files you requested.

Avenger.txt
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\win32k.sys" deleted successfully.
File move operation "C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll|C:\Windows\System32\cngaudit.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.



Combo.txt
ComboFix 09-11-07.02 - DPurdy2 11/08/2009 2:18.1.2 - NTFSx86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.1628 [GMT -6:00]
Running from: c:\users\DPurdy2\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2828154749-641327726-3508198756-500
c:\$recycle.bin\S-1-5-21-4174804050-457104618-2806555278-500
C:\bt.log
C:\cleanup.exe
c:\users\DPurdy2\Documents\ZbThumbnail.info
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\jestertb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 08:24 . 2009-11-08 08:29 4096 d-----w- c:\users\DPurdy2\AppData\Local\temp
2009-11-08 08:24 . 2009-11-08 08:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-08 08:11 . 2009-11-08 08:11 574 ----a-w- C:\cleanup.bat
2009-11-08 08:11 . 2009-11-08 08:11 135168 ----a-w- C:\zip.exe
2009-11-07 12:58 . 2009-11-07 13:59 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-11-05 08:29 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-05 08:29 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-05 07:26 . 2009-11-05 07:26 4096 d-----w- c:\program files\ERUNT
2009-11-05 06:03 . 2009-11-05 06:03 -------- d-----w- c:\users\DPurdy2\AppData\Local\Mozilla
2009-11-03 15:53 . 2009-10-08 22:42 3510552 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-10-27 05:04 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-26 18:01 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-10-26 18:01 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-26 18:01 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-10-26 18:01 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-10-26 18:01 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2009-10-26 18:01 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2009-10-26 18:01 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-10-26 18:01 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-10-26 18:01 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-10-26 18:01 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 00:06 . 2009-10-25 22:24 8192 d-----w- c:\windows\Panther
2009-10-25 23:44 . 2009-10-25 22:01 -------- d-----w- C:\$WINDOWS.~Q
2009-10-25 23:28 . 2009-10-25 23:36 -------- d-----w- C:\$INPLACE.~TR
2009-10-25 22:36 . 2009-10-25 22:36 -------- d-----w- c:\users\DPurdy2\AppData\Local\Diagnostics
2009-10-25 22:25 . 2009-10-25 22:25 113136 ----a-w- c:\users\DPurdy2\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-25 22:23 . 2009-10-25 22:23 -------- d-----w- C:\Recovery
2009-10-25 22:23 . 2009-11-08 07:33 -------- d-----w- c:\windows\system32\wbem\Performance
2009-10-25 22:00 . 2009-10-25 22:00 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-25 21:49 . 2009-10-25 21:49 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2009-10-25 21:49 . 2009-10-25 21:49 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2009-10-25 21:12 . 2009-10-25 21:12 -------- d-----w- c:\program files\Synaptics
2009-10-25 21:12 . 2008-12-04 07:42 768544 ----a-w- c:\windows\system32\nvcplui.exe
2009-10-25 21:12 . 2008-12-04 07:42 453152 ----a-w- c:\windows\system32\nvuninst.exe
2009-10-25 21:12 . 2008-12-04 07:42 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-10-25 21:12 . 2008-12-04 07:42 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2009-10-25 21:11 . 2009-10-25 21:11 -------- d-----w- c:\program files\Motorola
2009-10-25 21:11 . 2009-10-25 21:11 -------- d-----w- c:\windows\system32\RTCOM
2009-10-25 08:24 . 2007-06-18 21:12 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2009-10-25 08:24 . 2006-11-02 11:09 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2009-10-25 08:07 . 2009-10-25 08:07 10134 ----a-r- c:\users\DPurdy2\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-10-21 00:27 . 2009-10-21 00:25 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-10-18 03:43 . 2009-10-18 03:43 2025752 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 03:14 . 2009-11-06 03:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-06 01:40 . 2009-01-04 23:14 8192 d-----w- c:\users\DPurdy2\AppData\Roaming\Spyzooka
2009-11-05 08:29 . 2009-06-11 22:23 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 06:06 . 2007-12-21 20:25 4096 d-----w- c:\users\DPurdy2\AppData\Roaming\Move Networks
2009-11-03 02:42 . 2009-10-03 00:12 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-25 22:24 . 2009-10-25 22:24 135895 ----a-w- c:\programdata\nvModes.dat
2009-10-25 21:46 . 2009-04-23 18:42 -------- d-----w- c:\users\DPurdy2\AppData\Roaming\ZoomBrowser EX
2009-10-25 21:46 . 2008-11-21 04:52 -------- d-----w- c:\users\DPurdy2\AppData\Roaming\Yahoo!
2009-10-25 21:46 . 2008-04-22 17:26 -------- d-----w- c:\users\DPurdy2\AppData\Roaming\WildTangent
2009-10-25 21:46 . 2007-12-20 04:19 -------- d-----w- c:\users\DPurdy2\AppData\Roaming\Template
2009-10-25 21:46 . 2007-12-09 06:22 -------- d-----w- c:\users\DPurdy2\AppData\Roaming\uTorrent
2009-10-25 21:46 . 2008-08-03 23:00 -------- d--h--r- c:\users\DPurdy2\AppData\Roaming\SecuROM
2009-10-25 21:46 . 2008-05-22 03:17 4096 d-----w- c:\users\DPurdy2\AppData\Roaming\Notepad++
2009-10-25 21:46 . 2007-12-15 05:27 -------- d-----w- c:\users\DPurdy2\AppData\Roaming\Roxio
2009-10-25 21:46 . 2009-09-05 03:05 -------- d-----w- c:\users\DPurdy2\AppData\Roaming\Memeo
2009-10-25 21:46 . 2009-06-11 22:24 -------- d-----w- c:\users\DPurdy2\AppData\Roaming\Malwarebytes
2009-10-25 21:31 . 2009-09-12 20:15 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-25 21:31 . 2009-07-30 07:00 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-10-25 21:31 . 2007-12-02 05:58 4096 d-----w- c:\programdata\Yahoo! Companion
2009-10-25 21:31 . 2008-11-21 04:52 -------- d-----w- c:\programdata\Yahoo!
2009-10-25 21:31 . 2007-10-09 18:09 4096 d-----w- c:\programdata\WildTangent
2009-10-25 21:29 . 2007-10-09 18:09 -------- d-----w- c:\program files\Yahoo!
2009-10-25 21:27 . 2008-05-27 00:25 -------- d-----w- c:\program files\PROnetworks
2009-10-25 21:26 . 2009-02-26 22:10 -------- d-----w- c:\program files\Microsoft SDKs
2009-10-25 21:26 . 2009-07-14 04:52 4096 d-----w- c:\program files\Microsoft Games
2009-10-25 21:26 . 2008-02-10 23:21 4096 d-----w- c:\program files\Microsoft Location Finder
2009-10-25 21:26 . 2009-03-08 19:24 -------- d-----w- c:\program files\Lotus Brokerage Services FX
2009-10-25 21:26 . 2007-10-09 18:38 4096 d-----w- c:\program files\Java
2009-10-25 21:26 . 2007-10-09 17:20 -------- d-----w- c:\program files\Intel
2009-10-25 21:26 . 2007-10-09 17:19 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-10-25 21:26 . 2007-10-09 18:22 -------- d-----w- c:\program files\HPQ
2009-10-25 21:25 . 2007-10-09 18:09 12288 d-----w- c:\program files\HP Games
2009-10-25 21:21 . 2007-10-09 17:55 4096 d-----w- c:\program files\HP
2009-10-25 21:20 . 2007-10-09 17:16 4096 d-----w- c:\program files\Hewlett-Packard
2009-10-25 21:17 . 2008-03-12 23:44 4096 d-----w- c:\program files\Google
2009-10-25 21:17 . 2007-12-02 05:57 8192 d-----w- c:\program files\DivX
2009-10-25 21:17 . 2007-10-09 18:07 -------- d-----w- c:\program files\earthlink totalaccess
2009-10-25 21:17 . 2008-04-13 03:33 4096 d-----w- c:\program files\cybershamanfree
2009-10-25 21:17 . 2009-05-06 04:55 4096 d-----w- c:\program files\Coupons
2009-10-25 21:17 . 2007-10-09 17:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-25 21:17 . 2007-10-09 17:38 4096 d-----w- c:\program files\Common Files\SureThing Shared
2009-10-25 21:17 . 2007-10-09 17:34 4096 d-----w- c:\program files\Common Files\Sonic Shared
2009-10-25 21:17 . 2007-10-09 17:34 4096 d-----w- c:\program files\Common Files\Roxio Shared
2009-10-25 21:15 . 2009-07-30 06:58 -------- d-----w- c:\program files\Bonjour
2009-10-25 21:15 . 2008-01-07 00:56 -------- d-----w- c:\program files\Berlitz
2009-10-25 21:15 . 2009-06-12 18:18 -------- d-----w- c:\program files\AVG
2009-10-25 21:15 . 2007-12-09 04:21 4096 d-----w- c:\program files\Audacity
2009-10-25 21:15 . 2008-10-16 04:10 4096 d-----w- c:\program files\Apple Software Update
2009-10-25 21:15 . 2009-04-23 19:33 4096 d-----w- c:\program files\Any Video Converter Professional
2009-10-25 21:15 . 2009-07-24 19:44 -------- d-----w- c:\program files\Amazon
2009-10-25 21:15 . 2008-11-18 05:40 4096 d-----w- c:\program files\AC3Filter
2009-10-25 21:12 . 2009-10-25 21:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-10-25 08:43 . 2007-10-24 06:28 1076 ----a-w- c:\windows\bthservsdp.dat
2009-10-25 07:35 . 2008-05-28 23:31 164880 ---ha-w- c:\users\DPurdy2\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2009-10-25 07:25 . 2009-09-05 02:53 -------- d-----w- c:\program files\Common Files\eSellerate
2009-10-15 20:00 . 2009-10-07 16:54 -------- d-----w- c:\program files\McGraw-Hill
2009-10-10 18:34 . 2007-12-05 00:56 135895 ----a-w- c:\users\DPurdy2\AppData\Roaming\nvModes.dat
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-18 08:10 . 2009-09-18 08:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-09-18 07:36 . 2009-09-18 07:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-09-18 07:36 . 2009-09-18 07:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-09-10 16:48 . 2009-10-23 17:06 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe
2009-09-10 16:48 . 2009-10-23 17:06 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll
2009-09-10 16:48 . 2009-10-23 17:06 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL
2009-09-04 18:17 . 2009-09-04 18:17 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2009-09-02 05:29 . 2009-09-02 05:29 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2009-09-02 05:29 . 2009-09-02 05:29 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2009-09-02 05:29 . 2009-09-02 05:29 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2009-09-02 05:29 . 2009-09-02 05:29 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2009-09-02 05:29 . 2009-09-02 05:29 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2009-09-02 05:29 . 2009-09-02 05:29 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2009-08-28 14:42 . 2009-06-12 18:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 14:42 . 2009-06-12 18:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-28 14:42 . 2009-06-12 18:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 17:37 . 2009-08-17 17:37 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll
2009-08-17 17:37 . 2009-08-17 17:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2009-08-12 01:51 . 2009-10-23 17:06 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_RegistrationRecovery.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"SpyZooka"="c:\program files\SpyZooka\SpyZookaLdr.exe" [2008-08-16 60408]
"SubliminalEzy"="c:\program files\SubliminalEzy\SubLiminalEzy.exe" [2005-05-08 406016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"NoteBurner"="c:\program files\NoteBurner\VTBurnerGUI.exe" [2008-12-02 5668864]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"WheelMouse"="c:\mouses~1.2\wh_exec.exe" [2007-02-28 86016]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-09 4390912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-16 727592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Philips Device Manager.lnk - c:\program files\Philips\GoGear Mix Device Manager\main.exe [2009-8-7 119296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= "c:\progra~1\SpyZooka\spyguard.dll" [2005-05-08 173568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/12/2009 12:19 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/12/2009 12:19 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\program files\AVG\AVG8\avgwdsvc.exe [6/12/2009 12:18 PM 297752]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [6/10/2009 3:18 PM 4231168]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\program files\AVG\AVG8\avgemc.exe [6/12/2009 12:18 PM 908056]
S3 CamdDriverV32;CamdDriverV32;c:\windows\System32\drivers\CamdDriverV32.sys [12/8/2007 10:48 PM 23096]
S3 CamdVideo32;CamdVideo32;c:\windows\System32\drivers\CamdVideo32.sys [12/8/2007 10:48 PM 3768]
S3 MovRVDrv32;MovRVDrv32;c:\windows\System32\drivers\MovRVDrv32.sys [4/26/2008 10:11 PM 3768]
S3 MusCDriverV32;MusCDriverV32;c:\windows\System32\drivers\MusCDriverV32.sys [12/7/2007 8:21 PM 23096]
S3 MusCVideo32;MusCVideo32;c:\windows\System32\drivers\MusCVideo32.sys [12/7/2007 8:21 PM 3768]
S3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;c:\windows\System32\drivers\whmice2k.sys [4/25/2004 6:38 PM 6885]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-01 c:\windows\Tasks\HPCeeScheduleForDPurdy2.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-10-09 21:23]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\DPurdy2\AppData\Roaming\Mozilla\Firefox\Profiles\29pbjrkc.default\
FF - plugin: c:\users\DPurdy2\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Subliminal Mind Power - c:\users\DPurdy2\Documents\Psi\SubliminalMundPower\Uninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3008)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgnsx.exe
c:\windows\system32\taskhost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\SpyZooka\spyzooka.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Hewlett-Packard\HP Advisor\SSDK04.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-11-08 2:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 08:36

Pre-Run: 25,854,615,552 bytes free
Post-Run: 25,623,760,896 bytes free

- - End Of File - - 88C54811668A5EAA88B4E733110B82A9

hi

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  
  :Services
  
  :Reg
  
  :Files
  C:\cleanup.bat
  C:\zip.exe
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  
  
• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

OTM txt file
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\cleanup.bat scheduled to be moved on reboot.
File move failed. C:\zip.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DPurdy2
->Temp folder emptied: 3478 bytes
File delete failed. C:\Users\DPurdy2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 8245338 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24572052 bytes
->Google Chrome cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: purdyd
->Temp folder emptied: 0 bytes

C:\32788R22FWJFW.1.tmp\N_ folder deleted successfully.
C:\32788R22FWJFW.1.tmp\License folder deleted successfully.
C:\32788R22FWJFW.1.tmp\EN-US folder deleted successfully.
C:\32788R22FWJFW.1.tmp folder deleted successfully.
%systemdrive% .tmp files removed: 1851749 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
Windows Temp folder emptied: 3135 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 33.07 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11082009_101446

MBAM log
Malwarebytes' Anti-Malware 1.41
Database version: 3123
Windows 6.1.7600

11/8/2009 11:35:57 AM
mbam-log-2009-11-08 (11-35-56).txt

Scan type: Quick Scan
Objects scanned: 102340
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\logevent.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.

Kapersky log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 8, 2009
Operating system: Microsoft Home Edition (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 08, 2009 15:36:11
Records in database: 3177034
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 184357
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 03:15:16


File name / Threat / Threats count
C:\Users\DPurdy2\Documents\Psi\UnderGroundHypnosis\magicexposed.exe Infected: Trojan-PSW.Win32.Agent.klk 1
C:\Users\purdyd\My Documents\WorkatHome\ppccommando.exe Infected: not-a-virus:Downloader.Win32.Agent.db 1

Selected area has been scanned.

hi

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  
  :Services
  
  :Reg
  
  :Files
  C:\Users\DPurdy2\Documents\Psi\UnderGroundHypnosis\magicexposed.exe
  C:\Users\purdyd\My Documents\WorkatHome\ppccommando.exe
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  
  
• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


update mbam run a quick scan post that log

OTM txt file
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\DPurdy2\Documents\Psi\UnderGroundHypnosis\magicexposed.exe moved successfully.
C:\Users\purdyd\My Documents\WorkatHome\ppccommando.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DPurdy2
->Temp folder emptied: 88708148 bytes
->Temporary Internet Files folder emptied: 4775623 bytes
->Java cache emptied: 128020 bytes
->FireFox cache emptied: 74589219 bytes
->Google Chrome cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: purdyd
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 533464 bytes
RecycleBin emptied: 2090818 bytes

Total Files Cleaned = 162.91 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11092009_165009

Files moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.41
Database version: 3137
Windows 6.1.7600

11/9/2009 5:07:13 PM
mbam-log-2009-11-09 (17-07-13).txt

Scan type: Quick Scan
Objects scanned: 102569
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

open otl click quick scan post that log

OTL logfile created on: 11/10/2009 1:14:23 PM - Run 3
OTL by OldTimer - Version 3.1.3.4 Folder = H:\
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.74% Memory free
4.00 Gb Paging File | 2.55 Gb Available in Paging File | 63.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 84.84 Gb Total Space | 23.37 Gb Free Space | 27.55% Space Free | Partition Type: NTFS
Drive D: | 93.16 Gb Total Space | 5.76 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
Drive E: | 7.27 Gb Total Space | 0.73 Gb Free Space | 10.01% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 1.05 Gb Total Space | 1.02 Gb Free Space | 96.94% Space Free | Partition Type: NTFS
Drive H: | 968.23 Mb Total Space | 783.06 Mb Free Space | 80.88% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: DPURDY2-PC
Current User Name: DPurdy2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/08 11:19:01 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/08 11:19:01 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/05 22:36:04 | 00,527,872 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2009/11/03 09:53:37 | 02,028,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/04 12:16:54 | 00,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/08/28 08:42:08 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 08:42:04 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/28 08:41:57 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/02 23:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/13 19:14:50 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/07/13 19:14:50 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/07/13 19:14:50 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/07/13 19:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 19:14:47 | 00,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/07/13 19:14:47 | 00,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/07/13 19:14:46 | 00,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/13 19:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:41 | 00,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/13 19:14:19 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/10 15:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009/02/09 23:53:51 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/04 01:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/12/02 11:02:40 | 05,668,864 | ---- | M] (Noteburner.com) -- C:\Program Files\NoteBurner\VTBurnerGUI.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/18 14:03:32 | 00,790,032 | ---- | M] (BluePenguin Software Inc.) -- C:\Program Files\SpyZooka\spyzooka.exe
PRC - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/03/28 01:06:00 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/03/28 01:05:00 | 01,045,800 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/03/25 19:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/12/19 18:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/12/19 18:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/12/19 18:27:50 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/12/05 15:30:40 | 00,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2007/10/14 20:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/07/16 11:04:44 | 01,616,424 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/07/16 11:04:40 | 00,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/05/16 08:43:04 | 00,677,432 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/03/20 16:23:40 | 01,773,568 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/03/09 11:50:02 | 04,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/01 14:18:36 | 00,472,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/01/10 17:12:08 | 00,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006/12/14 18:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/10/30 20:59:14 | 00,505,520 | ---- | M] (Symantec Corporation) -- C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
PRC - [2006/10/09 14:43:44 | 00,729,088 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/02/14 10:47:17 | 00,133,120 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2005/10/07 19:01:52 | 03,032,576 | ---- | M] () -- C:\Program Files\StorageSync\StrgSync.exe
PRC - [2005/05/07 19:07:42 | 00,406,016 | ---- | M] () -- C:\Program Files\SubliminalEzy\SubLiminalEzy.exe


========== Modules (SafeList) ==========

MOD - [2009/11/05 22:36:04 | 00,527,872 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2009/07/13 19:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 19:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/08/28 08:42:02 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 08:41:57 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/13 19:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV - [2009/07/13 19:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/07/13 19:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/13 19:14:19 | 00,557,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2009/07/13 19:14:19 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/10 15:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 15:14:05 | 00,128,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/06/10 15:14:02 | 00,878,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/04/22 17:46:06 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/04 01:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 19:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/12/19 18:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc)
SRV - [2007/12/19 18:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched)
SRV - [2007/12/05 15:30:40 | 00,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/03/05 08:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/02/17 08:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/02/12 10:36:58 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/12/14 18:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/25 15:31:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 11:19:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/08 11:19:03 | 00,000,000 | ---D | M]

[2009/11/05 00:05:18 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Mozilla\Extensions
[2009/11/05 00:05:18 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/09 17:04:41 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Mozilla\Firefox\Profiles\29pbjrkc.default\extensions
[2009/11/05 18:00:01 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Mozilla\Firefox\Profiles\29pbjrkc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/05 00:03:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/08 11:19:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/08 11:19:01 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/08 11:19:01 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/11/08 11:19:02 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/16 11:58:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/16 11:58:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 11:58:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 11:58:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/16 11:58:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 11:58:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/16 11:58:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe (Noteburner.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [WheelMouse] C:\Mouse Suite v1.2\wh_exec.exe ()
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe (BluePenguin Software Inc.)
O4 - HKCU..\Run: [SubliminalEzy] C:\Program Files\SubliminalEzy\SubLiminalEzy.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {D468BCE5-D18E-49A4-8EA7-34BD583659D5} - C:\Program Files\SpyZooka\spyguard.dll (BluePenguin Software Inc.)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/02/28 19:31:57 | 00,000,000 | ---D | M] - C:\AUTOTECH -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 00,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [1999/12/12 01:00:00 | 00,000,045 | ---- | M] () - H:\AUTOEXEC.BAT -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/10 00:14:56 | 00,000,000 | ---D | C] -- C:\Users\DPurdy2\Desktop\Antivirus software
[2009/11/08 10:14:46 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/11/08 02:48:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/08 02:48:37 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/08 02:24:57 | 00,000,000 | ---D | C] -- C:\Users\DPurdy2\AppData\Local\temp
[2009/11/08 02:18:02 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/08 02:18:02 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/08 02:18:02 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/08 02:18:02 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/08 02:16:35 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/05 01:27:22 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/05 01:26:36 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/05 00:03:24 | 00,000,000 | ---D | C] -- C:\Users\DPurdy2\AppData\Roaming\Mozilla
[2009/11/05 00:03:24 | 00,000,000 | ---D | C] -- C:\Users\DPurdy2\AppData\Local\Mozilla
[2009/11/05 00:03:06 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\Users\DPurdy2\Documents\*.tmp files -> C:\Users\DPurdy2\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/10 13:19:17 | 03,670,016 | -HS- | M] () -- C:\Users\DPurdy2\NTUSER.DAT
[2009/11/10 13:15:55 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/10 13:15:55 | 00,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/10 13:15:55 | 00,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/10 12:33:19 | 00,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/10 12:33:19 | 00,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/10 12:28:16 | 44,912,061 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/10 12:28:16 | 00,087,370 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/10 12:25:29 | 00,000,247 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/11/10 12:24:38 | 00,135,895 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/10 12:24:38 | 00,135,895 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/10 12:24:38 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/10 12:24:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/10 12:24:30 | 16,093,75744 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/10 01:48:00 | 01,652,099 | -H-- | M] () -- C:\Users\DPurdy2\AppData\Local\IconCache.db
[2009/11/08 02:28:58 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/08 02:28:46 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/08 02:11:23 | 00,135,168 | ---- | M] () -- C:\zip.exe
[2009/11/08 02:11:23 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2009/11/08 01:42:36 | 03,562,645 | R--- | M] () -- C:\Users\DPurdy2\Desktop\ComboFix.exe
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/05 21:14:49 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/05 00:03:10 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/11/04 15:06:05 | 00,195,584 | ---- | M] () -- C:\Users\DPurdy2\Documents\gurnee_to_kenosha_emission.est
[2009/11/04 14:59:26 | 00,195,584 | ---- | M] () -- C:\Users\DPurdy2\Documents\5424 N 40th St, Milwaukee, WI 53209 to 624 Wildwood Rd, West Bend, WI 53090.est
[2009/10/31 19:23:09 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDPurdy2.job
[4 C:\Users\DPurdy2\Documents\*.tmp files -> C:\Users\DPurdy2\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/08 02:56:48 | 01,652,099 | -H-- | C] () -- C:\Users\DPurdy2\AppData\Local\IconCache.db
[2009/11/08 02:18:02 | 00,267,264 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/08 02:18:02 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/08 02:18:02 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/08 02:18:02 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/08 02:18:02 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/08 02:11:23 | 00,135,168 | ---- | C] () -- C:\zip.exe
[2009/11/08 02:11:23 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2009/11/08 01:55:29 | 03,562,645 | R--- | C] () -- C:\Users\DPurdy2\Desktop\ComboFix.exe
[2009/11/05 21:14:49 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/05 00:03:10 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/11/04 15:00:04 | 00,195,584 | ---- | C] () -- C:\Users\DPurdy2\Documents\gurnee_to_kenosha_emission.est
[2009/11/02 01:28:31 | 00,195,584 | ---- | C] () -- C:\Users\DPurdy2\Documents\5424 N 40th St, Milwaukee, WI 53209 to 624 Wildwood Rd, West Bend, WI 53090.est
[2009/10/25 16:25:37 | 00,113,136 | ---- | C] () -- C:\Users\DPurdy2\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/25 16:24:21 | 00,135,895 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/25 16:24:21 | 00,135,895 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/11 13:37:30 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/13 22:52:31 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/13 22:52:31 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:52:31 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:52:31 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:41:57 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009/07/13 20:04:23 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2009/07/13 17:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:40:23 | 00,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/02/03 18:33:49 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/03 18:33:48 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/09/19 15:57:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/06/12 20:36:38 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/04/26 17:46:40 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/28 19:28:44 | 00,000,035 | ---- | C] () -- C:\Windows\atechloc.ini
[2008/02/28 19:28:38 | 00,000,083 | ---- | C] () -- C:\Windows\atech.ini
[2007/12/19 22:19:24 | 00,000,614 | ---- | C] () -- C:\Users\DPurdy2\AppData\Roaming\wklnhst.dat
[2007/12/05 22:43:59 | 00,135,895 | ---- | C] () -- C:\Users\DPurdy2\AppData\Roaming\nvModes.001
[2007/12/04 18:56:53 | 00,135,895 | ---- | C] () -- C:\Users\DPurdy2\AppData\Roaming\nvModes.dat
[2007/07/12 16:41:36 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/02/27 14:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 00:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 00:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006/03/09 15:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/04/25 18:38:20 | 00,006,885 | ---- | C] () -- C:\Windows\System32\drivers\whmice2k.sys
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/25 15:45:38 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Amazon
[2009/10/25 15:45:38 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Any DVD Converter Professional
[2009/10/25 15:45:38 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Any Video Converter
[2009/10/25 15:45:38 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Any Video Converter Professional
[2009/10/25 15:45:38 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Berlitz
[2009/10/25 15:45:39 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Day Trading Robot
[2009/10/25 15:46:06 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Memeo
[2009/10/25 15:46:19 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Notepad++
[2009/10/25 15:46:19 | 00,000,000 | RH-D | M] -- C:\Users\DPurdy2\AppData\Roaming\SecuROM
[2009/11/08 17:07:59 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Spyzooka
[2009/10/25 15:46:20 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Template
[2007/12/13 23:42:18 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\Tunebite
[2009/10/25 15:46:20 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\uTorrent
[2009/10/25 15:46:20 | 00,000,000 | ---D | M] -- C:\Users\DPurdy2\AppData\Roaming\WildTangent
[2009/11/10 12:24:38 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 22:53:46 | 00,011,394 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

hi

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  CODE
  :OTL
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  [2009/11/08 02:11:23 | 00,135,168 | ---- | M] () -- C:\zip.exe
  [2009/11/08 02:11:23 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  
  
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html


Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  
  
• TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  
  
• Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.