# Analyze HJT Logfile for server access failure causes



## SeaSalt (Oct 12, 2009)

Please analyze the below HJT logfile - I cannot access servers for updating AVG and Zonealarm; also, could not access server for registering MagicJack; also, in order to run HiJackThis program, I had to change the name because something was stopping it from launching! Thanks in advance for any and all help.
[logfile below]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:35 PM, on 10/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Boltons\Documents\Downloads - ALL\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.akamai.net
O15 - Trusted Zone: akamai.avg.com
O15 - Trusted Zone: update.avg.com
O15 - Trusted Zone: akamai.avg.cz
O15 - Trusted Zone: backup.avg.cz
O15 - Trusted Zone: download.avg.cz
O15 - Trusted Zone: files2.avg.cz
O15 - Trusted Zone: akamai.avg.com.edgesuite.net
O15 - Trusted Zone: akamai.avg.cz.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.com.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.cz.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.com
O15 - Trusted Zone: update.grisoft.com
O15 - Trusted Zone: akamai.grisoft.cz
O15 - Trusted Zone: backup.grisoft.cz
O15 - Trusted Zone: download.grisoft.cz
O15 - Trusted Zone: files2.grisoft.cz
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6866 bytes
[end of SeaSalt HJT logfile]


----------



## SeaSalt (Oct 12, 2009)

bump 
for "analyze HJT logfile for server access failure causes" post by seasalt 
Thank you SeaSalt


----------



## Cookiegal (Aug 27, 2003)

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## SeaSalt (Oct 12, 2009)

cookiegal,
Thank you for helping! I thought I'd fallen of a cliff and TSG wasn't there to catch me.
I will follow your instructions above but first need to know something.
When I reply to you, I see a Blue Reply button at the lower left of the message with curved arrow; I see a +Reply (orange color) at the lower right of the message; and, I'm using the "Quick Reply" box for this reply. Which should I use to keep in "proper" touch with you?
Thanks for replying,
Seasalt


----------



## Cookiegal (Aug 27, 2003)

Use the blue one on the left as it gives you more functions when replying such as uploading attachments, which may be necessary.


----------



## SeaSalt (Oct 12, 2009)

Thanks Cookiegal.

I'm writing down your instructions as I do not have a printer handy at the moment.
I'm still here.....

Seasalt


----------



## SeaSalt (Oct 12, 2009)

Cookiegal,

I'm off the path.
I downloaded something called Advanced Registry Optimizer" (trial version) and it did not allow for checking for updates nor did it have boxes to check. After the scan (631 problems found), it would only fix 20 of them since I didn't buy the full program.
What did I do wrong?


----------



## SeaSalt (Oct 12, 2009)

Cookiegal,

I have to leave my laptop for two hours. 
I WILL be back then. Hope to be in touch with you when I return.
If you have to go, please let me know.
Thanks again in advance,

SeaSalt


----------



## Cookiegal (Aug 27, 2003)

SeaSalt said:


> Cookiegal,
> 
> I'm off the path.
> I downloaded something called Advanced Registry Optimizer" (trial version) and it did not allow for checking for updates nor did it have boxes to check. After the scan (631 problems found), it would only fix 20 of them since I didn't buy the full program.
> What did I do wrong?


What you did wrong was downloading a registry cleaner. Stay away from those. They often cause more harm than good.


----------



## SeaSalt (Oct 12, 2009)

I'm back.
Sorry about my error in following your instructions.
I go back and try again.

Thanks ..... seasalt


----------



## SeaSalt (Oct 12, 2009)

cookiegal,

I did better this time.
However, after MBAM finished, the following message appeared:
"The Scan completed successfully. No malicious items were detected. Click Main Menu."
When I clicked Main Menu, I was taken back to the box where I selected "Perform Quick Scan".
What should I do?
SeaSalt


----------



## SeaSalt (Oct 12, 2009)

Cookiegal,

I forgot to mention that along the way, the following appeared:

Malwarebyte's Anti-Malware
An error occurred. Please report the following error code to MBAM Support Team.
Error Code 732(0,0)

What does this mean?

SeaSalt


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## SeaSalt (Oct 12, 2009)

Thanks CookieGal,

I found your reply and will be following up on it later this evening.
However, can you think of any reason we lost contact? I.e., you were not notified of my replies?
I still feel I'm not quite playing by the TSG Forum rules - I'm still not quite getting it right.
Let me know you received this message O.K., please.

Thanks in advance............SeaSalt


----------



## Cookiegal (Aug 27, 2003)

Sometimes there's a hiccup and we don't receive the e-mail notifications. Or it's possible I deleted it by mistake.


----------



## SeaSalt (Oct 12, 2009)

SeaSalt here!

CookieGal, I'm in the process of following your instructions regarding Combofix. However, you did not make it clear as to what you wanted done with "puppy.exe" after the renaming ceromony 

I made the assumption you wanted it launched and I did it. I got a very loud and alerting double beep telling me that the file was in no way affiliated with ComboFix and, basically to ask for my money back if I purchased the file.

You have been quite thorough so far as to letting me know what to expect at various steps along the way. After the "alarm" sounded, I decided to back off and send this email to you.

At the moment, I have disabled AVG8 and Zonealarm. I have spybot S&D on my computer but don't think it is running in the background. Therefore, I have done nothing to it. I have the renamed ComboFix on my desktop as puppy.exe.

I need your guidance to proceed.

Thanks again in advance................SeaSalt


----------



## Cookiegal (Aug 27, 2003)

The instructions in how to run the program were all in the link at Bleeping Computer.

Please disable your security programs again and run the puppy.exe and allow it to do its full run. Then post the resulting log.


----------



## SeaSalt (Oct 12, 2009)

Hi CookieGal,

I'm in a pickle again.
In following the directions for running puppy.exe, I get a WARNING box that states:
ComboFix has detected the following real time scanner(s) to be active:

Anti-Spyware: ZoneAlarm Anti Spyware
Anti-Spyware: AVG Anti Virus Free

Anti-virus and intrusion prevention programs are known to interfere with ComboFix's running.
This may lead to unpredictabel results or possible machine damage.
Please disable these scanners before clicking O.K.


CookieGal, I've actually uninstalled Zone Alarm and AVG Free from my computer.
I did this because every thing else I tried continued to give me the same WARNING whenever I tried to run puppy.exe.

I've rebooted my computer numerous times after various uninstalls and I've confirmed that these two programs are not on the Control Panel's uninstall programs list.

These WARNINGS are as far as I've gone in trying to run puppy.exe (combofix).

What do you recommend I do next?

Thanks for hanging in there with me.

SeaSalt


----------



## Cookiegal (Aug 27, 2003)

Download GMER from: http://gmer.net/index.php

Save it on your desktop and unzip it.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click *Copy*. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.


----------



## SeaSalt (Oct 12, 2009)

Hi CookieGal,

Thanks for your on-going help.
Below is the Gmer scan report.

Look forward to taking the next step towards becoming bug free.

SeaSalt

=================================

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-27 17:38:26
Windows 6.0.6000 
Running: zeztlu49.exe; Driver: C:\Users\Boltons\AppData\Local\Temp\uxdiyfow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device \Driver\BTHUSB \Device\0000006c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bdb9438  
Reg HKLM\SYSTEM\ControlSet028\Services\BTHPORT\Parameters\Keys\001a6bdb9438 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Below is the saved list generated when I clicked on the "Save List" button as per your instructions.
As a reminder, I still have not reinstalled my anti-virus program nor my firewall program.

Thank you for continuing to help.

SeaSalt

========================================================

Acrobat.com
Acrobat.com
Adobe Acrobat Reader 3.01
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9
Adobe Stock Photos 1.0
Adobe Type Manager 4.0
Conexant HD Audio
EA Link
Easy CD & DVD Creator 6
ESU for Microsoft Vista
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.3
HP QuickTouch 1.00 C1
HP Total Care Advisor
HP Update
HP User Guides 0060
HP Wireless Assistant
HPNetworkAssistant
Java(TM) SE Runtime Environment 6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox (3.0.1)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.0
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
QuickPlay SlingPlayer 0.3.0
RealPlayer
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio DVDMAX Player
Roxio MyDVD Basic v9
Roxio PhotoSuite 5 LITE
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Microsoft Office Word 2007 (KB969604)
Spybot - Search & Destroy
TDK Launcher
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
VC 9.0 Runtime
VC 9.0 Runtime
VueScan
Windows Media Player Firefox Plugin


----------



## Cookiegal (Aug 27, 2003)

Please run this AVG removal tool that will remove any remnants that may be in the registry:

http://www.avg.com/us-en/download-tools

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 16*.
Click the "*Download*" button to the right.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 16 License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. *Do NOT use the Sun Download Manager.*
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with *Java Runtime Environment, JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Then reboot and try running ComboFix (Puppy.exe) again please.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

I downloaded the AVG file remover and ran it. Then, I updated my Java as per your instructions. 
However, when I ran ComboFix, I go the below messages:
Note: At the end I described the additional action I took.
=============================
Warning!!
ComboFix has detected the following real time scanner(s) to be active:
AntiSpyware: ZoneAlarm Antispyware
AntiSpyware: AVG Antispyware Free
Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.
Please disable these scanners before clicking OK
NOTE: I clicked to box with the X in it.
===============================
A second dialog box appeared:
Warning!!
Antispyware: ZoneAlarm Anti-spyware
Antispyware: AvG Anti-Virus Free
The above real time scanner(s) are still active but ComboFix shall contine to run. Kindly note that this is at your own risk.
NOTE: Again, I clicked the box with the X in it; then, I hit ESC a few times to stop ComboFix from continuing to run.
================================
The NEXT dialog box appeared when I stopped ComboFix and was:
Version_09-10-22l01
Current date is ~. ComboFix has expired
Click "YES" to run in REDUCED FUNCTIONALITY mode. Click "NO" to exit. 
NOTE: At this point, I clicked NO
=======================================
CookieGal, I went back to the link and downloaded the AVG Remover executable file, ran it, & rebooted. For good measure, I did it a second time.
Nothing changed. I still got the ....scanner(s) ... active message and more of what I've typed above when I tried to run ComboFix.

What do you want me to do next?

Thanks.............SeaSalt......


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop and double-click on it to extract the files. It will create a folder named *OTS* on your desktop.

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Open the *OTS* folder and double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Here is the attached Notepad log file from the OTS scans.
I had some operator-error issues and renamed the text file (which explains the "x" at the beginning of the filename) in an attempt to remedy a problem that did not exist.
All should be O.K.
As always, looking for your next bit of guidance.....



Seasalt............


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

```
[Kill All Processes]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> QlbCtrl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> Sharkbyte hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Grooveshark\sharkbyte.exe
YN -> Windows Defender hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
[Files/Folders - Created Within 30 Days]
NY ->  1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp
NY ->  54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp
NY ->  1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------



## SeaSalt (Oct 12, 2009)

Hi CookieGal,

Thank you for your ongoing help.
As per your instructions, I am pasting the OTS notepad logfile below. After that, I will be pasting the latest HJT logfile.

NEW NEWS: Two days ago, I received the following message while I was on my computer, but was offline. I don't know if the below will be a factor in your help to me:
"Media Foundation Protected Pipeline EXE was closed. To help protect your computer, Data Execution Prevention has closed." [end of new news]
==========================
[begin paste OTS logfile]
All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sharkbyte hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 30 Days]
C:\Windows\System32\drivers\~GLH0013.TMP deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Users\Boltons\AppData\Local\Temp\469F5DBD.TMP deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\CFG1FA0.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\CFGDEAB.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\CFGF517.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\IEC341D.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\nsb1BCA.tmp folder deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\nsi34E9.tmp folder deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF210A.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF25CB.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF2F0B.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF3481.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF34E0.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF3A8A.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF3FF6.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF482F.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF4B74.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF4ED8.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF5F5D.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF624E.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF65E2.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF6AEF.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF7EDE.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF820F.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8481.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8974.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF89C4.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8A94.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8B18.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8B4D.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8B96.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8C02.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8C0F.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8C58.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8D0D.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8DCB.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF8E6E.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF9010.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF9044.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF9078.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DF9FAD.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFA39D.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFB7B7.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFD2DC.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFD2E1.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFDD91.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFE12C.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFE25A.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFE28F.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFE2D8.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFE321.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFED41.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFF17E.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFF2FE.tmp deleted successfully.
C:\Users\Boltons\AppData\Local\Temp\~DFF955.tmp deleted successfully.
[Empty Temp Folders]

User: All Users

User: Boltons
->Temp folder emptied: 10172358 bytes
->Temporary Internet Files folder emptied: 222696495 bytes
->Java cache emptied: 789626 bytes
->FireFox cache emptied: 80490761 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Working Account
->Temp folder emptied: 279371 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 9393 bytes
->FireFox cache emptied: 70501780 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1459713 bytes
RecycleBin emptied: 17862939 bytes

Total Files Cleaned = 385.60 mb

< End of fix log >
OTS by OldTimer - Version 3.1.2.1 fix logfile created on 11042009_221035

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[end OTS logfile]
========================================
[begin HJT logfile]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:08 PM, on 11/4/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Boltons\Documents\Computer Software Etc\Utilities\HijackTxhis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.akamai.net
O15 - Trusted Zone: akamai.avg.com
O15 - Trusted Zone: update.avg.com
O15 - Trusted Zone: akamai.avg.cz
O15 - Trusted Zone: backup.avg.cz
O15 - Trusted Zone: download.avg.cz
O15 - Trusted Zone: files2.avg.cz
O15 - Trusted Zone: akamai.avg.com.edgesuite.net
O15 - Trusted Zone: akamai.avg.cz.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.com.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.cz.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.com
O15 - Trusted Zone: update.grisoft.com
O15 - Trusted Zone: akamai.grisoft.cz
O15 - Trusted Zone: backup.grisoft.cz
O15 - Trusted Zone: download.grisoft.cz
O15 - Trusted Zone: files2.grisoft.cz
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5677 bytes
[end HJT logfile]
Thanks again CookieGal............SeaSalt


----------



## Cookiegal (Aug 27, 2003)

I think I see the problem with ComboFix, you renamed the file puppy.exe.exe so you gave it a double .exe extension.

Please rename it to just puppy with an exe extension (puppy.exe) and then see if you can get ComboFix to run a scan without those error messages.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

I renamed puppy.exe to puppy and ran it as per the original instructions.
I right-click on the desktop icon "puppy" and selected "run as administrator".
I still got the same warning message about AVG and Zonealarm. 
There appears to be no change from before.
If you wish, I can do a screen capture of my desktop with the warning message on it. Then, I can send it to you as an attachment if there is any value to you in having it.

What would you like me to do next?

Thanks again in advance for your time and attention on this,

SeaSalt


----------



## Cookiegal (Aug 27, 2003)

Please take the screenshot and post that here.


----------



## SeaSalt (Oct 12, 2009)

Hi CookieGal,
OOPS .... See below...............I hit a snag before sending this!!!
=====================================
I re-ran the steps for starting ComboFix and got the Warning messages which I captured and pasted into Wordpad.
At the first Warning screen, I clicked on the "X" (upper right hand boxed "X") and ComboFix appeared to continue running. The Second screen capture was made when that Warning box popped up. Again, I clicked on the "X" and ComboFix apparently continued running. It stopped after I pressed ESC a bunch of times. The last captured screen came up as a result of the "multiple ESC depressings". 
NOTE: I captured the each screen by pressing & holding the function key on my laptop and pressing the "prt sc" key once. I, then, pasted from the clipboard to Wordpad. If there is a better way to do this, please let me know. The 3 Wordpad captures are attached below.
Thanks for your on-going help and patience.........
COOKIEGAL- I could not upload so I'm doing everything over in MS Paint. I'm sending this email because I have to close the browser and I was not sure what would happen to this REPLY. 
ANOTHER REPLY SHOULD BE COMING VERY SOON AS SOON AS I FIGURE HOUT HOW TO UPLOAD THE CAPTURED THREE PAGES! Please stand by!!
SeaSalt


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

SeaSalt here again ..... last reply sent about 1/2 hour ago.

I'm trying again to attached four (4) MS Paint jpg files.
I captured the screens the same way (fn key + prtsc key). Then, pasted into PAINT screen and cropped down to size.
Here's hoping this work. I'm assuming I'll be able to attach more than one file!
Eureka - It worked, I successfully attached four (4) jpg files.

SeaSalt


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Based on the failure message about the second file I tried to send, I'm resending screenshot2 with this reply.

Thanks as usual..............SeaSalt


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

I made a minor change to the second screenshot and resaved it.
Here's hoping it goes thru this time.

Thanks,
SeaSalt


----------



## Cookiegal (Aug 27, 2003)

Run this ZoneAlarm removal tool (right click on it and select Run As Administrator:

http://download.zonealarm.com/bin/free/support/cpes_clean.exe

Then delete these folders if they still exist:

C:\PROGRAM FILES\*ZONE LABS*

C:\PROGRAM FILES\*AVG*

Reboot the computer and see if ComboFix (puppy) will now run.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

All is not well.
In following your instructions and utilizing the link(s), I was not able to "Run as Administrator" the ZoneAlarm removal tool software.
When I launched it, the following dialog box appeared:
title - "cpes_clean.exe - Unable to Locate Component"
This application has failed to start because VSUTIL.dll was not found. Re-installing the application may fix this problem. [end of dialog box]
However, Checkpoint Endpoint continued to run (a dialog box came up) and "something" appeared to be happening in the background. Eventually, the desktop came back up.
I looked for the two files you referenced in your reply and only found the AVG folder. I deleted it. I rebooted the computer because the "checkpoint..." dialog box said a restart was needed "...to complete the removal of Endpoint Security." From the desktop, I tried to run ComboFix/puppy. The same message box (ComboFix has detected the following real time scanners to be active:....) came up.
Soooooo, I figured I'd be proactive and decided to REINSTALL ZoneAlarm so I could properly run the clean-up / removal tool. NO LUCK. During the ZA reinstall attempt, the setup could not find the installer!
At this point, I began typing this REPLY to you.
Am I overlooking something in your instructions? I did capture screens when the dialog boxes popped up. They are saved in MS Paint as jpg/jpeg files. Did the cropped images in MS Paint prove to be helpful? Did they come through O.K.?
What next would you like me to do in order to help you help me?
Sorry for the long-winded reply. I'm just trying to be thorough in the information I get back to you.

Respectfully, SeaSalt


----------



## Cookiegal (Aug 27, 2003)

Please drag the puppy.exe from the desktop to the recycle bin.

Then please give me a summary of what problems remain.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

I dragged the "puppy.exe" file to the recycle bin.
However, I'm not sure of your next instruction:
"Then please give me a summary...."?
What would you like me to do?

Thanks,

Seasalt


----------



## Cookiegal (Aug 27, 2003)

I just wanted you to tell me what the problems are that you're still experiencing with your computer.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Thanks for reply. Regarding my last message, I was monitoring my email for your reply and finally checked TSG. I did not receive an email and that was why so much time went by before you heard from me. As you indicated in an earlier message, these things can happen with emails.

For your current request for information:
Originally, I could not access the server for updating my AVG anti-virus program nor the server for updating ZoneAlarm. Currently, these two programs are not installed so there is no way to know the status of that issue. And because of these programs not being loaded, I really try to keep my "online" time to a minimum until I get the O.K. from you that it is alright to reload these programs - or any other such programs you have had better success with.
I just tested my MagicJack phone thru my computer and it worked fine for the one call I made. Before that call, I could not use it (an original problem).
I ran HighJackThis under it's original name and it launched (before, I had to rename it to get it to launch). However, I got a message box that I captured and am attaching for your viewing (pasted into MS Paint). Please let me know how you interpret this message with respect to my computer problems.
Unless I missed something along the way, I don't recall that I was able to successfully run ComboFix without a problem. With the time and stumbles along the way, I may have lost a braincell or two. Did we finally get Puppy.exe to run?
I've noticed that my computer wants to redirect me whenever I run certain programs (e.g., login to my Yahoo email account). I do nothing and the login process eventually goes thru O.K. Firefox prompts me to allow the "redirection" whenever this happens and I always do nothing. Whatever the program is usually goes thru anyway (I can't think of another example at the moment - I'll let you know when my "dementia" clears up!).
Finally, my computer seems to have really slowed down at times when I try to access some links. Again, Yahoo seems to be a consistent victim - but, not always. I will get an error message about taking longer than usual OR not available. If I click the "Retry" button (if one is offered), the link usually goes thru quickly. If no retry button, clicking on REFRESH seems to get me thru quickly. Generally, there seems to be a consistent problem of taking a long time for a page/website to download.

Thanks again for your help,

SeaSalt


----------



## Cookiegal (Aug 27, 2003)

Download the *HostsXpert*.

Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
Run HostsXpert 4.3 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Then run a new scan with HijackThis and let me know if you get that same error again or not.


----------



## SeaSalt (Oct 12, 2009)

Hello again CookieGal,

Things did not go as well as hoped for.
In the steps outlined in your REPLY, I got as far as the Confirmation Box. When I clicked on the OK, I got an ERROR box & message.
I have Captured the screen and attached them (2 total) for your review.
The first screen capture is to show you what came up right after I ran the HostsXpert program. I did not have to "click on FILE HANDLING" because to box that came up was the FILE HANDLING box. And, "File Handling" was highlited in the column on the left. (see the first screen capture)
From this FILE HANDLING box, I clicked on "Restore MS Hosts File" and got the CONFIRM box. Clicking OK from that box brought up the ERROR box. See the second screen capture. Clicking the OK button ended all steps!

As always, I'm standing (actually, sitting) by for you next set of instructions / guidance.

With Continued Thanks,

SeaSalt


----------



## Cookiegal (Aug 27, 2003)

It's likely because you have a hosts file that's locked by SpyBot.

Let's try ComboFix again but this time let's uninstall it completely before geting the latest version.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.









Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

I have let you down again.....

When I opened the runbox, I was not able to find any ComboFix files for "ComboFix /u" nor "ComboFix /uninstall". The message read: Windows cannot find 'ComboFix". Make sure you typed the name correctly and then try again. OK
So, I went to the "ComboFix Guide & Instructions" link, downloaded the program ComboFix.exe, placed it on my desktop, and renamed it "Puppy" (assuming the ".exe" was understood), and launched it.
The message boxes that popped up were Identical to what I've gotten before. I.e., one warning me that this was not affiliated with ComboFix and get my money back if I'd paid for it. The second warning had detected ZoneAlarm and AVG ( the screen capture in MS Paint is attached). 
At this point, I started typing this reply.

I'm back to asking you for the next course of action I should take.

Thanks..............SeaSalt


----------



## Cookiegal (Aug 27, 2003)

Try running ComboFix in safe mode and see if you get those messages.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

The results were the same in Safe Mode. See attached two (2) screenshots pasted into MS Paint.

Questions: Are the MS Paint files providing you with any additional information or would my descriptions suffice? I don't want make any more work for our effort than necessary. 
Are the attachments even going through?

I await your next instructions.

SeaSalt


----------



## Cookiegal (Aug 27, 2003)

Yes, the screenshots are coming through and they are helpful.

There has to be still components of those programs in your system. Please post a new HijackThis log.


----------



## SeaSalt (Oct 12, 2009)

Hi CookieGal,

I ran HJT again and got a dialog box about ".... denied write access to the hosts files...." (see attached screen capture).

HJT continued to run and below is the logfile pasted in.

Thanks for your continued follow-up. Thanks for the feedback about the MS Paint screenshot attachments. 
Awaiting your next feedback/instructions.
SeaSalt
======================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:18 AM, on 11/20/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Boltons\Documents\Computer Software Etc\Utilities\HijackTxhis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.akamai.net
O15 - Trusted Zone: akamai.avg.com
O15 - Trusted Zone: update.avg.com
O15 - Trusted Zone: akamai.avg.cz
O15 - Trusted Zone: backup.avg.cz
O15 - Trusted Zone: download.avg.cz
O15 - Trusted Zone: files2.avg.cz
O15 - Trusted Zone: akamai.avg.com.edgesuite.net
O15 - Trusted Zone: akamai.avg.cz.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.com.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.cz.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.com
O15 - Trusted Zone: update.grisoft.com
O15 - Trusted Zone: akamai.grisoft.cz
O15 - Trusted Zone: backup.grisoft.cz
O15 - Trusted Zone: download.grisoft.cz
O15 - Trusted Zone: files2.grisoft.cz
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5777 bytes
=================================


----------



## Cookiegal (Aug 27, 2003)

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under Attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.


Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new Window should appear.
Make sure Scan all drives is selected and click on the Start button.
When it is complete a new Window will appear to indicate that the scan is finished.
The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

In checking back for your reply, I don't see my last reply to your 22Nov09 instructions which I posted/replied.
I do recall seeing my reply shortly after I posted it, though.
Did you receive it / see it or are you still waiting for me to carry out the 22 Nov 09 instructions. If that is the case, I'll gladly repeat the steps.
Please let me know.

Thanks again...........SeaSalt


----------



## Cookiegal (Aug 27, 2003)

No, it's not there. I'm still waiting for you to carry out the instructions in post no. 50.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Thanks for getting back. I'll go thru instructions requested in Post#50.
I'll be back in touch

seasalt


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

I came across the logfile generated when I performed the steps/instructions the first time.
So, I'm jumping ahead and just resending the log file again. It was generated on 24 Nov 2009.
I hope this is sufficient. If not, please let me know and I'll do what every is needed.

Thanks...SeaSalt
======================
[begin paste logfile ]
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 468
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 532
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 580
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 592
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 624
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 636
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 644
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 728
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 820
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 880
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 916
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1020
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1100
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1120
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1172
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1220
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1248
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1508
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1868
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1896
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 2036
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 408
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 12
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PID: 1324
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1780
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 508
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 1504
Hidden: No
Window Visible: No

Name: C:\Windows\System32\drivers\XAudio.exe
PID: 984
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PID: 2076
Hidden: No
Window Visible: No

Name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PID: 2156
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PID: 2404
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 2628
Hidden: No
Window Visible: No

Name: C:\Program Files\Apoint2K\Apoint.exe
PID: 2928
Hidden: No
Window Visible: No

Name: C:\Windows\System32\rundll32.exe
PID: 2984
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PID: 2992
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PID: 3044
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 3084
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 3100
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehtray.exe
PID: 3124
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 3180
Hidden: No
Window Visible: No

Name: C:\Program Files\Apoint2K\ApMsgFwd.exe
PID: 3304
Hidden: No
Window Visible: No

Name: C:\Program Files\Apoint2K\ApntEx.exe
PID: 3388
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PID: 3656
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 3948
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PID: 2240
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PID: 1984
Hidden: No
Window Visible: No

Name: C:\Users\Boltons\Desktop\SysProt\SysProt\SysProt.exe
PID: 1748
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Boltons\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 8EF5B000
Module End: 8EF66000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 82000000
Module End: 823A1000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 823A1000
Module End: 823D5000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 802C6000
Module End: 802CE000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 802BD000
Module End: 802C6000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 802B5000
Module End: 802BD000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8027A000
Module End: 802B5000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 8051F000
Module End: 80600000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 804A4000
Module End: 8051F000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 8026D000
Module End: 8027A000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 8022A000
Module End: 8026D000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 80221000
Module End: 8022A000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 80219000
Module End: 80221000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 8047F000
Module End: 804A4000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 8020A000
Module End: 80219000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 80207000
Module End: 8020A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 80475000
Module End: 8047F000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 80465000
Module End: 80475000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 80200000
Module End: 80207000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 80457000
Module End: 80465000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 8040D000
Module End: 80457000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 80405000
Module End: 8040D000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 807E2000
Module End: 80800000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 807B1000
Module End: 807E2000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 807A1000
Module End: 807B1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 80798000
Module End: 807A1000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 80694000
Module End: 80798000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 80630000
Module End: 80669000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 878F8000
Module End: 87A00000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 8788E000
Module End: 878F8000
Hidden: No

Module Name: C:\Windows\system32\drivers\wd.sys
Service Name: Wd
Module Base: 80628000
Module End: 80630000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 87858000
Module End: 8788E000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 80620000
Module End: 80628000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 80611000
Module End: 80620000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 80602000
Module End: 80611000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 87833000
Module End: 87858000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 87822000
Module End: 87833000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 87801000
Module End: 87822000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 87BF7000
Module End: 87C00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 87A37000
Module End: 87A40000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\amdk8.sys
Service Name: AmdK8
Module Base: 87A28000
Module End: 87A37000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cpqbttn.sys
Service Name: HBtnKey
Module Base: 88669000
Module End: 8866C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 8ABA8000
Module End: 8ABB8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 8AA85000
Module End: 8AA8C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 8AA26000
Module End: 8AA2F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 8AFE4000
Module End: 8AFE8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 8AA13000
Module End: 8AA26000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8AAED000
Module End: 8AAF8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Apfiltr.sys
Service Name: ApfiltrService
Module Base: 8AE44000
Module End: 8AE70000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8AE39000
Module End: 8AE44000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvsmu.sys
Service Name: nvsmu
Module Base: 8867B000
Module End: 8867E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 8AA00000
Module End: 8AA0A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8B5C3000
Module End: 8B600000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8AE2B000
Module End: 8AE39000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8AE13000
Module End: 8AE2B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\pwd_2k.SYS
Service Name: pwd_2k
Module Base: 8AFA3000
Module End: 8AFC0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8AE01000
Module End: 8AE13000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 8ABB8000
Module End: 8ABC8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 8B5B5000
Module End: 8B5C3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: 8B59D000
Module End: 8B5B5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: 8AE70000
Module End: 8AE7F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: 8B589000
Module End: 8B59D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: 8B538000
Module End: 8B589000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Service Name: NVENETFD
Module Base: 8B437000
Module End: 8B538000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcmwl6.sys
Service Name: BCM43XV
Module Base: 8B77A000
Module End: 8B800000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8B8C9000
Module End: 8C000000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8B6DD000
Module End: 8B77A000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8B42A000
Module End: 8B437000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8B6B2000
Module End: 8B6DD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 8B672000
Module End: 8B6B2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8B41F000
Module End: 8B42A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8B408000
Module End: 8B41F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8B667000
Module End: 8B672000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8B644000
Module End: 8B667000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8AE7F000
Module End: 8AE8E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8B631000
Module End: 8B644000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8AE8E000
Module End: 8AE9D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8AA5D000
Module End: 8AA5F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 8B89F000
Module End: 8B8C9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8B61A000
Module End: 8B624000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8B624000
Module End: 8B631000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 8B611000
Module End: 8B61A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8C2FC000
Module End: 8C330000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dvd_2K.SYS
Service Name: dvd_2K
Module Base: 8AF90000
Module End: 8AF96000
Hidden: No

Module Name: C:\Windows\system32\drivers\CHDRT32.sys
Service Name: CnxtHdAudService
Module Base: 8C2C9000
Module End: 8C2FC000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8C29C000
Module End: 8C2C9000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8C277000
Module End: 8C29C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Service Name: HSXHWAZL
Module Base: 8C23A000
Module End: 8C277000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: 8C46D000
Module End: 8C570000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: 8C74C000
Module End: 8C800000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8C330000
Module End: 8C33D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8ABE8000
Module End: 8ABF8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 8B808000
Module End: 8B81F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8AA63000
Module End: 8AA65000
Hidden: No

Module Name: C:\Windows\System32\Drivers\BTHUSB.sys
Service Name: BTHUSB
Module Base: 8C21E000
Module End: 8C22A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\bthport.sys
Service Name: BTHPORT
Module Base: 8C692000
Module End: 8C6CC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\usbvideo.sys
Service Name: usbvideo
Module Base: 8C40C000
Module End: 8C42D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rfcomm.sys
Service Name: RFCOMM
Module Base: 8C20D000
Module End: 8C21E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BthEnum.sys
Service Name: BthEnum
Module Base: 8C203000
Module End: 8C20D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8AAA8000
Module End: 8AAAF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ATMhelpr.SYS
Service Name: ATMhelpr
Module Base: 8B606000
Module End: 8B607000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bthpan.sys
Service Name: BthPan
Module Base: 8C678000
Module End: 8C692000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8C400000
Module End: 8C40C000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8C657000
Module End: 8C678000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 88794000
Module End: 8879C000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 88774000
Module End: 8877C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\cdudf_xp.SYS
Service Name: cdudf_xp
Module Base: 8E3C0000
Module End: 8E400000
Hidden: No

Module Name: C:\Windows\System32\Drivers\DVDVRRdr_xp.SYS
Service Name: DVDVRRdr_xp
Module Base: 8C601000
Module End: 8C625000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8E355000
Module End: 8E363000
Hidden: No

Module Name: C:\Windows\System32\Drivers\UdfReadr_xp.SYS
Service Name: UdfReadr_xp
Module Base: 8E320000
Module End: 8E355000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8C582000
Module End: 8C58B000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8E239000
Module End: 8E30E000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 8E220000
Module End: 8E239000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8E20B000
Module End: 8E220000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8E7CE000
Module End: 8E800000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8E7BA000
Module End: 8E7CE000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8E773000
Module End: 8E7BA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8E75D000
Module End: 8E773000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8E74F000
Module End: 8E75D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\eabfiltr.sys
Service Name: eabfiltr
Module Base: 8AA5F000
Module End: 8AA61000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8E73C000
Module End: 8E74F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8E701000
Module End: 8E73C000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8E201000
Module End: 8E20B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8E6AA000
Module End: 8E6C1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8C33D000
Module End: 8C34A000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8AA2F000
Module End: 8AA3A000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8C6D4000
Module End: 8C6DC000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8EEB0000
Module End: 8EEBA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8AE9D000
Module End: 8AEAC000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 984A5000
Module End: 984C0000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 9A972000
Module End: 9AA00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 8AB08000
Module End: 8AB18000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 9A947000
Module End: 9A972000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 8EF00000
Module End: 8EF0A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 9A934000
Module End: 9A947000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 9B09A000
Module End: 9B100000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 9B07F000
Module End: 9B09A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 9B066000
Module End: 9B07F000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 9B046000
Module End: 9B066000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 9B008000
Module End: 9B026000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 9D1C7000
Module End: 9D200000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 9A823000
Module End: 9A835000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 9D1A3000
Module End: 9D1C7000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 9D017000
Module End: 9D063000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: 9BDAC000
Module End: 9BDB0000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: 9BC22000
Module End: 9BD00000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 8EEEC000
Module End: 8EEF6000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 8EFEA000
Module End: 8EFF5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys
Service Name: XAudio
Module Base: 8C714000
Module End: 8C71C000
Hidden: No

Module Name: C:\Windows\system32\drivers\tdtcp.sys
Service Name: TDTCP
Module Base: 8EFF5000
Module End: 8F000000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\tssecsrv.sys
Service Name: tssecsrv
Module Base: 9B100000
Module End: 9B10C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\RDPWD.SYS
Service Name: RDPWD
Module Base: 9F352000
Module End: 9F380000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 996DF000
Module End: 996F5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\asyncmac.sys
Service Name: AsyncMac
Module Base: 8C5EE000
Module End: 8C5F7000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8AAA1000
Module End: 8AAA8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8E363000
Module End: 8E36E000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: BOLTONS-PC.HSD1.WA.COMCAST.NET.:58293
Remote Address: 192.168.0.1:RRAC
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: ESTABLISHED

Local Address: BOLTONS-PC.HSD1.WA.COMCAST.NET.:58292
Remote Address: 74.126.6.130:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: BOLTONS-PC.HSD1.WA.COMCAST.NET.:58291
Remote Address: 172.16.1.1:3128
Type: TCP
Process: C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
State: SYN_SENT

Local Address: BOLTONS-PC.HSD1.WA.COMCAST.NET.:ICSLAP
Remote Address: 192.168.0.1:1029
Type: TCP
Process: System
State: CLOSE_WAIT

Local Address: BOLTONS-PC.HSD1.WA.COMCAST.NET.:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BOLTONS-PC:49176
Remote Address: LOCALHOST:49175
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: BOLTONS-PC:49175
Remote Address: LOCALHOST:49176
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: BOLTONS-PC:49174
Remote Address: LOCALHOST:49173
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: BOLTONS-PC:49173
Remote Address: LOCALHOST:49174
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: BOLTONS-PC:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: BOLTONS-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BOLTONS-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BOLTONS-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: BOLTONS-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BOLTONS-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: BOLTONS-PC:MS-WBT-SERVER
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BOLTONS-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BOLTONS-PC.HSD1.WA.COMCAST.NET.:65143
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC.HSD1.WA.COMCAST.NET.:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC.HSD1.WA.COMCAST.NET.:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BOLTONS-PC.HSD1.WA.COMCAST.NET.:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BOLTONS-PC:65144
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC:56675
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC:53439
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC:65140
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BOLTONS-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************


----------



## Cookiegal (Aug 27, 2003)

Please update MalwareBytes and run a full scan and post that log.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Your instructions received, read, and understood. 
Implemented instructions and received an error message to report to Malwarebyte - error code 732(12029,0)
I did not report this to Malwarebytes. See attached screenshot.
Logfile generated is pasted below.

Thanks more............Seasalt
===========================
[Malwarebytes logfile below]
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6000
Internet Explorer 7.0.6000.16890

12/3/2009 7:50:49 PM
mbam-log-2009-12-03 (19-50-49).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 290330
Time elapsed: 56 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## Cookiegal (Aug 27, 2003)

I believe that error means there was no Internet connection but the program did update so it must have connected at some point.

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Below is the pasted startuplist log.
Thanks as usual.............seasalt
================================
StartupList report, 12/6/2009, 7:20:07 PM
StartupList version: 1.52.2
Started from : C:\Users\Boltons\Documents\Computer Software Etc\Utilities\HijackTxhis.EXE
Detected: Windows Vista (WinNT 6.00.1904)
Detected: Internet Explorer v7.00 (7.00.6000.16890)
* Using default options
==================================================

Running processes:

C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Boltons\Documents\Computer Software Etc\Utilities\HijackTxhis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Apoint = C:\Program Files\Apoint2K\Apoint.exe
NvSvc = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
MSConfig = "C:\Windows\system32\msconfig.exe" /auto
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ehTray.exe = C:\Windows\ehome\ehTray.exe
cdloader = "C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Windows\system32\wshbth.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------
End of report, 4,187 bytes
Report generated in 0.125 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Cookiegal (Aug 27, 2003)

That's not the full list. Are you sure you put a check mark in the two boxes?


----------



## SeaSalt (Oct 12, 2009)

CookieGal,
UPDATE: I HAVE TO SEND THIS FILE IN 'TWO' PARTS BECAUSE MAX ALLOWED CHARACTERS EXCEEDED.
THIS IS PART ONE.....
I retraced my steps and noticed that a new HJT program to download was twice as big as the one I had on my harddrive.
So, I purged to old and downloaded a new (same version #) copy of HJT.
I ran it and did a screen capture (attached) showing the two boxes checked and the pop-up box after clicking on the "startuplist" button.
Below is pasted the log file generated after following your instructions again.

Hope I got it right this time. Please let me know.

Thanks..............SeaSalt
===========================================
[Pasted log file below]
StartupList report, 12/7/2009, 6:55:28 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows Vista (WinNT 6.00.1904)
Detected: Internet Explorer v7.00 (7.00.6000.16890)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\Boltons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Apoint = C:\Program Files\Apoint2K\Apoint.exe
NvSvc = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
MSConfig = "C:\Windows\system32\msconfig.exe" /auto
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ehTray.exe = C:\Windows\ehome\ehTray.exe
cdloader = "C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\Windows\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{10880D85-AAD9-4558-ABDC-2AB1552D831F}] *
StubPath = "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\Windows\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry value not found*
.shb: *Registry value not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Java Plug-in 1.6.0_16]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

[Java Plug-in 1.6.0_16]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

[Java Plug-in 1.6.0_16]
InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_16.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

--------------------------------------------------
END OF PART ONE OF TWO PARTS


----------



## SeaSalt (Oct 12, 2009)

CookieGal,
SECOND UPDATE: APPARENTLY THIS SECOND HALF HAS EXCEEDED THE 30000 CHARACTER MAXIMUM. I'LL SEND THIS SECTION IN TWO REPLIES.
SORRY FOR ANY INCONVENIENCE I'M CAUSING...................SEASALT
Here is the second half of the reply to your last post.
I hope this is a workable task - dividing the logfile into two parts for replying.
Thanks.............SeaSalt
===========================================
[Part two of two parts total]
Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\System32\mswsock.dll
NameSpace #3: C:\Windows\System32\winrnr.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Windows\system32\wshbth.dll
Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll
Protocol #11: C:\Windows\system32\mswsock.dll
Protocol #12: C:\Windows\system32\mswsock.dll
Protocol #13: C:\Windows\system32\mswsock.dll
Protocol #14: C:\Windows\system32\mswsock.dll
Protocol #15: C:\Windows\system32\mswsock.dll
Protocol #16: C:\Windows\system32\mswsock.dll
Protocol #17: C:\Windows\system32\mswsock.dll
Protocol #18: C:\Windows\system32\mswsock.dll
Protocol #19: C:\Windows\system32\mswsock.dll
Protocol #20: C:\Windows\system32\mswsock.dll
Protocol #21: C:\Windows\system32\mswsock.dll
Protocol #22: C:\Windows\system32\mswsock.dll
Protocol #23: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\System32\mswsock.dll
NameSpace #3: C:\Windows\System32\winrnr.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Windows\system32\wshbth.dll
Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll
Protocol #11: C:\Windows\system32\mswsock.dll
Protocol #12: C:\Windows\system32\mswsock.dll
Protocol #13: C:\Windows\system32\mswsock.dll
Protocol #14: C:\Windows\system32\mswsock.dll
Protocol #15: C:\Windows\system32\mswsock.dll
Protocol #16: C:\Windows\system32\mswsock.dll
Protocol #17: C:\Windows\system32\mswsock.dll
Protocol #18: C:\Windows\system32\mswsock.dll
Protocol #19: C:\Windows\system32\mswsock.dll
Protocol #20: C:\Windows\system32\mswsock.dll
Protocol #21: C:\Windows\system32\mswsock.dll
Protocol #22: C:\Windows\system32\mswsock.dll
Protocol #23: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\drivers\acpi.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (disabled)
adpahci: \SystemRoot\system32\drivers\adpahci.sys (disabled)
adpu160m: \SystemRoot\system32\drivers\adpu160m.sys (disabled)
adpu320: \SystemRoot\system32\drivers\adpu320.sys (disabled)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Ancilliary Function Driver for Winsock: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
aic78xx: \SystemRoot\system32\drivers\djsvs.sys (disabled)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\drivers\amdagp.sys (manual start)
amdide: \SystemRoot\system32\drivers\amdide.sys (disabled)
AMD K7 Processor Driver: \SystemRoot\system32\drivers\amdk7.sys (disabled)
AMD K8 Processor Driver: system32\DRIVERS\amdk8.sys (manual start)
Alps Pointing-device Filter Driver: system32\DRIVERS\Apfiltr.sys (manual start)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\drivers\arc.sys (disabled)
arcsas: \SystemRoot\system32\drivers\arcsas.sys (disabled)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
IDE Channel: system32\drivers\atapi.sys (system)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Broadcom Extensible 802.11 Network Adapter Driver: system32\DRIVERS\bcmwl6.sys (manual start)
Broadcom 802.11 Network Adapter Driver: system32\DRIVERS\bcmwl6.sys (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
blbdrive: \SystemRoot\system32\drivers\blbdrive.sys (disabled)
Bowser: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\brfiltlo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\brfiltup.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\system32\drivers\brserid.sys (disabled)
Brother WDM Serial driver: \SystemRoot\system32\drivers\brserwdm.sys (disabled)
Brother MFC USB Fax Only Modem: \SystemRoot\system32\drivers\brusbmdm.sys (disabled)
Brother MFC USB Serial WDM Driver: \SystemRoot\system32\drivers\brusbser.sys (manual start)
Bluetooth Enumerator Service: system32\DRIVERS\BthEnum.sys (manual start)
Bluetooth Serial Communications Driver: \SystemRoot\system32\drivers\bthmodem.sys (disabled)
Bluetooth Device (Personal Area Network): system32\DRIVERS\bthpan.sys (manual start)
Bluetooth Port Driver: System32\Drivers\BTHport.sys (manual start)
Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (disabled)
Bluetooth Radio USB Driver: System32\Drivers\BTHUSB.sys (manual start)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (disabled)
CyberLink Background Capture Service (CBCS): "C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe" (autostart)
Common Log (CLFS): System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
CyberLink Task Scheduler (CTS): "C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe" (autostart)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (disabled)
Conexant UAA Function Driver for High Definition Audio Service: system32\drivers\CHDRT32.sys (manual start)
Com4Qlb: "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" (manual start)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Crcdisk Filter Driver: system32\drivers\crcdisk.sys (system)
Transmeta Crusoe Processor Driver: \SystemRoot\system32\drivers\crusoe.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
Dfs Client Driver: System32\Drivers\dfsc.sys (system)
@dfsrres.dll,-101: %SystemRoot%\system32\DFSR.exe (manual start)
@%SystemRoot%\system32\dhcpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Disk Driver: system32\drivers\disk.sys (system)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
Intel(R) PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Intel(R) PRO/1000 NDIS 6 Adapter Driver: system32\DRIVERS\E1G60I32.sys (manual start)
eabfiltr: system32\DRIVERS\eabfiltr.sys (system)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
ReadyBoost Caching Driver: System32\drivers\ecache.sys (system)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
Windows Media Center Service Launcher: %windir%\system32\svchost.exe -k LocalServiceNoNetwork (manual start)
elxstor: \SystemRoot\system32\drivers\elxstor.sys (disabled)
@%SystemRoot%\system32\emdmgmt.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (disabled)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
File Information FS MiniFilter: system32\drivers\fileinfo.sys (system)
FileTrace: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (disabled)
FltMgr: system32\drivers\fltmgr.sys (system)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
HBtnKey: system32\DRIVERS\cpqbttn.sys (manual start)
Microsoft UAA Function Driver for High Definition Audio Service: system32\drivers\CHDART.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\drivers\hidbth.sys (disabled)
Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (disabled)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HP Health Check Service: "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" (autostart)
HpCISSs: \SystemRoot\system32\drivers\hpcisss.sys (disabled)
hpqwmiex: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (autostart)
HSFHWAZL: system32\DRIVERS\VSTAZL3.SYS (manual start)
HSF_DPV: system32\DRIVERS\HSX_DPV.sys (manual start)
HSXHWAZL: system32\DRIVERS\HSXHWAZL.sys (manual start)
HTTP: system32\drivers\HTTP.sys (manual start)
i2omp: \SystemRoot\system32\drivers\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\igdkmd32.sys (manual start)
Intel RAID Controller Vista: \SystemRoot\system32\drivers\iastorv.sys (disabled)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
iirsp: \SystemRoot\system32\drivers\iirsp.sys (disabled)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
intelide: \SystemRoot\system32\drivers\intelide.sys (disabled)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (disabled)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IPMIDRV: \SystemRoot\system32\drivers\ipmidrv.sys (disabled)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IR Bus Enumerator: system32\drivers\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: \SystemRoot\system32\drivers\isapnp.sys (disabled)
iScsiPort Driver: system32\DRIVERS\msiscsi.sys (manual start)
ITEATAPI_Service_Install: \SystemRoot\system32\drivers\iteatapi.sys (disabled)
ITERAID_Service_Install: \SystemRoot\system32\drivers\iteraid.sys (disabled)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
KSecDD: System32\Drivers\ksecdd.sys (system)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (disabled)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (disabled)
LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (disabled)
LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (disabled)
UAC File Virtualization: \SystemRoot\system32\drivers\luafv.sys (autostart)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
megasas: \SystemRoot\system32\drivers\megasas.sys (disabled)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Modem: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
Mount Point Manager: System32\drivers\mountmgr.sys (system)
Microsoft Multi-Path Bus Driver: \SystemRoot\system32\drivers\mpio.sys (disabled)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
Windows Firewall: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (manual start)
Mraid35x: \SystemRoot\system32\drivers\mraid35x.sys (disabled)
WebDav Client Redirector Driver: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
SMB MiniRedirector Wrapper and Engine: system32\DRIVERS\mrxsmb.sys (manual start)
SMB 1.x MiniRedirector: system32\DRIVERS\mrxsmb10.sys (manual start)
SMB 2.0 MiniRedirector: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\drivers\msahci.sys (disabled)
Microsoft Multi-Path Device Specific Module: \SystemRoot\system32\drivers\msdsm.sys (disabled)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
ISA/EISA Class Driver: system32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Mup: System32\Drivers\mup.sys (system)
@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
NDIS System Driver: system32\drivers\ndis.sys (system)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NETBT: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %systemroot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\netprof.dll,-246: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (disabled)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
NMIndexingService: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (disabled)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
NSI proxy service: system32\drivers\nsiproxy.sys (system)
N-trig HID Tablet Driver: \SystemRoot\system32\drivers\ntrigdigi.sys (disabled)
NVIDIA nForce Networking Controller Driver: system32\DRIVERS\nvmfdx32.sys (manual start)
nvlddmkm: system32\DRIVERS\nvlddmkm.sys (manual start)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (disabled)
nvsmu: system32\DRIVERS\nvsmu.sys (manual start)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (disabled)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
RICOH OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
Parallel port driver: \SystemRoot\system32\drivers\parport.sys (manual start)
Partition Manager: System32\drivers\partmgr.sys (system)
Parvdm: \SystemRoot\system32\drivers\parvdm.sys (autostart)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
PCI Bus Driver: system32\drivers\pci.sys (system)
pciide: system32\drivers\pciide.sys (system)
pcmcia: \SystemRoot\system32\drivers\pcmcia.sys (disabled)
PEAUTH: system32\drivers\peauth.sys (autostart)


----------



## SeaSalt (Oct 12, 2009)

CookieGal,
As promised, here is the THIRD part of the two part reply to your post.
Again, I apologize for the SNAFU.
SeaSalt
===================================
[Third of the second two part.........]
PEAUTH: system32\drivers\peauth.sys (autostart)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\p2psvc.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\drivers\processr.sys (disabled)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
QLogic Fibre Channel Miniport Driver: \SystemRoot\system32\drivers\ql2300.sys (disabled)
QLogic iSCSI Miniport Driver: \SystemRoot\system32\drivers\ql40xx.sys (disabled)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Redirected Buffering Sub Sysytem: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: \SystemRoot\system32\drivers\rdpdr.sys (disabled)
RDP Encoder Mirror Driver: system32\drivers\rdpencdd.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
Bluetooth Device (RFCOMM Protocol TDI): system32\DRIVERS\rfcomm.sys (manual start)
rimmptsk: system32\DRIVERS\rimmptsk.sys (autostart)
rimsptsk: system32\DRIVERS\rimsptsk.sys (autostart)
Ricoh xD-Picture Card Driver: system32\DRIVERS\rixdptsk.sys (autostart)
RoxMediaDB9: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" (manual start)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (disabled)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: \SystemRoot\system32\drivers\sbp2port.sys (disabled)
SBSD Security Center Service: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (autostart)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
SCSI Scanner Driver: system32\DRIVERS\scsiscan.sys (manual start)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: \SystemRoot\system32\drivers\serenum.sys (manual start)
Serial Port Driver: \SystemRoot\system32\drivers\serial.sys (manual start)
Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (disabled)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SFF Storage Class Driver: system32\DRIVERS\sffdisk.sys (manual start)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: system32\DRIVERS\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\drivers\sfloppy.sys (disabled)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\drivers\sisagp.sys (manual start)
SiSRaid2: \SystemRoot\system32\drivers\sisraid2.sys (disabled)
SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (disabled)
@%SystemRoot%\system32\SLsvc.exe,-101: %SystemRoot%\system32\SLsvc.exe (autostart)
@%SystemRoot%\system32\SLUINotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (system)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
srv: System32\DRIVERS\srv.sys (manual start)
srv2: System32\DRIVERS\srv2.sys (manual start)
srvnet: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
stllssvr: "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
Symc8xx: \SystemRoot\system32\drivers\symc8xx.sys (disabled)
Sym_hi: \SystemRoot\system32\drivers\sym_hi.sys (disabled)
Sym_u3: \SystemRoot\system32\drivers\sym_u3.sys (disabled)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
SysProtDrv.sys: \??\C:\Users\Boltons\Desktop\SysProt\SysProt\SysProtDrv.sys (manual start)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\System32\shsvcs.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
Terminal Services Security Filter Driver: System32\DRIVERS\tssecsrv.sys (manual start)
Microsoft Tun Miniport Adapter Driver: system32\DRIVERS\tunmp.sys (manual start)
Microsoft IPv6 Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Conexant Setup API: system32\DRIVERS\UIUSYS.SYS (disabled)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
uliahci: \SystemRoot\system32\drivers\uliahci.sys (disabled)
UlSata: \SystemRoot\system32\drivers\ulsata.sys (disabled)
ulsata2: \SystemRoot\system32\drivers\ulsata2.sys (disabled)
UMBus Enumerator Driver: system32\DRIVERS\umbus.sys (manual start)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (disabled)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: \SystemRoot\system32\drivers\usbprint.sys (disabled)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (disabled)
USB Video Device (WDM): System32\Drivers\usbvideo.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\drivers\viaagp.sys (manual start)
VIA C7 Processor Driver: \SystemRoot\system32\drivers\viac7.sys (disabled)
viaide: \SystemRoot\system32\drivers\viaide.sys (disabled)
Volume Manager Driver: system32\drivers\volmgr.sys (system)
Dynamic Volume Manager: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (disabled)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (disabled)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Remote Access IPv6 ARP Driver: system32\DRIVERS\wanarp.sys (system)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Microsoft Watchdog Timer Driver: system32\drivers\wd.sys (system)
Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k wdisvc (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Error Reporting Service: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (manual start)
winachsf: system32\DRIVERS\HSX_CNXT.sys (manual start)
Windows Defender: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (manual start)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" (manual start)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (disabled)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Winsock IFS driver: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
Windows Update: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
XAudio: system32\DRIVERS\xaudio.sys (autostart)
XAudioService: %SystemRoot%\system32\DRIVERS\xaudio.exe (autostart)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 48,162 bytes
Report generated in 0.093 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

I just wanted to confirm that you received both halves of the reply to your post. 
Note that the second half was still too big and I had to divide it into two parts. 
So, you should get a total of THREE replies to your post. One is 1/2 of the logfile; the second is 1/4th of the logfile and the last reply is the final 1/4 of the log file.

As I checked back after my serial post replies, I only saw the first half reply.

Let me know if the remaining two quarters went astray. I'll re=reply with them.

Thanks.........SeaSalt


----------



## Cookiegal (Aug 27, 2003)

OK, I got dizzy looking at that list of services. 

I don't see anything there.

I hate to ask you again but I'd like a short summary of just what problems you are still having. Last time you gave me a run down of what problems existed and were fixed and I find it difficult to sift out what problems we're actually trying to fix at this point. So please, just a short description of each problem that you're having so we can address those issues.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

As I read your last post (#64), I realized I'd kind of lost site of what brought me to TSG.
I went back to my #1 post for help and remembered. 
I could not UPDATE either AVG or ZoneAlarm. Also, I had to alter the name of HJT to run it because something was blocking it. Also, I could not register MAGICJACK because the server access was denied. I've since registered MJ on my desktop and it now works on my laptop, too.
Well, I can run HJT with no problem because I just did it. However, I have purged AVG and ZoneAlarm from my laptop and, therefore, don't know if that problem still exists. I'd like to think that updating problems are now a thing of the past because of all that you've walked me through.
I have been concerned about the time I've spent online WITHOUT any anti-virus protection and no firewall.
If all looks good to you, I'd like to reload AVG and ZoneAlarm. However, I ask you what do you recommend for anti-virus protection and for a firewall.
I would like to hear your recommendations, thoughts, caveats.

I don't think I adequately answered your questions for an update of my problems or even a recap.

What do things look like from your side of the fence - based on the initial problems I started with, as described above?

I'm O.K. if you're O.K. with how far we've come.

Please let me know!

Yours humbly..............SeaSalt...OBTW.... Happy Holidays


----------



## Cookiegal (Aug 27, 2003)

Of the free anti-virus programs I would recommend Avast or Avira Antivir but the best are the paid ones such as Kaspersky (the suite which includes a firewall) and Eset Smart Security (also a suite).

Please go ahead and install the anti-virus program (hold off on Zone Alarm for now, and let me know if you can install and update the program.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Happy Holidays.
I reloaded AVG version 9.0 and tried to update it. There was a problem and did not go thru. I captured screen message and am attaching it so you can see the problem.
As for the initial problem with "High Jack This (HJT)"; i.e., not being able to launch because it was blocked. Well, there was a problem - INITIALLY!. It would not go thru. But there was a logfile generated. I closed all files and tried re-launching HJT. This time it ran thru all without any delays, flags, or warning dialog boxes. A logfile was generated. I will be including (pasting) the logfile within this email.
I did not reload ZONEALARM as per your preference.
What do you make of the logfile and/or the attached screen capture?
Looking forward to hearing from you.............Thanks in advance, again

SeaSalt
OBTW: I have had problems for several weeks where I cannot attached files (photos or text) to my Yahoo.com email; do you have any knowledge or information about this problem. Just thought I'd ask, in case you have came across this; I found this problem in a Yahoo Forum - dated back to 2005, but no solution posting found.

===================================
[pasted HJT logfile]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:11 AM, on 12/15/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.akamai.net
O15 - Trusted Zone: akamai.avg.com
O15 - Trusted Zone: update.avg.com
O15 - Trusted Zone: akamai.avg.cz
O15 - Trusted Zone: backup.avg.cz
O15 - Trusted Zone: download.avg.cz
O15 - Trusted Zone: files2.avg.cz
O15 - Trusted Zone: akamai.avg.com.edgesuite.net
O15 - Trusted Zone: akamai.avg.cz.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.com.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.cz.edgesuite.net
O15 - Trusted Zone: akamai.grisoft.com
O15 - Trusted Zone: update.grisoft.com
O15 - Trusted Zone: akamai.grisoft.cz
O15 - Trusted Zone: backup.grisoft.cz
O15 - Trusted Zone: download.grisoft.cz
O15 - Trusted Zone: files2.grisoft.cz
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6149 bytes
[end of pasted logfile]


----------



## Cookiegal (Aug 27, 2003)

*HostsXpert*.

Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
Run HostsXpert 4.3 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


----------



## SeaSalt (Oct 12, 2009)

Hi CookieGal,

I guess I need to monitor TSG more because of the busy holiday season. I never received an email about your post #68.
I ran your instructions without good results.
I had to avoid the previous "hostsxpert" program when I opened "4.3" into a new folder. I got around that and continued.
When I ran [as administrator] HostsXpert 4.3 from the folder I chose, it opened in "File Handling". I clicked on "Restore MS Hosts File". The CONFIRM box popped up and I clicked on OK.
And ERROR box popped up.
I captured the screen in MS Paint and am attaching it. I usually crop the left edge and top of my screen captures to make sure the desired area is in view. I did not do it this time because it appeared you'd have no difficulty reading the error pop-up box. If that is not the case, let me know, please.
I never got to the next step (Make Read Only).
In your instructions, the last step Note is something I'm unfamiliar with. I.e., I do not know if there is a "custom hosts file" in use.
As always, I await your next guidance.
Seasalt


----------



## Cookiegal (Aug 27, 2003)

It seems we are getting nowhere. Have you considered doing a reformat and starting over?


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

I'm kind of puzzled.
I don't have a feel for what has been accomplished in all the exchanges we've had.
I'm guessing there have been some real problems that have been addressed / solved. Has that "not" been the case? I'm the amateur in this operation. 
Also, have we made "any" improvements from the starting conditions I had. 
Because I'm not able to complete some of the instructions you've presented, I know a problem or two still exists. However, I've continued to use my laptop throughout our cleansing sessions and there are only a few operations that present problems (e.g., can't attach anything to any Yahoo.com email). Otherwise, things don't seem to be too unusual. Have you been able to narrow down the "area" within my laptop where the abnormality might reside? Also, I'm still operating without a firewall at the moment.
There has been times when I've felt that a "setting" or two within the software on my laptop was incorrect. However, I feel you would have sniffed that out by now if it was that easy to find.
What are your current thoughts about my situation? Do you have any gut feelings about it?

Your suggestion to reformat sounds pretty heavy. Does that mean I'll loose everything I don't back up, including some of the programs? I'm not quite sure what all is involved in reformatting! Is there another level of help/support you can consult with for whatever my issues are? I'm just scratching around for suggestions!


Seasalt (is there anymore I can do on my end to help you help me?)


----------



## Cookiegal (Aug 27, 2003)

That's what I mean. We haven't accomplished anything. I suspect a rootkit may be involved but can't tell for sure at this point. Since we are having so much difficulty, a reformat might be the best way to go. But yes, it will mean that you will lose anything that's not backed up and you will have to reinstall all updates and programs. We can try a few more things and see if anything turns up.

Download to Desktop: DDS by sUBs from one of these locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click DDS.scr to run.

When complete, DDS.txt will open.

Click Yes for Optional Scan.
Save both reports to your desktop.
DDS.txt
Attach.txt

Please post the DDS.txt report in the reply itself and upload the Attach.txt log as an attachment please.


----------



## SeaSalt (Oct 12, 2009)

Cookiegal,

In running the instructions you gave, I did not see the opportunity to "Click Yes For Optional Scan. Do you know if that is O.K. Also, to be sure, I ran the DDS program twice. The Attached file was larger the second time around. So I've included it for your analysis.
Below please find the DDS text file and the attach text file is attached.
Happy Holidays...............seasalt
=================================================
[Start Paste of dds]

DDS (Ver_09-09-29.01) - NTFSx86 
Run by Boltons at 16:17:26.20 on Tue 12/22/2009
Internet Explorer: 7.0.6000.16890 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.1982.1003 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Boltons\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyServer = 172.16.1.1:3128
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [cdloader] "c:\users\boltons\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: akamai.net
Trusted Zone: avg.com\akamai
Trusted Zone: avg.com\update
Trusted Zone: avg.cz\akamai
Trusted Zone: avg.cz\backup
Trusted Zone: avg.cz\download
Trusted Zone: avg.cz\files2
Trusted Zone: edgesuite.net\akamai.avg.com
Trusted Zone: edgesuite.net\akamai.avg.cz
Trusted Zone: edgesuite.net\akamai.grisoft.com
Trusted Zone: edgesuite.net\akamai.grisoft.cz
Trusted Zone: grisoft.com\akamai
Trusted Zone: grisoft.com\update
Trusted Zone: grisoft.cz\akamai
Trusted Zone: grisoft.cz\backup
Trusted Zone: grisoft.cz\download
Trusted Zone: grisoft.cz\files2
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\boltons\appdata\roaming\mozilla\firefox\profiles\2omo30gc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.yahoo.com/
FF - prefs.js: network.proxy.ftp - 172.16.1.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 172.16.1.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 172.16.1.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 172.16.1.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 172.16.1.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2008-9-28 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-15 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-15 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-15 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-15 285392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-9-23 809296]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2006-11-2 14336]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\users\boltons\desktop\sysprot\sysprot\SysProtDrv.sys [2009-11-23 44288]

=============== Created Last 30 ================

2009-12-19 14:29 --d----- c:\program files\HostsXpert4.3
2009-12-19 14:26 --d----- c:\program files\New Folder
2009-12-15 08:50 --d-h--- C:\$AVG
2009-12-15 08:49 12,464 a------- c:\windows\system32\avgrsstx.dll
2009-12-15 08:49 360,584 a------- c:\windows\system32\drivers\avgtdix.sys
2009-12-15 08:49 333,192 a------- c:\windows\system32\drivers\avgldx86.sys
2009-12-15 08:49 --d----- c:\windows\system32\drivers\Avg
2009-12-15 08:49 --d----- c:\program files\AVG
2009-12-15 08:49 --d----- c:\programdata\avg9
2009-12-15 08:49 --d----- c:\progra~2\avg9
2009-12-07 18:43 --d----- c:\program files\Trend Micro
2009-11-27 22:22 --d----- c:\users\boltons\appdata\roaming\WildTangent

==================== Find3M ====================

2009-12-22 13:26 54,503 a------- c:\users\boltons\appdata\roaming\nvModes.dat
2009-12-03 16:14 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-11-13 22:47 260,608 a------- c:\windows\PEV.exe
2009-10-31 10:27 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-25 03:11 77,312 a------- c:\windows\MBR.exe
2009-10-24 21:44 86,016 a------- c:\windows\inf\infstrng.dat
2009-10-24 21:44 86,016 a------- c:\windows\inf\infstor.dat
2009-10-24 21:44 51,200 a------- c:\windows\inf\infpub.dat
2009-05-17 07:37 174 a--sh--- c:\program files\desktop.ini
2008-10-02 03:15 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-08 08:06 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-08-08 08:06 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-08-08 08:06 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-03-06 00:37 397,312 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe

============= FINISH: 16:18:12.47 ===============
[end of paste]

All the best for the holidays................SeaSalt


----------



## Cookiegal (Aug 27, 2003)

I'm getting a little confused. You are using AVG as your anti-virus, correct? Did you have Norton Internet Security before that? The DDS log doesn't show AVG installed but it does show NIS. 

Please go to Control Panel - Add/Remove programs and uninstall this very old version of Java:

*Java 2 Runtime Environment, SE v1.4.1_02*

Also, do you know your way around the registry at all?


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Happy Day After Christmas (Boxer Day),

Yes, I use AVG for anti-virus. I think the Norton product was part of the original "bloatware" that came when I purchased my laptop way back when. Several computers ago, I had a bad experience with Norton and have not used it since. I don't believe I tried the product, so I'm guessing the NIS is something that was pre-installed. 
And, YES, I am using AVG now and have been since you allowed me to re-install it (but not ZoneAlarm). I have the AVG icon in my system tray and a desktop shortcut, too. So, I would have expected something to show up in the DDS log. I do have it setup for MANUAL updates, though. See attached MS PAINT screen capture.

There is another problem. I tried to uninstall the old version of Java and discovered there was no "Add/Remove Progrms" in my list of Control Panel icons (Classic View - which is all I've ever used). I changed my "view" from icons to detail list and nothing found. I don't believe I've accidentally deleted it (I can't think of an occasion when I'd even be close to selecting the file/program/whatever and thinking about pressing the DELETE button. Since I'm the only one on this end, I feel something I did caused it, though! I've thought about using System Restore but am waiting until I consult with you.

*As for the registry, *I'm familiar with it and have seen it. However, everything I've read says only the experienced or Advanced users should venture into it for any editing. 
I can follow directions, though. However, because of my missing "add/remove programs" file, I wouldn't blame you for feeling my credibility is at a low point now.
In a nutshell, if your instructions were detailed enough, I'd have no problem following them. Or, I'd make the conservative decision to stop and go back to you for more guidance.

Your discoveries have given me hope (again) that we/you may be on to something.

Look forward to hearing back from you - as usual!!!

SeaSalt


----------



## Cookiegal (Aug 27, 2003)

I'm sorry about the confusion regarding NIS. I was reading another person's log by mistake. 

Go to *Start *- *Run *- type *CMD *and click *OK *to open a command prompt (black DOS type screen).

At the prompt type the following exactly as written (be sure to include the space):

*REGSVR32 APPWIZ.CPL*

Then reboot the machine and let me know if you can see Add/Remove programs now in the Control Panel.

Also, please do the following:

Download the Registry Search Tool By Bobbi Flekman from the following link to your desktop:

http://www.bleepingcomputer.com/files/regsearch.php

Unzip it and double click on the RegSearch.exe to run it. If your antivirus interferes you may have to disable script blocking in the antivirus. Copy and Paste the following in the search box and then click OK:

F245A209-1085-48B4-B927-35D56015EC60

Copy and paste the results here please.

Do the same thing again using this search input:

829BDA32-94B3-44F4-8446-F8FCFF809F8B

Copy and paste the results here as well please.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Ran your instructions and could not re-establish "Add/Remove program" to my Laptop.
Was able to download regsearch and launch it - TWICE!
The first time, I entered the string:
F245A209-1085-48B4-B927-35D56015EC60
The resultant Notepad is:
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 12/29/2009 12:38:58 AM for strings:
; 'f245a209-1085-48b4-b927-35d56015ec60'
; Strings excluded from search:
; (None)
; Search in: 
; Registry Keys Registry Values Registry Data 
; HKEY_LOCAL_MACHINE HKEY_USERS 


; End Of The Log...
==============================

The second time, I entered the string:
829BDA32-94B3-44F4-8446-F8FCFF809F8B
The resultant Notepad is:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 12/29/2009 1:37:41 AM for strings:
; '829bda32-94b3-44f4-8446-f8fcff809f8b'
; Strings excluded from search:
; (None)
; Search in: 
; Registry Keys Registry Values Registry Data 
; HKEY_LOCAL_MACHINE HKEY_USERS 


; End Of The Log...
===================================

So, the two notepad files are included and the one screen capture showing the message from the attempt to re-establish Add/Remove Programs.

Look forward to hearing from boy soon.


Moses went away again for more help .....

Hez


----------



## Cookiegal (Aug 27, 2003)

There is some white space in the list so I can't see if you have something called Programs and Features? That's what it's called in Vista.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

First of all, HAPPY NEW YEAR!!!! Ella and I hope all is well for you and yours!

In your response, I'm not clear to which you're referring when you say "white space in the list". I changed to the Category View for the Control Panel and captured the screen. There is no "programs and features" listing.
As usual, I've attached an MS Paint file with the screen capture pasted in it to show what the control panel categories are.
Were the results of the two "Registry Search Tool" searches properly listed in what I pasted in my last response/posting?
Looking forward to hearing from you in 2010 for guidances.

SeaSalt


----------



## Cookiegal (Aug 27, 2003)

That one is not the same as the previous one you posted. If you look at the earlier one, there is a white block of space in the list so you can't see what's underneath.

But in the second one, I see Programs - Uninstall a Program listed there.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Happy 2010!!!!

My unfamiliarity with the Vista version of Add/Remove Pgms is the problem I had.

I found the uninstall program for Vista's control panel and in the listing, I only saw a newer version of Java (Java(TM) 6 Update 16).
There was no Java2 Runtime Environment, SE v1.4.1_02 shown.
I've captured the "uninstall or change a program" screen in control panel and attached it as my usual MS Paint jpeg file.
Do you see anything I may have missed? I hope so.

Awaiting your next communique.

Seasalt


----------



## Cookiegal (Aug 27, 2003)

OK, let's try ComboFix again. Drag and drop the program to the recycle bin and download the latest version.

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

I've been wondering if I should run ComboFix with or without the rename of Puppy.

Please let me know if the renaming is no longer desired.

If that is the case, I'll run it as originally named (combofix).

I've already downloaded the latest (after deleting the first one we d/l'ed in October).

Thanks in advance..............SeaSalt ... waiting to hit the ground running......!


----------



## Cookiegal (Aug 27, 2003)

Let's try it without renaming this time.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

I printed out the instructions for ComboFix and, in running the program, ran into the same AVG and ZoneAlarm issues/warnings.

Should I go thru the removal process we used in the past for AVG? Also, I have not re-installed ZONEALARM so I don't know the issue in the warning for that. 

I did a screen capture for both warnings and have attached them.
I terminated the running of ComboFix after the second warning.

Where do I go from here?

Thanks for your patience for this ........

Seasalt


----------



## Cookiegal (Aug 27, 2003)

Download this ZoneAlarm removal tool and save it to your desktop.

http://download.zonealarm.com/bin/free/support/cpes_clean.exe

Boot to safe mode and run the tool as well as the AVG removal tool you already have.

Reboot back to windows normally and then try ComboFix again.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

THIS POST WAS TOO LONG (60171 CHARACTERS)! I WILL DIVIDE IT INTO TWO POSTS.

I was able to run the removal tool for ZoneAlarm without any apparent problems, but not AVG.
However, when I later ran ComboFix, the exact same message about detecting AVG AND ZONEALARM came up.
When I tried to run the removal tool (cpes_clean) for AVG, I got the following:
"This application has failed to start because VSUTIL.dll was not found. Re-installing the application may fix this problem." I CLICKED OK.

Next message popped up immediately:
"A restart is required to complete the removal of Endpoint Security." I clicked OK.
See the attached MS Paint file of screenshots.

Below I am attaching the logfile generated when I ran the (OTS) ZoneAlarm removal tool. All appeared to run O.K.

Where do I go next? Thank you for your sticking in there/here with me!

Seasalt

====================

```
OTS logfile created on: 11/1/2009 11:52:13 PM - Run 1
OTS by OldTimer - Version 3.1.2.1     Folder = C:\Users\Boltons\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 68.42% Memory free
4.00 Gb Paging File | 3.44 Gb Available in Paging File | 86.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.82 Gb Total Space | 95.80 Gb Free Space | 43.00% Space Free | Partition Type: NTFS
Drive D: | 10.07 Gb Total Space | 1.08 Gb Free Space | 10.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOLTONS-PC
Current User Name: Boltons
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:14 | 00,524,800 | ---- | M] (OldTimer Tools)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/10/31 13:27:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
explorer.exe -> C:\Windows\explorer.exe -> [2009/05/17 10:09:56 | 02,923,520 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\Windows\System32\wbem\WmiPrvSE.exe -> [2009/05/17 10:08:30 | 00,247,296 | ---- | M] (Microsoft Corporation)
sdwinsec.exe -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2008/07/07 11:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.)
apoint.exe -> C:\Program Files\Apoint2K\Apoint.exe -> [2007/07/08 12:11:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
clsched.exe -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -> [2007/05/18 21:23:00 | 00,106,593 | ---- | M] ()
clcapsvc.exe -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/05/18 21:22:58 | 00,266,339 | ---- | M] ()
hpqtoaster.exe -> C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe -> [2007/05/16 12:43:06 | 00,677,432 | R--- | M] ()
hphc_service.exe -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> [2007/05/16 09:49:12 | 00,061,440 | ---- | M] (Hewlett-Packard)
hpwamain.exe -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> [2007/05/11 15:21:10 | 00,472,632 | ---- | M] (Hewlett-Packard Development Company, L.P.)
apmsgfwd.exe -> C:\Program Files\Apoint2K\ApMsgFwd.exe -> [2007/01/28 23:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.)
wifimsg.exe -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe -> [2007/01/10 18:12:08 | 00,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.)
xaudio.exe -> C:\Windows\System32\drivers\XAudio.exe -> [2006/11/27 19:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
ehtray.exe -> C:\Windows\ehome\ehtray.exe -> [2006/11/02 07:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
ehmsas.exe -> C:\Windows\ehome\ehmsas.exe -> [2006/11/02 07:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation)
apntex.exe -> C:\Program Files\Apoint2K\ApntEx.exe -> [2006/09/07 19:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
hpqwmiex.exe -> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -> [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)

[Win32 Services - Safe List]
(stllssvr) [On_Demand | Stopped] ->  -> File not found
(NMIndexingService) [Disabled | Stopped] ->  -> File not found
(NetTcpPortSharing) [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2009/05/17 07:55:33 | 00,132,096 | ---- | M] (Microsoft Corporation)
(idsvc) [Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2009/05/17 07:55:23 | 00,881,664 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2009/05/17 07:55:09 | 00,046,104 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/05/17 03:15:11 | 00,069,632 | ---- | M] (Microsoft Corporation)
(odserv) [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 03:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(SBSDWSCService) [Auto | Running] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2008/07/07 11:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.)
(Adobe LM Service) [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2008/01/23 17:55:39 | 00,072,704 | ---- | M] (Adobe Systems)
(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2007/07/25 06:44:06 | 00,265,912 | ---- | M] (Microsoft Corporation)
(CLSched) [Auto | Running] -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -> [2007/05/18 21:23:00 | 00,106,593 | ---- | M] ()
(CLCapSvc) [Auto | Running] -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/05/18 21:22:58 | 00,266,339 | ---- | M] ()
(HP Health Check Service) [Auto | Running] -> c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2007/05/16 09:49:12 | 00,061,440 | ---- | M] (Hewlett-Packard)
(LightScribeService) [Disabled | Stopped] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2007/04/19 15:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company)
(RoxMediaDB9) [On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2007/02/12 11:36:58 | 00,880,640 | ---- | M] (Sonic Solutions)
(Com4Qlb) [On_Demand | Stopped] -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -> [2007/01/09 16:55:34 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(XAudioService) [Auto | Running] -> C:\Windows\System32\drivers\XAudio.exe -> [2006/11/27 19:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
(WMPNetworkSvc) [On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation)
(ehSched) [On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation)
(ehstart) [On_Demand | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
(ehRecvr) [On_Demand | Stopped] -> C:\Windows\ehome\ehrecvr.exe -> [2006/11/02 07:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation)
(ose) [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(hpqwmiex) [Auto | Running] -> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -> [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(IDriverT) [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)

[Driver Services - Safe List]
(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CHDRT32.sys -> [2008/03/03 13:32:00 | 00,188,416 | ---- | M] (Conexant Systems Inc.)
(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Apfiltr.sys -> [2007/07/07 00:58:56 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2007/06/19 16:21:00 | 07,563,744 | ---- | M] (NVIDIA Corporation)
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\CHDART.sys -> [2007/04/29 23:59:30 | 00,160,768 | ---- | M] (Conexant Systems Inc.)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rixdptsk.sys -> [2007/03/21 02:02:04 | 00,037,376 | ---- | M] (REDC)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvmfdx32.sys -> [2007/03/06 08:15:58 | 01,059,112 | ---- | M] (NVIDIA Corporation)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimmptsk.sys -> [2007/02/23 18:42:22 | 00,039,936 | ---- | M] (REDC)
(nvsmu) nvsmu [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvsmu.sys -> [2007/02/16 03:50:32 | 00,012,032 | ---- | M] (NVIDIA Corporation)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2007/02/02 05:00:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimsptsk.sys -> [2007/01/22 20:40:20 | 00,042,496 | ---- | M] (REDC)
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2007/01/03 10:43:12 | 00,534,016 | ---- | M] (Broadcom Corporation)
(BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2007/01/03 10:43:12 | 00,534,016 | ---- | M] (Broadcom Corporation)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_DPV.sys -> [2006/12/06 18:05:58 | 00,985,600 | ---- | M] (Conexant Systems, Inc.)
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSXHWAZL.sys -> [2006/12/06 18:04:36 | 00,207,360 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_CNXT.sys -> [2006/12/06 18:04:26 | 00,659,968 | ---- | M] (Conexant Systems, Inc.)
(eabfiltr) eabfiltr [Kernel | System | Running] -> C:\Windows\System32\drivers\eabfiltr.sys -> [2006/11/30 12:24:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\drivers\XAudio.sys -> [2006/11/27 19:44:52 | 00,008,192 | ---- | M] (Conexant Systems, Inc.)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.)
(scsiscan) SCSI Scanner Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\scsiscan.sys -> [2006/11/02 04:14:17 | 00,014,336 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\USBAUDIO.sys -> [2006/11/02 03:55:04 | 00,071,552 | ---- | M] (Microsoft Corporation)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTAZL3.SYS -> [2006/11/02 02:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\e100b325.sys -> [2006/11/02 02:30:54 | 00,163,328 | ---- | M] (Intel Corporation)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(ialm) ialm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2006/10/18 21:10:57 | 01,380,864 | ---- | M] (Intel Corporation)
(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CPQBttn.sys -> [2006/06/28 11:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\mdmxsdk.sys -> [2006/06/18 17:26:58 | 00,012,672 | ---- | M] (Conexant)
(cdudf_xp) cdudf_xp [File_System | System | Running] -> C:\Windows\System32\drivers\Cdudf_xp.sys -> [2003/12/01 16:46:22 | 00,259,200 | ---- | M] (Roxio)
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> C:\Windows\System32\drivers\UdfReadr_xp.sys -> [2003/12/01 16:46:22 | 00,213,120 | ---- | M] (Roxio)
(DVDVRRdr_xp) DVDVRRdr_xp [File_System | System | Running] -> C:\Windows\System32\drivers\DVDVRRdr_xp.sys -> [2003/12/01 16:46:22 | 00,146,560 | ---- | M] (Roxio)
(pwd_2k) pwd_2k [Kernel | System | Running] -> C:\Windows\System32\drivers\pwd_2K.sys -> [2003/12/01 16:46:22 | 00,118,409 | ---- | M] (Roxio)
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\Mmc_2k.sys -> [2003/12/01 16:46:22 | 00,022,745 | ---- | M] (Roxio)
(dvd_2K) dvd_2K [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Dvd_2k.sys -> [2003/12/01 16:46:22 | 00,021,993 | ---- | M] (Roxio)
(ATMhelpr) ATMhelpr [Kernel | System | Running] -> C:\Windows\System32\drivers\ATMHELPR.SYS -> [1997/06/17 06:00:00 | 00,004,064 | ---- | M] (Adobe Systems Incorporated)

[Modules - Safe List]
ots.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:14 | 00,524,800 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll -> [2006/11/02 04:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank -> 
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 1 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> <local> -> 
HKEY_CURRENT_USER\: "ProxyServer" -> 172.16.1.1:3128 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Boltons\AppData\Roaming\Mozilla\FireFox\Profiles\2omo30gc.default\prefs.js -> 
browser.search.defaultenginename -> "Google" ->
browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
browser.search.selectedEngine -> "Google" ->
browser.search.update -> false ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com/|http://www.yahoo.com/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 ->
extensions.enabledItems -> {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1 ->
network.proxy.backup.ftp -> "" ->
network.proxy.backup.ftp_port -> 0 ->
network.proxy.backup.gopher -> "" ->
network.proxy.backup.gopher_port -> 0 ->
network.proxy.backup.socks -> "" ->
network.proxy.backup.socks_port -> 0 ->
network.proxy.backup.ssl -> "" ->
network.proxy.backup.ssl_port -> 0 ->
network.proxy.ftp -> "172.16.1.1" ->
network.proxy.ftp_port -> 3128 ->
network.proxy.gopher -> "172.16.1.1" ->
network.proxy.gopher_port -> 3128 ->
network.proxy.http -> "172.16.1.1" ->
network.proxy.http_port -> 3128 ->
network.proxy.share_proxy_settings -> true ->
network.proxy.socks -> "172.16.1.1" ->
network.proxy.socks_port -> 3128 ->
network.proxy.ssl -> "172.16.1.1" ->
network.proxy.ssl_port -> 3128 ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/10/31 13:28:05 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Boltons\AppData\Roaming\Mozilla\Extensions -> [2008/09/05 13:34:33 | 00,000,000 | ---D | M]
  -> C:\Users\Boltons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/09/05 13:34:33 | 00,000,000 | ---D | M]
  -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\extensions -> [2009/10/31 17:31:17 | 00,000,000 | ---D | M]
  -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/16 03:28:49 | 00,000,000 | ---D | M]
  -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2008/01/08 02:10:23 | 00,000,000 | ---D | M]
  -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/07/30 22:36:06 | 00,000,000 | ---D | M]
  -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/04/16 15:24:00 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 aboutcom.xml -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\searchplugins\aboutcom.xml -> [2008/03/06 02:40:49 | 00,005,322 | ---- | M] ()
 wikipedia-english.xml -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\searchplugins\wikipedia-english.xml -> [2008/03/06 02:40:35 | 00,005,325 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2009/10/31 13:28:34 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2008/01/06 12:59:30 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -> [2009/10/31 13:28:34 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
< FireFox Components [Program Folders] > -> 
 browserdirprovider.dll -> C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll -> [2008/09/05 13:31:39 | 00,023,040 | ---- | M] (Mozilla Foundation)
 brwsrcmp.dll -> C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll -> [2008/09/05 13:31:39 | 00,134,144 | ---- | M] (Mozilla Foundation)
< HOSTS File > (288570 bytes and 9988 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
::1             localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.123topsearch.com
127.0.0.1    123topsearch.com
127.0.0.1    www.132.com
127.0.0.1    132.com
127.0.0.1    www.136136.net
127.0.0.1    136136.net
Continued in second post.....................SeaSalt
===========================
End of my pasted logfile
```


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

WELL, I DID IT AGAIN. THIS POST IS OVER THE 30000 CHARACTER LIMIT BY 1700 CHARACTERS. THERE WILL BE A THIRD PORTION TO THIS REPLY............SORRY FOR ANY INCONVENIENCE...........SEASALT

Here is the second portion of my REPLY post to you - Please let me know that you received both parts OK
Thanks .... SeaSalt
==========================
127.0.0.1 www.136136.net
127.0.0.1 136136.net
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/12 01:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2008/03/22 16:37:08 | 00,308,856 | ---- | M] (RealPlayer)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/31 13:27:43 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Apoint" -> C:\Program Files\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> [2007/07/08 12:11:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
"hpWirelessAssistant" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe] -> [2007/05/11 15:21:10 | 00,472,632 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"MSConfig" -> C:\Windows\System32\msconfig.exe ["C:\Windows\system32\msconfig.exe" /auto] -> [2006/11/02 04:45:25 | 00,222,208 | ---- | M] (Microsoft Corporation)
"NvSvc" -> C:\Windows\System32\nvsvc.DLL [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> [2007/06/19 16:21:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/10/31 13:27:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"WAWifiMessage" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe] -> [2007/01/10 18:12:08 | 00,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"Launcher" -> C:\Windows\SMINST\Launcher.exe [%WINDIR%\SMINST\launcher.exe] -> [2006/11/07 19:39:18 | 00,044,128 | ---- | M] (soft thinks)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"cdloader" -> C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe ["C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK] -> [2009/08/01 11:11:28 | 00,050,520 | ---- | M] (magicJack L.P.)
"ehTray.exe" -> C:\Windows\ehome\ehtray.exe [C:\Windows\ehome\ehTray.exe] -> [2006/11/02 07:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [1] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"LogonHoursAction" -> [2] -> File not found
\\"DontDisplayLogonHoursWarnings" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 09:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 09:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 06:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5195 domain(s) found. -> 
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8 domain(s) found. -> 
akamai.net .
[*] -> Trusted sites -> 
akamai_avg.com 
[*] -> Trusted sites -> 
update_avg.com 
[*] -> Trusted sites -> 
akamai_avg.cz 
[*] -> Trusted sites -> 
backup_avg.cz 
[*] -> Trusted sites -> 
download_avg.cz 
[*] -> Trusted sites -> 
files2_avg.cz 
[*] -> Trusted sites -> 
akamai.avg.com_edgesuite.net 
[*] -> Trusted sites -> 
akamai.avg.cz_edgesuite.net 
[*] -> Trusted sites -> 
akamai.grisoft.com_edgesuite.net 
[*] -> Trusted sites -> 
akamai.grisoft.cz_edgesuite.net 
[*] -> Trusted sites -> 
akamai_grisoft.com 
[*] -> Trusted sites -> 
update_grisoft.com 
[*] -> Trusted sites -> 
akamai_grisoft.cz 
[*] -> Trusted sites -> 
backup_grisoft.cz 
[*] -> Trusted sites -> 
download_grisoft.cz 
[*] -> Trusted sites -> 
files2_grisoft.cz 
[*] -> Trusted sites -> 
my_magicjack.com [https] -> Trusted sites -> 
reg_talk4free.com [https] -> Trusted sites -> 
7 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 207.255.176.40 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0904E5AE-DF43-48FE-B1F4-D314C3E56707}\\DhcpNameServer -> 207.255.176.40 (NVIDIA nForce Networking Controller) -> 
{6CAAE3ED-3487-4EEC-A8D7-EF25C4E7C65B}\\DhcpNameServer -> 180.18.4.10 207.255.176.40 207.255.176.37 (Broadcom 802.11b/g WLAN) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/05/17 10:09:56 | 02,923,520 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> [2006/08/30 13:35:12 | 00,952,088 | ---- | M] (EarthLink, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> -> 
C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/07/25 07:42:24 | 00,000,074 | ---- | M] ()
D:\AUTOMODE [@echo off | IF EXIST C:\ST_RP\MANUALMODE ECHO MANUAL BATCH MODE ALREADY SET ! | IF NOT EXIST C:\ST_RP\MANUALMODE ECHO SET TO MANUAL BATCH EXECUTION ! | IF NOT EXIST C:\ST_RP\MANUALMODE IF EXIST C:\ST_RP\AUTOMODE DEL C:\ST_RP\AUTOMODE /F > NUL | IF NOT EXIST C:\ST_RP\MANUALMODE COPY C:\ST_RP\SET_AUTO_MODE.CMD C:\ST_RP\MANUALMODE > NUL | ECHO. | ] -> D:\AUTOMODE [ NTFS ] -> [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{2256b85b-42f9-11dd-b71a-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\AutoRun\command
\{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\AutoRun\command\\"" -> F:\autorun.exe [F:\autorun.exe] -> File not found
\{2256b85b-42f9-11dd-b71a-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\phone\command
\{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\phone\command\\"" -> F:\autorun.exe [F:\autorun.exe] -> File not found
\{31519f74-54f9-11dd-a0e8-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell
\{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell\AutoRun\command
\{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell\AutoRun\command\\"" -> F:\LapNetWizard.exe [F:\LapNetWizard.exe] -> File not found
\{57ccf86e-816d-11de-93d9-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\AutoRun\command
\{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\AutoRun\command\\"" -> H:\autorun.exe [H:\autorun.exe] -> File not found
\{57ccf86e-816d-11de-93d9-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\phone\command
\{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\phone\command\\"" -> H:\autorun.exe [H:\autorun.exe] -> File not found
\{9bb74b1c-8458-11de-8309-0016d3afc911}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bb74b1c-8458-11de-8309-0016d3afc911}\shell
\{9bb74b1c-8458-11de-8309-0016d3afc911}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bb74b1c-8458-11de-8309-0016d3afc911}\shell\AutoRun\command
\{9bb74b1c-8458-11de-8309-0016d3afc911}\shell\AutoRun\command\\"" -> F:\LapNetWizard.exe [F:\LapNetWizard.exe] -> File not found
\{9dc58be7-9a66-11de-b84f-0016d3afc911}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\AutoRun\command
\{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\AutoRun\command\\"" -> G:\autorun.exe [G:\autorun.exe] -> File not found
\{9dc58be7-9a66-11de-b84f-0016d3afc911}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\phone\command
\{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\phone\command\\"" -> G:\autorun.exe [G:\autorun.exe] -> File not found
\{a09a3898-c6df-11de-a464-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a09a3898-c6df-11de-a464-001a6bdb9438}\shell
\{a09a3898-c6df-11de-a464-001a6bdb9438}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a09a3898-c6df-11de-a464-001a6bdb9438}\shell\AutoRun\command
\{a09a3898-c6df-11de-a464-001a6bdb9438}\shell\AutoRun\command\\"" -> H:\LaunchU3.exe [H:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found

[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 22:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MemTurbo.lnk -> C:\PROGRA~1\MEMTUR~1\MemTurbo.exe -> File not found
C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE -> [2008/10/25 10:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation)
C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TDK Launcher.lnk -> C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe -> [2003/07/24 13:36:28 | 00,241,664 | ---- | M] (TDK)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe -> [2008/06/12 05:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
AVG8_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\AVG\AVG8\avgtray.exe -> File not found
cdloader hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe -> [2009/08/01 11:11:28 | 00,050,520 | ---- | M] (magicJack L.P.)
HP Health Check Scheduler hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe -> [2007/05/16 09:20:12 | 00,071,176 | ---- | M] (Hewlett-Packard)
HP Software Update hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 23:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
OnScreenDisplay hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe -> [2007/06/12 21:14:22 | 00,554,552 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
QlbCtrl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
QPService hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\QuickPlay\QPService.exe -> [2007/05/18 21:22:36 | 00,181,744 | ---- | M] (CyberLink Corp.)
RoxAssistant hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe -> [2003/12/01 16:51:10 | 00,090,112 | ---- | M] (Roxio)
RoxioAudioCentral hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe -> [2003/07/15 14:38:26 | 00,319,488 | ---- | M] (Roxio, Inc.)
RoxioDragToDisc hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe -> [2003/12/01 16:46:22 | 00,868,352 | ---- | M] (Roxio)
RoxioEngineUtility hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe -> [2003/05/01 20:44:50 | 00,065,536 | ---- | M] (Roxio)
Sharkbyte hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Grooveshark\sharkbyte.exe -> File not found
TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2008/03/22 16:36:49 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
Windows Defender hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"services" -> 2 -> 
"startup" -> 2 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:13 | 00,524,800 | ---- | C] (OldTimer Tools)
avgremover.exe -> C:\Users\Boltons\Desktop\avgremover.exe -> [2009/10/31 14:11:16 | 00,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.)
deploytk.dll -> C:\Windows\System32\deploytk.dll -> [2009/10/31 13:28:04 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.)
javaws.exe -> C:\Windows\System32\javaws.exe -> [2009/10/31 13:28:04 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\Windows\System32\javaw.exe -> [2009/10/31 13:28:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\Windows\System32\java.exe -> [2009/10/31 13:28:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
C:\Program Files\Java -> C:\Program Files\Java -> [2009/10/31 13:27:31 | 00,000,000 | ---D | C]
jre-6u16-windows-i586.exe -> C:\Users\Boltons\Desktop\jre-6u16-windows-i586.exe -> [2009/10/31 13:12:02 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.)
MEBASch Diesel Course Photos22Oct09 -> C:\Users\Boltons\Desktop\MEBASch Diesel Course Photos22Oct09 -> [2009/10/25 11:51:16 | 00,000,000 | ---D | C]
MEBASch Diesel Lab Photos ONLY22Oct09 -> C:\Users\Boltons\Desktop\MEBASch Diesel Lab Photos ONLY22Oct09 -> [2009/10/25 11:50:53 | 00,000,000 | ---D | C]
ERDNT -> C:\Windows\ERDNT -> [2009/10/25 00:35:59 | 00,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2009/10/23 21:13:28 | 00,000,000 | ---D | C]
C:\Users\Boltons\AppData\Roaming\Malwarebytes -> C:\Users\Boltons\AppData\Roaming\Malwarebytes -> [2009/10/18 19:05:30 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/10/18 19:05:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/10/18 19:05:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/10/18 19:05:24 | 00,000,000 | ---D | C]
C:\ProgramData\Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/10/18 19:05:24 | 00,000,000 | ---D | C]
C:\Program Files\Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/10/18 19:05:24 | 00,000,000 | ---D | C]
Sun -> C:\Windows\Sun -> [2009/10/17 17:55:47 | 00,000,000 | ---D | C]
My YouTube -> C:\Users\Boltons\Documents\My YouTube -> [2009/10/15 19:34:57 | 00,000,000 | ---D | C]
C:\Users\Boltons\AppData\Local\YouTubeAssistant -> C:\Users\Boltons\AppData\Local\YouTubeAssistant -> [2009/10/15 19:34:56 | 00,000,000 | ---D | C]
C:\Program Files\Eurekr.com -> C:\Program Files\Eurekr.com -> [2009/10/15 19:30:19 | 00,000,000 | ---D | C]
Ares Tube -> C:\Ares Tube -> [2009/10/15 18:47:29 | 00,000,000 | ---D | C]
wucltux.dll -> C:\Windows\System32\wucltux.dll -> [2009/10/06 00:18:40 | 02,421,760 | ---- | C] (Microsoft Corporation)
wuaueng.dll -> C:\Windows\System32\wuaueng.dll -> [2009/10/06 00:18:40 | 01,929,952 | ---- | C] (Microsoft Corporation)
wuauclt.exe -> C:\Windows\System32\wuauclt.exe -> [2009/10/06 00:18:40 | 00,053,472 | ---- | C] (Microsoft Corporation)
wups2.dll -> C:\Windows\System32\wups2.dll -> [2009/10/06 00:18:40 | 00,044,768 | ---- | C] (Microsoft Corporation)
wuapi.dll -> C:\Windows\System32\wuapi.dll -> [2009/10/06 00:17:54 | 00,575,704 | ---- | C] (Microsoft Corporation)
wudriver.dll -> C:\Windows\System32\wudriver.dll -> [2009/10/06 00:17:54 | 00,087,552 | ---- | C] (Microsoft Corporation)
wups.dll -> C:\Windows\System32\wups.dll -> [2009/10/06 00:17:54 | 00,035,552 | ---- | C] (Microsoft Corporation)
wuwebv.dll -> C:\Windows\System32\wuwebv.dll -> [2009/10/06 00:17:44 | 00,171,608 | ---- | C] (Microsoft Corporation)
wuapp.exe -> C:\Windows\System32\wuapp.exe -> [2009/10/06 00:17:44 | 00,033,792 | ---- | C] (Microsoft Corporation)
1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> 
CONTINUED IN 3RD POST REPLY.............SEASALT


----------



## SeaSalt (Oct 12, 2009)

CookieGal,
Here is the THIRD portion of my post reply to you.
I'm really sorry I didn't divide the message into two parts. Poor guessing on my part.
==============================
00:17:44 | 00,033,792 | ---- | C] (Microsoft Corporation)
1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp ->

[Files/Folders - Modified Within 30 Days]
NTUSER.DAT -> C:\Users\Boltons\NTUSER.DAT -> [2009/11/01 23:50:41 | 06,029,312 | -HS- | M] ()
OTS.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:14 | 00,524,800 | ---- | M] (OldTimer Tools)
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/01 23:31:21 | 00,003,072 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/01 23:31:21 | 00,003,072 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Boltons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/11/01 16:17:26 | 00,146,944 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/11/01 15:36:24 | 00,621,552 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/11/01 15:36:24 | 00,104,868 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/11/01 15:36:23 | 00,720,952 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/11/01 15:31:28 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/11/01 15:30:24 | 00,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/11/01 15:30:19 | 20,792,48384 | -HS- | M] ()
IconCache.db -> C:\Users\Boltons\AppData\Local\IconCache.db -> [2009/11/01 11:55:50 | 04,409,821 | -H-- | M] ()
nvModes.dat -> C:\Users\Boltons\AppData\Roaming\nvModes.dat -> [2009/10/31 14:31:09 | 00,054,503 | ---- | M] ()
nvModes.001 -> C:\Users\Boltons\AppData\Roaming\nvModes.001 -> [2009/10/31 14:31:08 | 00,054,503 | ---- | M] ()
deploytk.dll -> C:\Windows\System32\deploytk.dll -> [2009/10/31 13:27:43 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
javaws.exe -> C:\Windows\System32\javaws.exe -> [2009/10/31 13:27:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
javaw.exe -> C:\Windows\System32\javaw.exe -> [2009/10/31 13:27:43 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
java.exe -> C:\Windows\System32\java.exe -> [2009/10/31 13:27:43 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
jre-6u16-windows-i586.exe -> C:\Users\Boltons\Desktop\jre-6u16-windows-i586.exe -> [2009/10/31 13:12:18 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.)
Java Updating Steps 31Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\Java Updating Steps 31Oct09 - Shortcut.lnk -> [2009/10/31 12:59:46 | 00,001,009 | ---- | M] ()
avgremover.exe -> C:\Users\Boltons\Desktop\avgremover.exe -> [2009/10/31 12:28:05 | 00,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.)
6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> [2009/10/28 20:19:23 | 00,000,923 | ---- | M] ()
zeztlu49.exe -> C:\Users\Boltons\Desktop\zeztlu49.exe -> [2009/10/27 16:16:18 | 00,291,328 | ---- | M] ()
system.ini -> C:\Windows\system.ini -> [2009/10/25 01:28:58 | 00,000,248 | ---- | M] ()
_test1a_Book1_14October09.xls -> C:\Users\Boltons\Documents\_test1a_Book1_14October09.xls -> [2009/10/24 14:14:59 | 00,041,472 | ---- | M] ()
puppy.exe.exe -> C:\Users\Boltons\Desktop\puppy.exe.exe -> [2009/10/23 19:56:40 | 03,351,787 | R--- | M] ()
Combofix.exe -> C:\Users\Boltons\Desktop\Combofix.exe -> [2009/10/23 19:56:40 | 03,351,787 | ---- | M] ()
Sample Book from MarineDiesels UK.lnk -> C:\Users\Boltons\Desktop\Sample Book from MarineDiesels UK.lnk -> [2009/10/21 22:48:51 | 00,000,754 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/18 19:05:28 | 00,000,818 | ---- | M] ()
_test1_Book1OLD.xls -> C:\Users\Boltons\Documents\_test1_Book1OLD.xls -> [2009/10/14 19:35:39 | 00,023,552 | ---- | M] ()
magicJack.lnk -> C:\Users\Boltons\Desktop\magicJack.lnk -> [2009/10/10 08:02:30 | 00,000,903 | ---- | M] ()
HijackThis.lnk -> C:\Users\Boltons\Desktop\HijackThis.lnk -> [2009/10/09 12:16:07 | 00,001,877 | ---- | M] ()
MEBA Related - Shortcut.lnk -> C:\Users\Boltons\Desktop\MEBA Related - Shortcut.lnk -> [2009/10/09 12:16:07 | 00,000,721 | ---- | M] ()
Worthy Inventory VER2003 pipes & fittings Aug09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\Worthy Inventory VER2003 pipes & fittings Aug09 - Shortcut.lnk -> [2009/10/09 12:16:06 | 00,002,250 | ---- | M] ()
_MOU Between Patriot Contract Services & MEBA dtd June 2007 19Dec08 - Shortcut.lnk -> C:\Users\Boltons\Desktop\_MOU Between Patriot Contract Services & MEBA dtd June 2007 19Dec08 - Shortcut.lnk -> [2009/10/09 12:16:05 | 00,001,287 | ---- | M] ()
54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp -> 
54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp -> 
54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp -> 
1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp ->

[Files - No Company Name]
Java Updating Steps 31Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\Java Updating Steps 31Oct09 - Shortcut.lnk -> [2009/10/31 12:59:46 | 00,001,009 | ---- | C] ()
6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> [2009/10/28 20:19:23 | 00,000,923 | ---- | C] ()
zeztlu49.exe -> C:\Users\Boltons\Desktop\zeztlu49.exe -> [2009/10/27 16:16:17 | 00,291,328 | ---- | C] ()
puppy.exe.exe -> C:\Users\Boltons\Desktop\puppy.exe.exe -> [2009/10/23 21:03:21 | 03,351,787 | R--- | C] ()
Combofix.exe -> C:\Users\Boltons\Desktop\Combofix.exe -> [2009/10/23 21:03:21 | 03,351,787 | ---- | C] ()
Sample Book from MarineDiesels UK.lnk -> C:\Users\Boltons\Desktop\Sample Book from MarineDiesels UK.lnk -> [2009/10/21 22:48:51 | 00,000,754 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/18 19:05:28 | 00,000,818 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 17:07:42 | 00,403,816 | ---- | C] ()
ACROREAD.INI -> C:\Windows\ACROREAD.INI -> [2008/09/28 03:18:00 | 00,000,153 | ---- | C] ()
MSVCRT10.DLL -> C:\Windows\System32\MSVCRT10.DLL -> [2008/09/28 03:16:18 | 00,210,944 | ---- | C] ()
px.ini -> C:\Windows\System32\px.ini -> [2007/02/27 15:43:02 | 00,000,000 | ---- | C] ()
CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2006/12/14 01:01:36 | 00,520,192 | ---- | C] ()
CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2006/12/14 01:01:36 | 00,204,800 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 07:35:32 | 00,005,632 | ---- | C] ()
igfxTMM.dll -> C:\Windows\System32\igfxTMM.dll -> [2006/11/02 05:25:21 | 00,061,440 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 05:23:31 | 00,000,248 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 05:23:31 | 00,000,219 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 02:40:29 | 00,013,750 | ---- | C] ()
rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2005/05/06 16:06:00 | 00,016,480 | ---- | C] ()

[HardLinks - Junction Points - Mount Points - Symbolic Links]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> HardLink
< End of report >
[/code]
===============
END OF ORIGINAL POST.............SEASALT


----------



## Cookiegal (Aug 27, 2003)

I don't know why you posted an old OTS log and there was no OTS Zone Alarm removal tool. The cpes_clean was the Zone Alarm removal tool, not the AVG one.

In any event, we really are getting nowhere. I think the best thing to do to get things in order at this point would be to back up all important data, music, photos etc. to an external drive and then wipe the drive and reload the operating system to start fresh.


----------



## SeaSalt (Oct 12, 2009)

CookieGal,

Thank you for all you've done towards helping me with my laptop difficulties.

I will consider this our last communication / post.

I will look into your suggestions.

Again, happy 2010 and goodbye.

Respectfully,.................SeaSalt


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

