# Adobe unexpected things...



## mmddevansville (May 30, 2011)

I am having a horrible time figuring out what to do about Adob e reader 7, at least now I know which version I have!!! Secunia says as per its scan that my version is old or some terminology I don't know what it means but it sounds bad...then I found on Acrobat website that 2011 is the bad version since it does something to the e-mail and not to open it. I just got my HP g42 this spring, its not even six months old and I am thinking of calling the people or that is store and ask them to replace it with a usable probram..has anyone else encountered this problem??? I have to take it on vacation to do my unemployment thing or I won't have income next week so I am very worried Please answer someone...thanks


----------



## Cookiegal (Aug 27, 2003)

> then I found on Acrobat website that 2011 is the bad version since it does something to the e-mail and not to open it.


Would you please elaborate on this comment? Do you have a link?

The current version is 10.0.1 which is referred to as "X" and all you have to do is uninstall the old version, reboot the computer and then install the latest one from the following link:

http://get.adobe.com/reader/


----------



## flavallee (May 12, 2002)

Here is the support and software site for the *HP G42-415DX* notebook.

According to its product specifications section, it came with Windows 7 Home Premium(64-bit) pre-installed.

There's no way that a 3-month old notebook is going to come with such an outdated version of *Adobe Reader* pre-installed. Are you sure you know what program you're talking about?

Go to Control Panel - Programs And Features. What's listed there that begins with *Adobe - - -* ?

---------------------------------------------------------------


----------



## mmddevansville (May 30, 2011)

I am replying to my thread on adobe...I am stupid on this and need to figure out what to do...there were no updates...sacunia said my program is old expiring and I have had freezes...please help...mmddlove


----------



## mmddevansville (May 30, 2011)

I am not sure I am getting back to the person who wrote about the Adobe problem I have so I am writing from windows 7...Secunia scan says the adobe I have is not current...I am pretty sure Sceunia is ok so I will be back in later today to check and see if I get any more replies...Thank you to anyone who knows what to do...I sure don't...mmddlove


----------



## Drabdr (Nov 26, 2007)

NOTE: This thread is a compilation of three threads. The original thread which was asking the question, and two threads started as responses to questions posed by other helpers in this thread.


----------



## flavallee (May 12, 2002)

mmddevansville:

You haven't replied back yet to my comments and questions in post #3.

----------------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

I believe you referred to Adobe 2011 which is malware and not the valid Adobe.

Please post your Secunia report.

Also, please do this:

Please go * here* to download *HijackThis*.

To the right of the green arrow under *HijackThis downloads* click on the *Executable *button and download the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
Click on the *Scan* button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
Click on the *Save log* button and save the log file to your desktop. Copy and paste the contents of the log in your post.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.*

And lastly, do this please:

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## mmddevansville (May 30, 2011)

I am new but trying hard to learn the system...I had a white screen which went away a few minutes ago..I am almost in a panic, I have only had this laptop since March- mid. and have took good care of it, now the Adobe air thing is dring me crazy...Have you ever heard of Securia PSI? Surely its not lying..I have a 92 rating but the adobe is causing the freezes I am sure of it...My old computer got a virus and I donated it and I just have to fix this one!! with everyones help that is...


----------



## mmddevansville (May 30, 2011)

Is that what I need to do, I checked its Adobe aIr and all that goes with that...I am afraid to add or remove it since won't the comp quit without an Adobe on it???Not questioning you, just stupid on this....


----------



## mmddevansville (May 30, 2011)

I am going to the Secunia right away to find the report download or whatever...I am at risk, that is what you mean, right...pplease write back this is really a new one for me...


----------



## DoubleHelix (Dec 10, 2004)

Adobe Air and Adobe Reader are two different applications. Having an older version of either would not cause your computer to lock up or cause any type of screen problem.


----------



## mmddevansville (May 30, 2011)

I tried over and over to cut and paste from Secunia but I can select with mouse and no select all option comes up...I am at a dead end now...


----------



## mmddevansville (May 30, 2011)

I didn't think so either or at least was entertaining that option, however I am trying to cut and paste the Secunia report as one suggested, yet it won't do anything but let me highlight with the mouse...looks like I have my work cut out for me today...thanks for trying to help...


----------



## mmddevansville (May 30, 2011)

I just got it sorry it took so long....Acrobat.com, Adobe AIR, Flash Player 10 Active X Adobe flash player 10 plugin, Adobe reader 9.4.4MUI, Adobe Shockwave Player 11.5....Thanks for helping!!


----------



## mmddevansville (May 30, 2011)

I won't do the hijack thing unless all of you think I need to for sure, since I am scared to take adobe off without having a new one to install...I think the comp won't work unless I have it..I am a dummie on this for sure you guys..


----------



## DoubleHelix (Dec 10, 2004)

Just type here the line item in Secunia that says some Adobe software needs to be updated.


----------



## mmddevansville (May 30, 2011)

I just uninstalled adobe air and will go back to the post to see what to do next..thank you so much!


----------



## mmddevansville (May 30, 2011)

OK I am going to the thing to find what to do with Adobe...I just got rid of the first one I had....


----------



## mmddevansville (May 30, 2011)

Here is what Secunia says...Shockwave 10x end of life Shockwave11x Acive x Insecure...NPAPI Insecure...Microsoft XML Core Insecure..this scares me too and hadn't noticed that one yet...the rest are patched and I just got it in March...strange


----------



## mmddevansville (May 30, 2011)

I just posted what you asked for in case you are still on line and looking for it..Gess this thing works with no Air to it since I am still here...thank goodness!!!!!!!!


----------



## mmddevansville (May 30, 2011)

For cookie gal....this is the comment II found on the version page of Adobe products which match my program, or the one I just deleted.. I am trying to get Secunia info for you guys and will contact them if I have to .....I am sure glad I found friends who know more than I do..I am not totally ignorant on my PC but guess we all have to have help sometimes and my husband is not computer literate so I am on my own....


----------



## mmddevansville (May 30, 2011)

I am now getting a message which I had gotten twice before that the internet is not working from IE and jeeeeezzzz I just am trying to put out two fires now..


----------



## DoubleHelix (Dec 10, 2004)

Adobe Air is a framework component that is required by some applications. If you have an application installed that needs it, you'll have to reinstall it. I'm not sure why you jumped to remove it. Secunia is just pointing out _potential_ security concerns and indicating components that might need updates. It's not telling you to uninstall anything.

You can download the latest version of Adobe Shockwave here. 
http://get.adobe.com/shockwave/


----------



## Cookiegal (Aug 27, 2003)

First of all, please take a deep breath, calm down and stop posting every two minutes. Don't go uninstalling things either.

For now, just please answer the questions we ask and also:

1) Post the HijackThis log I asked you for.

2) Post the HijackThis uninstall list (the complete list). You only posted a few of the entries on the list.


----------



## DoubleHelix (Dec 10, 2004)

You may be creating problems for yourself by trying to solve problems, if that makes sense. Why did you run Secunia in the first place? Have you downloaded and installed any other scanning, cleaning, or security software? Many people literally clean their computers to death, wasting time trying to "optimize" their systems by running utilities that claim to speed up systems or remove so many applications that some programs, or even the entire system, fail to run entirely.


----------



## mmddevansville (May 30, 2011)

I just did the trend thing, and minimised it and now cannot figure out what to tell you guys about it....jeepers...


----------



## mmddevansville (May 30, 2011)

OK I am sorry I get kind of hyper about this kind of thing..I didn't mean to disobey the rules.


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> I just did the trend thing, and minimised it and now cannot figure out what to tell you guys about it....jeepers...


Why did you minimize it? Maximize it again and copy and paste it here.


----------



## mmddevansville (May 30, 2011)

This is it, but I never got to misc tools or open uninstall mgr, or save list, it showed this and never took me to those I just mentioned....hope I am doing this correctly. Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:03 AM, on 6/1/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C33SHA57\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - Startup: Multiply AutoUploader.lnk = C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12453 bytes


----------



## mmddevansville (May 30, 2011)

I found it when I changed from explorer7 to 9 last week which maybe caused all of this problem, not sure but now I have to find another Adobe air and just find out why I get the message that the internet is going off, when I have it hooked up and its showing up on the bottom taskbar....and figure out why I get white screens occasionally and freezes when I least expect them. I am running all Kapersky scans every day reliously and I am sure its a good program....Thank you


----------



## Cookiegal (Aug 27, 2003)

There are a few minor things that need to be addressed there but first please post the uninstall list. I'll post the instructions again.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.

If you're not on the main menu, you may be on the screen from when the scan run then click on Config on the right side under "Other Stuff" and then click on Misc Tools and the rest of the instructions are the same.


----------



## mmddevansville (May 30, 2011)

R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components
Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention
* Version history *
[v2.0.4]
* Fixed parser issues on winlogon notify
* Fixed issues to handle certain environment variables
* Rename HJT generates complete scan log
[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%****browser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95. 
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think). 
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function. 
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving. 
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list. 
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions. 
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]

I could not get the info I sent from it the first time to show up, I never have been able to find notepad on this computer but its already on the forum so maybe we are ok...I am not sure but don't think this is the same thiong I sent the first time and its not where you wanted. I am really sorry...I have to sometime today find another Adobe Air since I took it off like I was supposed to and am scared to go overnight without it...I always heard adobe acrobat programs were a pain but never knew til now how big a pain....* Supports BHO's, some default URL changes
[v1.0]
* Original release
A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.


----------



## Cookiegal (Aug 27, 2003)

The log will open up in Notepad automatically.

What you posted is not correct.

Please follow the instructions carefully and step by step.


----------



## mmddevansville (May 30, 2011)

DEAR COOKIE GAL.....won't install another Acrobat AIR until you and the others say so. ...the reply would not work so I Had to do it this way...I sure hope this gives you what you need. I am working hard on this.....This is the second I did so I could paste thank you mmddevansville.....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:33 AM, on 6/1/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C33SHA57\HijackThis (1).exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJ9NPDPV\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMIWV54A\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - Startup: Multiply AutoUploader.lnk = C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12708 bytes


----------



## Cookiegal (Aug 27, 2003)

Cookiegal said:


> There are a few minor things that need to be addressed there but first please post the uninstall list. I'll post the instructions again.
> 
> Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.
> 
> If you're not on the main menu, you may be on the screen from when the scan run then click on Config on the right side under "Other Stuff" and then click on Misc Tools and the rest of the instructions are the same.


This is what I want you to do.


----------



## mmddevansville (May 30, 2011)

If the above isn't right, I am going straight to the trend copying down what you said to do and sending it...sorry I messed up on it..Be back with information as soon as I can get it and will not hurry...thank you so much....Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:16 AM, on 6/1/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3SCKKIDT\HijackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - Startup: Multiply AutoUploader.lnk = C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12402 bytes this is straight from my Notepad and I am going back and doing what you instructed in the post you just sent...thanks for hanging in there with me...


----------



## mmddevansville (May 30, 2011)

I FOUND TOOLS UNDER A DIFFERENT HEADING OF CLEAN-UP TOOLS WHICH MAY OR MAY NOT BE RIGHT...i FIND NOTHING WITH UNINSTALL MANAGER OR MISCELLANEOUS TOOLS, BUT i HAVE THE RESULTS... This wants me to install the trend product which you didn't say to do so I am totally still going on your advise....thanks mmddev....


----------



## mmddevansville (May 30, 2011)

COOKIEGAL i FOUND IT FINALLY...HARD TO BELEIVE i WORKED AS A TEACHER FOR LOTS OF YEARS..YOU ARE THE TEACHER HERE!!!!!!!!!!YIPPEE!!

Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4 MUI
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Catalyst Control Center - Branding
CinemaNow Media Manager
CyberLink DVD Suite
CyberLink DVD Suite
CyberLink MediaShow
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink PowerDVD 9
CyberLink YouCam
CyberLink YouCam
Definition update for Microsoft Office 2010 (KB982726)
Energy Star Digital Logo
ESU for Microsoft Windows 7
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HP Customer Experience Enhancements
HP Documentation
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
InstallIQ Updater
Java(TM) 6 Update 24
Junk Mail filter update
Kaspersky Anti-Virus 2011
Kaspersky Anti-Virus 2011
LabelPrint
LabelPrint
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MSVCRT
Multiply AutoUploader
Multiply AutoUploader
NetAssistant
PhotoNow!
PhotoNow!
Power2Go
Power2Go
PowerDirector
PowerDirector
QuickTime
Radio365 2.1
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Safari
Secunia CSI (4.1.0.2007)
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Microsoft Outlook Social Connector (KB2441641)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger

Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer


----------



## Cookiegal (Aug 27, 2003)

You are looking on the Trend Micro web site. I don't want you to download another program. The instructions I gave you are using the HijackThis program that you already downloaded. It's the same program that you used to produce the other log that you posted.


----------



## Cookiegal (Aug 27, 2003)

Yay! That's it. 

I already knew you had this version of Adobe Reader: Adobe Reader 9.4.4 MUI

But we'll come back to that later as we need to deal with the malware first.

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## mmddevansville (May 30, 2011)

i AM SO SORRY BUT i AM JUST A BIT CONFUSED DO i GO BACK TO THE TREND SITE OR TO A NEW ONE OF ADOBE OR SOMETHING...i MUST HAVE DONE SOMETHING WRONG AGAIN? i WENT TO TREND HIJACKER AND DID MISC TOOLS, UNINSTALL MGR. THEN TO SAVE LIST AND CLICKED THEM ALL...i NOW GO BACK TO TREND??? THANK YOU SO MUCH...


----------



## Cookiegal (Aug 27, 2003)

Please disregard post no. 40 as I hadn't seen your post yet so I didn't know that you were successfull. You did it correctly.

Now I have posted further instructions for you in post no. 41 so please just do that.


----------



## mmddevansville (May 30, 2011)

Cookie girl!!!! was I infected by a virus???? Is this why all that showed up about adobe with secuia?? It shut down my computer so it took a bit. I am wondering if there is a way to keep all this from happening again..I was so worried for about a week now. Thank you so much for being so patient...I don't take instruct too well do I??? thanks again...mmddevansville More people should know about tech guy and so many headaches could be avoided!!! 

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.


----------



## mmddevansville (May 30, 2011)

Maybe I better go back and check to see if it all got off of there, but I double checked to be sure all of it got deleted...Be back....I just checked and all of its off but the listed is only singularly highlighted so I can't paste the name of any of those bad boys on there.


----------



## Cookiegal (Aug 27, 2003)

There's nothing serious there and you did it correctly. 

Please download DDS by sUBs to your desktop from one of the following locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


----------



## mmddevansville (May 30, 2011)

i got the same one that we did a while back....malware...hope its right...thanks you r tops


----------



## mmddevansville (May 30, 2011)

I tried what you said and all it gave me was the prior malware help, is this what you wanted I tried all three until I found what looked like what you described....think I will go back to the post now that I had a bit to eat and check out them all again to see if I can find a text to save....thanks


----------



## mmddevansville (May 30, 2011)

The windows updater won't let me download the program....I will keep trying...


----------



## Cookiegal (Aug 27, 2003)

Use the second link as the first one doesn't seem to be working at the moment.


----------



## mmddevansville (May 30, 2011)

OK I just turned off the smart screen filter and am hoping to get it back on once I get this done...


----------



## mmddevansville (May 30, 2011)

I have the files now but honestly I do not know how to put a zip file on the desktop??


----------



## mmddevansville (May 30, 2011)

They are both saved to desk now but I am worried since I am getting messages from screen saying internet is shut off again. It does seem to affect the opening of pages but my lights on modem are on so I am still in business I just know all of this will be all right. thanks


----------



## Cookiegal (Aug 27, 2003)

There is no need to zip a file. Now that you have both of those files on the desktop, just doube-click on them to open them in Notepad and once they're open you can copy all of the text and then paste that into a reply. You can do two replies if you need to, one for each log.


----------



## mmddevansville (May 30, 2011)

.
DDS (Ver_2011-06-01.06) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by Owner at 13:46:51 on 2011-06-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1508 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtblfs.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [<NO NAME>] 
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MULTIP~1.LNK - C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0971C9A0-5EF9-4006-B583-0534F8AF2AF6} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8A77247A-8A94-42E9-8DD7-4FB12D1D9AE6} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8A77247A-8A94-42E9-8DD7-4FB12D1D9AE6}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: NetAssistantBHO Class: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
BHO-X64: NetAssistantBHO - No File
TB-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-11-2 365336]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-1 366640]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-25 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
.
=============== Created Last 30 ================
.
2011-06-01 17:13:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-06-01 17:13:26 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-01 17:13:26 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-01 17:13:23 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-01 17:13:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-31 16:55:04 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0FEE08E9-1A4B-451E-8391-3F923938668F}\mpengine.dll
2011-05-30 02:48:21 -------- d-----w- C:\Users\Owner\AppData\Roaming\com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1
2011-05-30 02:48:02 -------- d-----w- C:\Program Files (x86)\Multiply
2011-05-27 01:05:59 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2011-05-27 00:51:25 -------- d-----w- C:\Users\Owner\AppData\Local\WindowsUpdate
2011-05-27 00:49:19 -------- d-----w- C:\Users\Owner\AppData\Local\Secunia CSI
2011-05-27 00:48:00 -------- d-----w- C:\Users\Owner\AppData\Local\Secunia PSI
2011-05-27 00:41:40 -------- d-----w- C:\Program Files (x86)\Secunia
2011-05-26 23:06:13 -------- d-----w- C:\Users\Owner\AppData\Roaming\Windows Live Writer
2011-05-26 23:06:13 -------- d-----w- C:\Users\Owner\AppData\Local\Windows Live Writer
2011-05-25 16:54:25 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 12:19:12 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-23 19:20:09 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2011-05-23 19:19:28 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-05-23 19:19:28 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-05-23 19:19:28 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-05-23 19:18:35 -------- d-----w- C:\Program Files\iPod
2011-05-23 19:18:34 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-23 19:18:34 -------- d-----w- C:\Program Files\iTunes
2011-05-23 19:18:34 -------- d-----w- C:\Program Files (x86)\iTunes
2011-05-23 19:15:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-23 19:15:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-23 19:15:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-23 19:15:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-23 19:15:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-23 19:15:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-23 19:15:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-05-23 19:14:45 -------- d-----w- C:\Users\Owner\AppData\Local\Apple
2011-05-23 19:13:57 -------- d-----w- C:\Program Files\Bonjour
2011-05-23 19:13:57 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-05-23 15:16:29 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-23 15:16:29 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-18 12:51:45 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2011-05-18 12:51:44 -------- d-----w- C:\Program Files (x86)\W3i
2011-05-12 00:06:53 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-12 00:06:51 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-12 00:06:51 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-12 00:06:48 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-12 00:06:48 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-12 00:06:48 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-12 00:06:47 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-12 00:06:47 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 16:16:10 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
.
==================== Find3M ====================
.
2011-06-01 17:42:35 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-04-06 21:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 21:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 21:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 21:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 21:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 21:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 21:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 21:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-21 18:22:06 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-03-21 18:22:06 452200 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-03-21 18:22:06 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-03-20 21:13:14 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2011-03-20 20:57:30 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-03-20 20:57:30 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2011-03-20 20:57:29 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2011-03-20 20:57:27 2494056 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-03-20 20:57:26 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-03-20 20:57:26 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2011-03-20 20:57:24 569960 ----a-w- C:\Windows\System32\RtkApi64.dll
2011-03-20 20:57:23 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
2011-03-20 20:57:19 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-03-20 20:57:18 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
2011-03-20 20:57:16 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll_old0
2011-03-07 05:33:10 1230336 ----a-w- C:\Windows\SysWow64\urlmon.dll_old0
2011-03-05 21:25:45 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-05 21:25:45 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
.
============= FINISH: 13:47:58.47 ===============


----------



## mmddevansville (May 30, 2011)

Here is the other page, my computer stopped again so sorry it took a bit of time to get it to you,,,,,Thank you cookie.... UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-01.06)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2011 11:09:03 AM
System Uptime: 6/1/2011 12:47:23 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1444
Processor: AMD Athlon(tm) II P340 Dual-Core Processor | Socket S1G4 | 792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 281 GiB total, 233.725 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.446 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP65: 5/11/2011 1:41:12 PM - Windows Update
RP66: 5/11/2011 6:56:47 PM - Restore Operation
RP67: 5/11/2011 7:06:55 PM - Windows Update
RP68: 5/16/2011 11:31:50 AM - Windows Update
RP69: 5/17/2011 7:40:24 PM - Installed InstallIQ Updater
RP70: 5/18/2011 7:50:56 AM - Installed InstallIQ Updater
RP71: 5/20/2011 9:53:09 AM - Windows Update
RP72: 5/23/2011 10:05:25 AM - Windows Update
RP73: 5/23/2011 10:16:31 AM - Windows Update
RP74: 5/23/2011 2:15:35 PM - Installed iTunes
RP75: 5/25/2011 7:39:59 AM - Windows Update
RP76: 5/26/2011 10:07:16 AM - Installed Microsoft Fix it 50195
RP77: 5/26/2011 7:55:39 PM - Windows Update
RP78: 5/26/2011 9:39:21 PM - Windows Update
RP79: 5/30/2011 8:16:19 AM - Windows Update
RP80: 6/1/2011 12:42:26 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4 MUI
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CinemaNow Media Manager
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
Definition update for Microsoft Office 2010 (KB982726)
Driver Whiz
Energy Star Digital Logo
ESU for Microsoft Windows 7
Freeze.com NetAssistant
Google Toolbar for Internet Explorer
Google Update Helper
HP Customer Experience Enhancements
HP Documentation
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
InstallIQ Updater
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Kaspersky Anti-Virus 2011
LabelPrint
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MSVCRT
Multiply AutoUploader
NetAssistant
PhotoNow!
Power2Go
PowerDirector
QuickTime
Radio365 2.1
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Safari
Secunia CSI (4.1.0.2007)
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
6/1/2011 12:21:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service.
5/31/2011 9:47:22 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Owner-HP\Owner SID (S-1-5-21-117643980-48443553-1900770038-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/31/2011 9:47:22 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Owner-HP\Owner SID (S-1-5-21-117643980-48443553-1900770038-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/31/2011 6:04:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
5/25/2011 2:23:44 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user Owner-HP\Owner SID (S-1-5-21-117643980-48443553-1900770038-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## mmddevansville (May 30, 2011)

I am going to read and do what you tell me, Did I have acomputer virus? I am still worried about the adobe, I guess it did all that to my computer ???


----------



## Cookiegal (Aug 27, 2003)

I still don't really understand what you think happened with Adobe. You said something about version 7 when you're running version 9.4.4.

We've only found minor malware so far but ComboFix will dig deeper.

I wish you could post the Secunia report. Are you not able to copy and paste it?

It may be just detecting a left-over file from an older version of Adobe that's still on the system. Adobe is NOT malware but there is malware that tries to get you to think it's the real Adobe.


----------



## mmddevansville (May 30, 2011)

I thought I put in explorer 9 in place of 7 last week..thats where I should have clarified...secunia which I beleive is ok, not sure now, says that the adobe is expired I wish I could send it to you but I can't paste it...what a bummer.....then you would clearly see more than I what was going on...


----------



## mmddevansville (May 30, 2011)

2nd time writing replied to self 1st time...cdomp is going down slowly again just got msg on screen and am hurrying...


----------



## flavallee (May 12, 2002)

Cookiegal:

I just read this entire thread since I last replied in post #7. Considering how it's been going, I'm going to stay out of it and let you handle it. 

It's too bad we didn't get a quick reply to post #3 and had to wait so long to find out the confusion was between Internet Explorer and Adobe Reader. 

------------------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

It's alright flavallee. We're on the right track now and we'll get there.


----------



## mmddevansville (May 30, 2011)

Here is all of the stuff about my computer too, Cookie Now I know I am paying better att to details!!

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II P340 Dual-Core Processor, AMD64 Family 16 Model 6 Stepping 3
Processor Count: 2
RAM: 2810 Mb
Graphics Card: AMD M880G with ATI Mobility Radeon HD 4250 , 256 Mb
Hard Drives: C: Total - 287355 MB, Free - 238798 MB; D: Total - 17584 MB, Free - 2504 MB; 
Motherboard: Hewlett-Packard, 1444, 69.26, P X210 01 1Z ZU EQI
Antivirus: Kaspersky Anti-Virus, Updated and Enabled

Here it is I don't understand all of it but I just know you will....I changed all my settings on Kapersky that they did when they installed it at best buy to the highest scan levels until someone tell me different they are staying there.....diane

Date: Today (44) 
6/2/2011 7:16:58 AM Kaspersky Anti-Virus IM Anti-Virus Task started IM Anti-Virus 
6/2/2011 7:16:58 AM Kaspersky Anti-Virus File Anti-Virus Task started File Anti-Virus 
6/2/2011 7:16:58 AM Kaspersky Anti-Virus Mail Anti-Virus Task started Mail Anti-Virus 
6/2/2011 7:16:58 AM Kaspersky Anti-Virus Proactive Defense Task started Proactive Defense 
6/2/2011 7:16:58 AM Kaspersky Anti-Virus Web Anti-Virus Task started Web Anti-Virus 
6/2/2011 7:17:28 AM Kaspersky Anti-Virus Protection Center Your computer is protected 
6/2/2011 7:17:41 AM Kaspersky Anti-Virus Custom Scan Task started Full Scan 
6/2/2011 7:29:48 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 7:30:30 AM Host Process for Windows Services File Anti-Virus Processing error C:\$EXTEND\$ObjId:$O:$INDEX_ALLOCATION Read error 
6/2/2011 7:31:30 AM Kaspersky Anti-Virus Custom Scan Task started Vulnerability Scan 
6/2/2011 7:40:33 AM Microsoft Windows Search Indexer File Anti-Virus Processing error C:\$EXTEND\$Reparse:$R:$INDEX_ALLOCATION Read error 
6/2/2011 7:43:28 AM Kaspersky Anti-Virus Protection Center Detected: UDSangerousObject.Multi.Generic C:\$recycle.bin\s-1-5-21-117643980-48443553-1900770038-1000\$rx6a60q.scr KSN service 
6/2/2011 7:43:28 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 7:43:46 AM Kaspersky Anti-Virus Protection Center Detected: UDSangerousObject.Multi.Generic C:\$recycle.bin\s-1-5-21-117643980-48443553-1900770038-1000\$rx6a60q.scr KSN service 
6/2/2011 7:43:46 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 7:43:57 AM Kaspersky Anti-Virus Protection Center Detected: UDSangerousObject.Multi.Generic C:\$recycle.bin\s-1-5-21-117643980-48443553-1900770038-1000\$rx6a60q.scr KSN service 
6/2/2011 7:43:57 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 7:44:03 AM Kaspersky Anti-Virus Protection Center Detected: UDSangerousObject.Multi.Generic C:\$recycle.bin\s-1-5-21-117643980-48443553-1900770038-1000\$rx6a60q.scr KSN service 
6/2/2011 7:44:03 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 7:44:11 AM Kaspersky Anti-Virus Protection Center Detected: UDSangerousObject.Multi.Generic C:\$recycle.bin\s-1-5-21-117643980-48443553-1900770038-1000\$rx6a60q.scr KSN service 
6/2/2011 7:44:11 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 7:44:14 AM Kaspersky Anti-Virus Protection Center Untreated: UDSangerousObject.Multi.Generic C:\$recycle.bin\s-1-5-21-117643980-48443553-1900770038-1000\$rx6a60q.scr Skipped by user 
6/2/2011 7:44:20 AM Kaspersky Anti-Virus Protection Center Detected: UDSangerousObject.Multi.Generic C:\$recycle.bin\s-1-5-21-117643980-48443553-1900770038-1000\$rx6a60q.scr KSN service 
6/2/2011 7:44:20 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 7:45:01 AM Host Process for Windows Services Self-Defense Denied C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe 
6/2/2011 7:45:07 AM Windows Problem Reporting Self-Defense Denied C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe 
6/2/2011 7:46:49 AM Unknown Protection Center >>>To delete the file C:\Users\Owner\Local Settings\History\History.IE5\index.dat reboot is required 
6/2/2011 7:46:49 AM Unknown Protection Center >>>To delete the file C:\Users\Owner\Local Settings\Microsoft\Windows\History\History.IE5\index.dat reboot is required 
6/2/2011 7:46:49 AM Unknown Protection Center >>>To delete the file C:\Users\Owner\Local Settings\History\History.IE5\index.dat reboot is required 
6/2/2011 7:46:49 AM Unknown Protection Center >>>To delete the file C:\Users\Owner\Local Settings\Microsoft\Windows\History\History.IE5\index.dat reboot is required 
6/2/2011 7:46:49 AM Unknown Protection Center >>>To delete the file C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\index.dat reboot is required 
6/2/2011 7:46:49 AM Unknown Protection Center >>>To delete the file C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\index.dat reboot is required 
6/2/2011 7:51:06 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 7:54:48 AM Kaspersky Anti-Virus Protection Center Detected: UDSangerousObject.Multi.Generic C:\Documents and Settings\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMIWV54A\dds.scr KSN service 
6/2/2011 7:54:48 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 7:55:03 AM Kaspersky Anti-Virus Protection Center Detected: UDSangerousObject.Multi.Generic C:\Documents and Settings\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMIWV54A\dds.scr KSN service 
6/2/2011 7:55:03 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 8:00:36 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 8:01:09 AM Kaspersky Anti-Virus Protection Center Detected: UDSangerousObject.Multi.Generic C:\Documents and Settings\Owner\Downloads\dds.scr KSN service 
6/2/2011 8:01:09 AM Kaspersky Anti-Virus Protection Center Threats have been detected 
6/2/2011 8:12:41 AM Internet Explorer Web Anti-Virus Packed: Swf2Swc http://www.myinsight.com/offers/100dayshdgiveaway/images/memory_game1c.swf 
6/2/2011 8:12:56 AM Internet Explorer File Anti-Virus Packed: Swf2Swc C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\Windows\Temporary Internet Files\Low\Content.IE5\KG837H9E\memory_game1c[1].swf 
6/2/2011 8:14:38 AM Kaspersky Anti-Virus Custom Scan Task completed Vulnerability Scan 
6/2/2011 8:17:16 AM Internet Explorer File Anti-Virus Packed: Swf2Swc C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\Windows\Temporary Internet Files\Low\Content.IE5\KG837H9E\memory_game1c[1].swf


----------



## Cookiegal (Aug 27, 2003)

Please do not start a new thread to reply. You need to keep replying here. I've merged the new thread you started back here in your thread.

The threats detected a the DDS program we ran and it's a false positive so nothing to worry about.

You should empty your Recycle Bin.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## mmddevansville (May 30, 2011)

That is wonderful news.....so these others in Kapersky may not be much at all then!!I just now dumped the recycle bin and we were having a bit of problems here with the internet company outage, however everything is fixed and the rep on the phone reassured me that it has nothing to do with what we're doing here.,..[paniced a bit but am ready to go now....I found the page where we left off finally...this is a huge site to navigate for me but I am getting there Cookie...Scan is at 54% right now and on high security instead of medium where those guys at Best buy put it when they installed. I had not even touched it...


----------



## mmddevansville (May 30, 2011)

Should I shut down the Kapersky scan?? I already have the pyramid icon one going..oh no I hope I didn't screw this one up...


----------



## Cookiegal (Aug 27, 2003)

If you have a Kaspersky scan going then emptying the recycle bin then let it continue until it's finished and the post the new log. Then also please do the latest instructions I posted to download and run OTS.


----------



## mmddevansville (May 30, 2011)

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II P340 Dual-Core Processor, AMD64 Family 16 Model 6 Stepping 3
Processor Count: 2
RAM: 2810 Mb
Graphics Card: AMD M880G with ATI Mobility Radeon HD 4250 , 256 Mb
Hard Drives: C: Total - 287355 MB, Free - 238798 MB; D: Total - 17584 MB, Free - 2504 MB; 
Motherboard: Hewlett-Packard, 1444, 69.26, P X210 01 1Z ZU EQI
Antivirus: Kaspersky Anti-Virus, Updated and Enabled


----------



## mmddevansville (May 30, 2011)

This cannot be it let me go back and paste it..sorry cookie


----------



## mmddevansville (May 30, 2011)

Looks like I have to do the scan again I am turning Kapersky off, as I could not see what you wrote anyway I will look again to see about the one I saved from the pyramid, I am sure I saved it and maybe its that I did not find notepad, I looked in my doc.'s This shouldn't take too long....thanks cookie you are the greatest.


----------



## mmddevansville (May 30, 2011)

Here it is cookie sorry it took so long!!


```
OTS logfile created on: 6/2/2011 9:57:32 AM - Run 2
OTS by OldTimer - Version 3.1.43.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.62 Gb Total Space | 233.18 Gb Free Space | 83.09% Space Free | Partition Type: NTFS
Drive D: | 17.17 Gb Total Space | 2.45 Gb Free Space | 14.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: OWNER-HP
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Owner\Downloads\OTS.exe -> [2011/06/02 09:56:19 | 000,645,632 | ---- | M] (OldTimer Tools)
mbamgui.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
mbamservice.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
googletoolbaruser_32.exe -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe -> [2011/05/25 11:58:53 | 000,307,376 | ---- | M] (Google Inc.)
flashutil10q_activex.exe -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -> [2011/05/25 11:54:25 | 000,240,288 | ---- | M] (Adobe Systems, Inc.)
installiqupdater.exe -> C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe -> [2011/05/10 16:03:16 | 001,205,760 | ---- | M] (W3i, LLC)
psia.exe -> C:\Program Files (x86)\Secunia\PSI\psia.exe -> [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia)
sua.exe -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia)
psi_tray.exe -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe -> [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia)
hpdrvmntsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company)
hpmsgsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe -> [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpwmisvc.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -> [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.)
avp.exe -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -> [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)
 
[Modules - Safe List]
ots.exe -> C:\Users\Owner\Downloads\OTS.exe -> [2011/06/02 09:56:19 | 000,645,632 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll -> [2010/11/20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation)
normaliz.dll -> C:\Windows\SysWOW64\normaliz.dll -> [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD)
64bit-(RtVOsdService)  [Auto | Running] -> C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -> [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(HP Wireless Assistant Service)  [Disabled | Stopped] -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -> [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company)
64bit-(AERTFilters)  [Auto | Running] -> C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -> [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation)
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
(Secunia PSI Agent) Secunia PSI Agent [Auto | Running] -> C:\Program Files (x86)\Secunia\PSI\PSIA.exe -> [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia)
(Secunia Update Agent) Secunia Update Agent [Auto | Running] -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia)
(HPDrvMntSvc.exe) HP Quick Synchronization Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company)
(HPWMISVC) HPWMISVC [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -> [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(AVP) Kaspersky Anti-Virus Service [Auto | Running] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -> [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)
(CinemaNow Service) CinemaNow Service [Disabled | Stopped] -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek                                            )
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2010/11/20 02:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation)
64bit-(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\SysNative\drivers\klif.sys -> [2010/10/01 11:37:40 | 000,556,120 | ---- | M] (Kaspersky Lab)
64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.)
64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\BCMWL664.SYS -> [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation)
64bit-(PSI) PSI [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\psi_mf.sys -> [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia)
64bit-(kl2) kl2 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\kl2.sys -> [2010/06/09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO)
64bit-(KL1) KL1 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\kl1.sys -> [2010/06/09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated)
64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2010/05/07 14:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(AtiHdmiService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtiHdmi.sys -> [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.)
64bit-(KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klim6.sys -> [2010/04/22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO)
64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices)
64bit-(klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klmouflt.sys -> [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab)
64bit-(amdsata) amdsata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices)
64bit-(AtiPcie) AMD PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AtiPcie.sys -> [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(SrvHsfV92) SrvHsfV92 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTDPV6.SYS -> [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfWinac) SrvHsfWinac [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTCNXT6.SYS -> [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfHDA) SrvHsfHDA [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTAZL6.SYS -> [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 15:38:56 | 000,000,308 | ---- | M] ()
64bit-(igfx) igfx [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation)
64bit-(yukonw7) NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\yk62x64.sys -> [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell)
64bit-(netw5v64) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\netw5v64.sys -> [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.)
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> [URL]http://g.msn.com/HPNOT/1[/URL] -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> [URL]http://g.msn.com/HPNOT/1[/URL] -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> [URL]http://g.msn.com/HPNOT/1[/URL] -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> [URL]http://www.google.com/[/URL] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{D3D233D5-9F6D-436C-B6C7-E63F77503B30}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN -> 
HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502} -> C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\ [C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\] -> [2011/05/26 20:06:47 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e} -> C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\ [C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\] -> [2011/05/26 20:07:16 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2011\FFEXT\[email protected]] -> [2011/05/31 13:02:12 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2011\FFEXT\[email protected]] -> [2011/05/31 13:02:12 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2009/06/10 16:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll [IEVkbdBHO Class] -> [2010/10/05 21:27:50 | 000,061,624 | ---- | M] (Kaspersky Lab ZAO)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2011/05/25 11:58:10 | 000,409,776 | ---- | M] (Google Inc.)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll [FilterBHO Class] -> [2010/10/05 21:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{28387537-e3f9-4ed7-860c-11e69af4a8a0} [HKLM] ->  [MediaBar] -> File not found
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll [IEVkbdBHO Class] -> [2010/10/05 21:27:00 | 000,068,280 | ---- | M] (Kaspersky Lab ZAO)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll [Bing Bar BHO] -> [2010/11/12 17:27:20 | 000,612,616 | ---- | M] (Microsoft Corporation)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [FilterBHO Class] -> [2010/10/05 21:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} [HKLM] -> C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll [NetAssistantBHO Class] -> [2010/11/09 10:21:18 | 000,371,320 | ---- | M] (W3i, LLC)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2011/05/25 11:58:10 | 000,409,776 | ---- | M] (Google Inc.)
"10" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}" [HKLM] ->  [MediaBar] -> File not found
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll [@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100] -> [2010/11/12 17:27:20 | 000,612,616 | ---- | M] (Microsoft Corporation)
"10" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{D7E97865-918F-41E4-9CD0-25AB1C574CE8}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HPWirelessAssistant" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden] -> [2010/06/18 18:26:18 | 000,008,192 | ---- | M] ()
"RTHDVCPL" -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s] -> [2011/03/20 15:57:27 | 006,489,704 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVP" -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"] -> [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)
"HP Quick Launch" -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe] -> [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"Malwarebytes' Anti-Malware" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"" ->  [] -> File not found
"InstallIQUpdater" -> C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe ["C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun] -> [2011/05/10 16:03:16 | 001,205,760 | ---- | M] (W3i, LLC)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoActiveDesktop"]\\"NoActiveDesktop[/URL]" ->  [1] -> File not found
[URL="file://\\"NoActiveDesktopChanges"]\\"NoActiveDesktopChanges[/URL]" ->  [1] -> File not found
[URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [28] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[URL="file://\\"ConsentPromptBehaviorAdmin"]\\"ConsentPromptBehaviorAdmin[/URL]" ->  [5] -> File not found
[URL="file://\\"ConsentPromptBehaviorUser"]\\"ConsentPromptBehaviorUser[/URL]" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDesktopCleanupWizard"]\\"NoDesktopCleanupWizard[/URL]" ->  [1] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html] -> [2011/05/25 11:58:37 | 001,968,304 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html] -> [2011/05/25 11:58:37 | 001,968,304 | ---- | M] (Google Inc.)
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll [Button: &Virtual Keyboard] -> [2010/10/05 21:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll [Button: URLs c&heck] -> [2010/10/05 21:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [Button: &Virtual Keyboard] -> [2010/10/05 21:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [Button: URLs c&heck] -> [2010/10/05 21:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> [URL]http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s[/URL] -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/URL] [Java Plug-in 1.6.0_24] -> 
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/URL] [Java Plug-in 1.6.0_24] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/URL] [Java Plug-in 1.6.0_24] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/URL] [Java Plug-in 1.6.0_24] -> 
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/URL] [Java Plug-in 1.6.0_24] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/URL] [Java Plug-in 1.6.0_24] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> [URL]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/URL] [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0971C9A0-5EF9-4006-B583-0534F8AF2AF6}\\DhcpNameServer -> 192.168.2.1   (Realtek PCIe FE Family Controller) -> 
{8A77247A-8A94-42E9-8DD7-4FB12D1D9AE6}\\DhcpNameServer -> 192.168.2.1   (Broadcom 4313 802.11b/g/n) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"Use My Stylesheet" -> Reg Error: Invalid data type.
"User Stylesheet" -> 
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll ->  -> File not found
C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 20:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
klogon -> C:\Windows\SysNative\klogon.dll -> [2010/10/05 21:27:52 | 000,233,656 | ---- | M] (Kaspersky Lab ZAO)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0F29A4FF-9D5E-4A92-9EAF-509DFFC80013} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{12C664A2-FB09-4655-B24C-E7855E6EFB94} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-32809"][email protected],-32809[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{13839D9A-FB7D-402C-A046-46B25511178A} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28548"][email protected],-28548[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{2616FF4E-2660-4FB7-B589-6412965A92C9} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32789"][email protected],-32789[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{35835AD4-1CAD-4AA1-BAD0-32D5537CCB5A} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
{51E09F63-E85A-49C6-92F3-2D1868757309} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28515"][email protected],-28515[/EMAIL] | app=system | 
{5490CF0D-5128-4C1F-9CEF-10AD4FEFB294} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28503"][email protected],-28503[/EMAIL] | app=system | 
{67131FC1-CC20-4C8D-A44E-043EFB141800} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32805"][email protected],-32805[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{6BA96735-0F34-4496-8914-4DB7129B461D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{6CE564EE-E7F7-4699-B04B-A68D3329E72D} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-32801"][email protected],-32801[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{6E0B9C59-FCC4-4364-A027-D9EF201A93C5} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28507"][email protected],-28507[/EMAIL] | app=system | 
{6F70D903-3A04-495D-B9FE-667BFAF311A9} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28531"][email protected],-28531[/EMAIL] | app=system | 
{95A32AE8-A519-450B-9B72-B0CC9AF7366D} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28511"][email protected],-28511[/EMAIL] | app=system | 
{9D964924-7CB3-45E1-BAE0-D44008C2284B} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28550"][email protected],-28550[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{A168E357-32CF-4705-A97F-947113ED4C5A} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-32753"][email protected],-32753[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{A879F345-3BE3-4B7E-AFBF-2E663FAD3394} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28539"][email protected],-28539[/EMAIL] | svc=rpcss | 
{C03FD88D-D243-4628-9DF9-38CEFAD11E7A} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32811"][email protected],-32811[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{C3425495-D995-452C-8B9E-3462BA9B6F4E} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32757"][email protected],-32757[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{C94172EA-2839-4AA8-B8BD-6D04F2CCC097} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28535"][email protected],-28535[/EMAIL] | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{D14042DE-0B2F-4D05-81D6-A40C3C4A6869} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-32785"][email protected],-32785[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{EAC1B51E-1624-4B35-A7E0-496723C25AD0} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28519"][email protected],-28519[/EMAIL] | app=system | 
{F8743194-347A-4120-A555-FA69A800A8D9} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28527"][email protected],-28527[/EMAIL] | app=system | 
{F8CF256D-3A5C-443A-96C5-70787BC719DF} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28523"][email protected],-28523[/EMAIL] | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{10262EC5-A6E7-4A05-8569-3273D1874D0A} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{1A3D528A-30A3-4319-BF97-E9CBAC37CF3A} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{1E909BD9-8ED7-4681-ABBA-B04D1AE24898} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{1F6EA44C-A95A-43C0-BC69-F66D8E28B0B7} -> profile=public | protocol=58 | dir=in | action=allow | [EMAIL="[email protected],-28545"][email protected],-28545[/EMAIL] | 
{37C51B4A-7630-4596-93DD-58C8D82A54EB} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{39FC1912-B142-4323-9764-AC2F4B4C6839} -> profile=public | protocol=17 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
{46D68AA0-7E9E-4C66-B5AB-F0C46B90F087} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
{5749CC31-D695-4A20-85AA-0E98F424BB8D} -> profile=public | protocol=1 | dir=in | action=allow | [EMAIL="[email protected],-28543"][email protected],-28543[/EMAIL] | 
{5ACD4E8B-27FD-47BE-B35B-F597282ED87C} -> profile=public | protocol=58 | dir=out | action=allow | [EMAIL="[email protected],-28546"][email protected],-28546[/EMAIL] | 
{607B9267-F31A-40FE-9EFD-85D0E6A75AD5} -> profile=public | protocol=17 | dir=in | action=allow | name=roxio cinemanow 2.0 | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
{646B0565-563B-4F41-BD72-0914E71AA453} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{75E6DE8A-7336-400F-AD83-FA25D047B151} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{8AA8DD53-FE5A-4ACA-AB97-63C15CADCB27} -> profile=public | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-32821"][email protected],-32821[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{8D41A220-B250-457A-B3D5-544AC814AC6D} -> profile=public | protocol=1 | dir=out | action=allow | [EMAIL="[email protected],-28544"][email protected],-28544[/EMAIL] | 
{941E5132-BE18-4120-BC27-AAB2C78552D4} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{A9181A34-EF91-4F43-BF79-031C620F0598} -> profile=public | protocol=6 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
{AA288E5D-70B7-45E8-A33C-2B45D4878A43} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
{BA02EF4D-E6A1-4F11-9055-95BE43CDDE92} -> dir=in | action=allow | name=cyberlink powerdvd 9.0 | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
{C43C7705-CD50-47D6-BB00-5C079FF823F1} -> profile=public | protocol=6 | dir=in | action=allow | name=roxio cinemanow 2.0 | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [\SystemRoot\system32\drivers\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 javaws.exe -> C:\Windows\SysNative\javaws.exe -> [2011/06/01 12:42:42 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysNative\javaw.exe -> [2011/06/01 12:42:42 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysNative\java.exe -> [2011/06/01 12:42:42 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.)
 Malwarebytes -> C:\Users\Owner\AppData\Roaming\Malwarebytes -> [2011/06/01 12:13:31 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2011/06/01 12:13:26 | 000,039,984 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/06/01 12:13:26 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/06/01 12:13:26 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/06/01 12:13:23 | 000,025,912 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2011/06/01 12:13:23 | 000,000,000 | ---D | C]
 com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1 -> C:\Users\Owner\AppData\Roaming\com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1 -> [2011/05/29 21:48:21 | 000,000,000 | ---D | C]
 Multiply -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multiply -> [2011/05/29 21:48:11 | 000,000,000 | ---D | C]
 Multiply -> C:\Program Files (x86)\Multiply -> [2011/05/29 21:48:02 | 000,000,000 | ---D | C]
 MSN Toolbar -> C:\Program Files (x86)\MSN Toolbar -> [2011/05/26 20:05:59 | 000,000,000 | ---D | C]
 Microsoft Office -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office -> [2011/05/26 20:00:44 | 000,000,000 | ---D | C]
 WindowsUpdate -> C:\Users\Owner\AppData\Local\WindowsUpdate -> [2011/05/26 19:51:25 | 000,000,000 | ---D | C]
 Secunia CSI -> C:\Users\Owner\AppData\Local\Secunia CSI -> [2011/05/26 19:49:19 | 000,000,000 | ---D | C]
 Secunia PSI -> C:\Users\Owner\AppData\Local\Secunia PSI -> [2011/05/26 19:48:00 | 000,000,000 | ---D | C]
 Secunia -> C:\Program Files (x86)\Secunia -> [2011/05/26 19:41:40 | 000,000,000 | ---D | C]
 Windows Live Writer -> C:\Users\Owner\AppData\Roaming\Windows Live Writer -> [2011/05/26 18:06:13 | 000,000,000 | ---D | C]
 Windows Live Writer -> C:\Users\Owner\AppData\Local\Windows Live Writer -> [2011/05/26 18:06:13 | 000,000,000 | ---D | C]
 My Weblog Posts -> C:\Users\Owner\Documents\My Weblog Posts -> [2011/05/26 18:06:13 | 000,000,000 | ---D | C]
 Google -> C:\Users\Owner\AppData\Roaming\Google -> [2011/05/25 11:56:27 | 000,000,000 | ---D | C]
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2011/05/25 11:54:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated)
 Google -> C:\Program Files\Google -> [2011/05/25 11:47:55 | 000,000,000 | ---D | C]
 Google -> C:\ProgramData\Google -> [2011/05/25 11:47:42 | 000,000,000 | ---D | C]
 Google -> C:\Program Files (x86)\Google -> [2011/05/25 11:47:42 | 000,000,000 | ---D | C]
 Diskdump.sys -> C:\Windows\SysNative\drivers\Diskdump.sys -> [2011/05/25 07:19:12 | 000,027,520 | ---- | C] (Microsoft Corporation)
 Safari -> C:\Program Files (x86)\Safari -> [2011/05/23 17:49:55 | 000,000,000 | ---D | C]
 Apple Computer -> C:\Users\Owner\AppData\Local\Apple Computer -> [2011/05/23 14:20:09 | 000,000,000 | ---D | C]
 Apple Computer -> C:\Users\Owner\AppData\Roaming\Apple Computer -> [2011/05/23 14:20:08 | 000,000,000 | ---D | C]
 iTunes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes -> [2011/05/23 14:20:02 | 000,000,000 | ---D | C]
 GEARAspi64.dll -> C:\Windows\SysNative\GEARAspi64.dll -> [2011/05/23 14:19:28 | 000,126,312 | ---- | C] (GEAR Software Inc.)
 GEARAspi.dll -> C:\Windows\SysWow64\GEARAspi.dll -> [2011/05/23 14:19:28 | 000,107,368 | ---- | C] (GEAR Software Inc.)
 GEARAspiWDM.sys -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2011/05/23 14:19:28 | 000,034,152 | ---- | C] (GEAR Software Inc.)
 iPod -> C:\Program Files\iPod -> [2011/05/23 14:18:35 | 000,000,000 | ---D | C]
 iTunes -> C:\Program Files\iTunes -> [2011/05/23 14:18:34 | 000,000,000 | ---D | C]
 iTunes -> C:\Program Files (x86)\iTunes -> [2011/05/23 14:18:34 | 000,000,000 | ---D | C]
 {93E26451-CD9A-43A5-A2FA-C42392EA4001} -> C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> [2011/05/23 14:18:34 | 000,000,000 | ---D | C]
 QuickTime -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime -> [2011/05/23 14:15:15 | 000,000,000 | ---D | C]
 QuickTime -> C:\Program Files (x86)\QuickTime -> [2011/05/23 14:15:03 | 000,000,000 | ---D | C]
 Apple Computer -> C:\ProgramData\Apple Computer -> [2011/05/23 14:15:03 | 000,000,000 | ---D | C]
 Apple -> C:\Users\Owner\AppData\Local\Apple -> [2011/05/23 14:14:45 | 000,000,000 | ---D | C]
 Apple Software Update -> C:\Program Files (x86)\Apple Software Update -> [2011/05/23 14:14:41 | 000,000,000 | ---D | C]
 Apple -> C:\Program Files\Common Files\Apple -> [2011/05/23 14:14:16 | 000,000,000 | ---D | C]
 Bonjour -> C:\Program Files\Bonjour -> [2011/05/23 14:13:57 | 000,000,000 | ---D | C]
 Bonjour -> C:\Program Files (x86)\Bonjour -> [2011/05/23 14:13:57 | 000,000,000 | ---D | C]
 Apple -> C:\ProgramData\Apple -> [2011/05/23 14:13:23 | 000,000,000 | ---D | C]
 Apple -> C:\Program Files (x86)\Common Files\Apple -> [2011/05/23 14:13:23 | 000,000,000 | ---D | C]
 poqexec.exe -> C:\Windows\SysNative\poqexec.exe -> [2011/05/23 10:16:29 | 000,142,336 | ---- | C] (Microsoft Corporation)
 poqexec.exe -> C:\Windows\SysWow64\poqexec.exe -> [2011/05/23 10:16:29 | 000,123,904 | ---- | C] (Microsoft Corporation)
 ieapfltr.dat -> C:\Windows\SysWow64\ieapfltr.dat -> [2011/05/23 10:12:48 | 003,695,416 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysWow64\jscript9.dll -> [2011/05/23 10:12:48 | 001,797,632 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2011/05/23 10:12:48 | 001,427,456 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2011/05/23 10:12:48 | 000,716,800 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2011/05/23 10:12:48 | 000,580,608 | ---- | C] (Microsoft Corporation)
 ieapfltr.dll -> C:\Windows\SysWow64\ieapfltr.dll -> [2011/05/23 10:12:48 | 000,434,176 | ---- | C] (Microsoft Corporation)
 html.iec -> C:\Windows\SysWow64\html.iec -> [2011/05/23 10:12:48 | 000,367,104 | ---- | C] (Microsoft Corporation)
 dxtmsft.dll -> C:\Windows\SysWow64\dxtmsft.dll -> [2011/05/23 10:12:48 | 000,353,792 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2011/05/23 10:12:48 | 000,231,936 | ---- | C] (Microsoft Corporation)
 ieaksie.dll -> C:\Windows\SysWow64\ieaksie.dll -> [2011/05/23 10:12:48 | 000,227,840 | ---- | C] (Microsoft Corporation)
 dxtrans.dll -> C:\Windows\SysWow64\dxtrans.dll -> [2011/05/23 10:12:48 | 000,223,232 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2011/05/23 10:12:48 | 000,176,640 | ---- | C] (Microsoft Corporation)
 ieakui.dll -> C:\Windows\SysWow64\ieakui.dll -> [2011/05/23 10:12:48 | 000,163,840 | ---- | C] (Microsoft Corporation)
 msrating.dll -> C:\Windows\SysWow64\msrating.dll -> [2011/05/23 10:12:48 | 000,162,304 | ---- | C] (Microsoft Corporation)
 msls31.dll -> C:\Windows\SysWow64\msls31.dll -> [2011/05/23 10:12:48 | 000,161,792 | ---- | C] (Microsoft Corporation)
 wextract.exe -> C:\Windows\SysWow64\wextract.exe -> [2011/05/23 10:12:48 | 000,152,064 | ---- | C] (Microsoft Corporation)
 iexpress.exe -> C:\Windows\SysWow64\iexpress.exe -> [2011/05/23 10:12:48 | 000,150,528 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2011/05/23 10:12:48 | 000,142,848 | ---- | C] (Microsoft Corporation)
 ieakeng.dll -> C:\Windows\SysWow64\ieakeng.dll -> [2011/05/23 10:12:48 | 000,130,560 | ---- | C] (Microsoft Corporation)
 occache.dll -> C:\Windows\SysWow64\occache.dll -> [2011/05/23 10:12:48 | 000,123,392 | ---- | C] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2011/05/23 10:12:48 | 000,118,784 | ---- | C] (Microsoft Corporation)
 IEAdvpack.dll -> C:\Windows\SysWow64\IEAdvpack.dll -> [2011/05/23 10:12:48 | 000,110,592 | ---- | C] (Microsoft Corporation)
 admparse.dll -> C:\Windows\SysWow64\admparse.dll -> [2011/05/23 10:12:48 | 000,101,888 | ---- | C] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2011/05/23 10:12:48 | 000,086,528 | ---- | C] (Microsoft Corporation)
 inseng.dll -> C:\Windows\SysWow64\inseng.dll -> [2011/05/23 10:12:48 | 000,078,848 | ---- | C] (Microsoft Corporation)
 SetIEInstalledDate.exe -> C:\Windows\SysWow64\SetIEInstalledDate.exe -> [2011/05/23 10:12:48 | 000,076,800 | ---- | C] (Microsoft Corporation)
 RegisterIEPKEYs.exe -> C:\Windows\SysWow64\RegisterIEPKEYs.exe -> [2011/05/23 10:12:48 | 000,074,752 | ---- | C] (Microsoft Corporation)
 iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2011/05/23 10:12:48 | 000,074,752 | ---- | C] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2011/05/23 10:12:48 | 000,074,240 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2011/05/23 10:12:48 | 000,072,704 | ---- | C] (Microsoft Corporation)
 icardie.dll -> C:\Windows\SysWow64\icardie.dll -> [2011/05/23 10:12:48 | 000,066,048 | ---- | C] (Microsoft Corporation)
 tdc.ocx -> C:\Windows\SysWow64\tdc.ocx -> [2011/05/23 10:12:48 | 000,063,488 | ---- | C] (Microsoft Corporation)
 pngfilt.dll -> C:\Windows\SysWow64\pngfilt.dll -> [2011/05/23 10:12:48 | 000,054,272 | ---- | C] (Microsoft Corporation)
 mshtmler.dll -> C:\Windows\SysWow64\mshtmler.dll -> [2011/05/23 10:12:48 | 000,048,640 | ---- | C] (Microsoft Corporation)
 imgutil.dll -> C:\Windows\SysWow64\imgutil.dll -> [2011/05/23 10:12:48 | 000,035,840 | ---- | C] (Microsoft Corporation)
 iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2011/05/23 10:12:48 | 000,031,744 | ---- | C] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysWow64\licmgr10.dll -> [2011/05/23 10:12:48 | 000,023,552 | ---- | C] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2011/05/23 10:12:48 | 000,010,752 | ---- | C] (Microsoft Corporation)
 msls31.dll -> C:\Windows\SysNative\msls31.dll -> [2011/05/23 10:12:47 | 000,222,208 | ---- | C] (Microsoft Corporation)
 RegisterIEPKEYs.exe -> C:\Windows\SysNative\RegisterIEPKEYs.exe -> [2011/05/23 10:12:47 | 000,089,088 | ---- | C] (Microsoft Corporation)
 ieapfltr.dat -> C:\Windows\SysNative\ieapfltr.dat -> [2011/05/23 10:12:46 | 003,695,416 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2011/05/23 10:12:46 | 002,303,488 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2011/05/23 10:12:46 | 001,492,992 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2011/05/23 10:12:46 | 000,818,176 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2011/05/23 10:12:46 | 000,697,344 | ---- | C] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2011/05/23 10:12:46 | 000,603,648 | ---- | C] (Microsoft Corporation)
 ieapfltr.dll -> C:\Windows\SysNative\ieapfltr.dll -> [2011/05/23 10:12:46 | 000,534,528 | ---- | C] (Microsoft Corporation)
 dxtmsft.dll -> C:\Windows\SysNative\dxtmsft.dll -> [2011/05/23 10:12:46 | 000,452,608 | ---- | C] (Microsoft Corporation)
 html.iec -> C:\Windows\SysNative\html.iec -> [2011/05/23 10:12:46 | 000,448,512 | ---- | C] (Microsoft Corporation)
 dxtrans.dll -> C:\Windows\SysNative\dxtrans.dll -> [2011/05/23 10:12:46 | 000,282,112 | ---- | C] (Microsoft Corporation)
 ieaksie.dll -> C:\Windows\SysNative\ieaksie.dll -> [2011/05/23 10:12:46 | 000,267,776 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2011/05/23 10:12:46 | 000,248,320 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2011/05/23 10:12:46 | 000,236,544 | ---- | C] (Microsoft Corporation)
 msrating.dll -> C:\Windows\SysNative\msrating.dll -> [2011/05/23 10:12:46 | 000,197,120 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2011/05/23 10:12:46 | 000,173,056 | ---- | C] (Microsoft Corporation)
 iexpress.exe -> C:\Windows\SysNative\iexpress.exe -> [2011/05/23 10:12:46 | 000,165,888 | ---- | C] (Microsoft Corporation)
 ieakui.dll -> C:\Windows\SysNative\ieakui.dll -> [2011/05/23 10:12:46 | 000,163,840 | ---- | C] (Microsoft Corporation)
 wextract.exe -> C:\Windows\SysNative\wextract.exe -> [2011/05/23 10:12:46 | 000,160,256 | ---- | C] (Microsoft Corporation)
 ieakeng.dll -> C:\Windows\SysNative\ieakeng.dll -> [2011/05/23 10:12:46 | 000,160,256 | ---- | C] (Microsoft Corporation)
 occache.dll -> C:\Windows\SysNative\occache.dll -> [2011/05/23 10:12:46 | 000,149,504 | ---- | C] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2011/05/23 10:12:46 | 000,145,920 | ---- | C] (Microsoft Corporation)
 IEAdvpack.dll -> C:\Windows\SysNative\IEAdvpack.dll -> [2011/05/23 10:12:46 | 000,135,168 | ---- | C] (Microsoft Corporation)
 admparse.dll -> C:\Windows\SysNative\admparse.dll -> [2011/05/23 10:12:46 | 000,114,176 | ---- | C] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2011/05/23 10:12:46 | 000,111,616 | ---- | C] (Microsoft Corporation)
 inseng.dll -> C:\Windows\SysNative\inseng.dll -> [2011/05/23 10:12:46 | 000,103,936 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2011/05/23 10:12:46 | 000,096,256 | ---- | C] (Microsoft Corporation)
 SetIEInstalledDate.exe -> C:\Windows\SysNative\SetIEInstalledDate.exe -> [2011/05/23 10:12:46 | 000,091,648 | ---- | C] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2011/05/23 10:12:46 | 000,089,088 | ---- | C] (Microsoft Corporation)
 iesetup.dll -> C:\Windows\SysNative\iesetup.dll -> [2011/05/23 10:12:46 | 000,085,504 | ---- | C] (Microsoft Corporation)
 icardie.dll -> C:\Windows\SysNative\icardie.dll -> [2011/05/23 10:12:46 | 000,082,432 | ---- | C] (Microsoft Corporation)
 tdc.ocx -> C:\Windows\SysNative\tdc.ocx -> [2011/05/23 10:12:46 | 000,076,800 | ---- | C] (Microsoft Corporation)
 pngfilt.dll -> C:\Windows\SysNative\pngfilt.dll -> [2011/05/23 10:12:46 | 000,065,024 | ---- | C] (Microsoft Corporation)
 imgutil.dll -> C:\Windows\SysNative\imgutil.dll -> [2011/05/23 10:12:46 | 000,049,664 | ---- | C] (Microsoft Corporation)
 mshtmler.dll -> C:\Windows\SysNative\mshtmler.dll -> [2011/05/23 10:12:46 | 000,048,640 | ---- | C] (Microsoft Corporation)
 iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2011/05/23 10:12:46 | 000,039,936 | ---- | C] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysNative\licmgr10.dll -> [2011/05/23 10:12:46 | 000,030,720 | ---- | C] (Microsoft Corporation)
 mshta.exe -> C:\Windows\SysNative\mshta.exe -> [2011/05/23 10:12:46 | 000,012,288 | ---- | C] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2011/05/23 10:12:46 | 000,010,752 | ---- | C] (Microsoft Corporation)
 AI_RecycleBin -> C:\Windows\SysWow64\AI_RecycleBin -> [2011/05/18 07:51:45 | 000,000,000 | -HSD | C]
 W3i -> C:\Program Files (x86)\W3i -> [2011/05/18 07:51:44 | 000,000,000 | ---D | C]
 InstallIQ Updater -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater -> [2011/05/18 07:51:44 | 000,000,000 | ---D | C]
 ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2011/05/11 19:06:53 | 005,562,240 | ---- | C] (Microsoft Corporation)
 ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2011/05/11 19:06:51 | 003,967,872 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2011/05/11 19:06:51 | 003,912,576 | ---- | C] (Microsoft Corporation)
 usbd.sys -> C:\Windows\SysNative\drivers\usbd.sys -> [2011/05/11 19:06:47 | 000,007,936 | ---- | C] (Microsoft Corporation)
 usbport.sys -> C:\Windows\SysNative\drivers\usbport.sys -> [2011/05/11 11:16:10 | 000,325,120 | ---- | C] (Microsoft Corporation)
 Michael SS -> C:\Users\Owner\Documents\Michael SS -> [2011/05/06 10:48:01 | 000,000,000 | ---D | C]
 Diane tax -> C:\Users\Owner\Documents\Diane tax -> [2011/05/06 10:46:46 | 000,000,000 | ---D | C]
 HM CARE -> C:\Users\Owner\Documents\HM CARE -> [2011/05/06 10:44:10 | 000,000,000 | ---D | C]
 Unemployment claims -> C:\Users\Owner\Documents\Unemployment claims -> [2011/05/06 10:33:03 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/06/02 09:53:00 | 000,000,896 | ---- | M] ()
 KLIF.spi -> C:\Windows\KLIF.spi -> [2011/06/02 09:50:16 | 000,001,754 | -HS- | M] ()
 tech support.url -> C:\Users\Owner\Desktop\tech support.url -> [2011/06/02 07:48:09 | 000,000,178 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/02 07:26:34 | 000,023,024 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/02 07:26:34 | 000,023,024 | -H-- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/06/02 07:16:30 | 000,000,892 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/06/02 07:16:15 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/06/02 07:16:08 | 2210,582,528 | -HS- | M] ()
 Tech Support Guy Forums - Re Diane Woodson, Evansville, IN, USA.url -> C:\Users\Owner\Desktop\Tech Support Guy Forums - Re Diane Woodson, Evansville, IN, USA.url -> [2011/06/01 15:42:41 | 000,000,206 | ---- | M] ()
 Playlist.com  Michael.url -> C:\Users\Owner\Desktop\Playlist.com  Michael.url -> [2011/06/01 15:17:18 | 000,000,200 | ---- | M] ()
 Document.rtf -> C:\Users\Owner\Desktop\Document.rtf -> [2011/06/01 14:31:20 | 000,000,182 | R--- | M] ()
 Adobe unexpected things... - Page 4 - Tech Support Guy Forums.url -> C:\Users\Owner\Desktop\Adobe unexpected things... - Page 4 - Tech Support Guy Forums.url -> [2011/06/01 14:20:22 | 000,000,250 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2011/06/01 13:23:37 | 000,001,089 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/06/01 13:20:27 | 000,001,065 | ---- | M] ()
 Tech Support Forum  Experts Online now for FREE Support!.url -> C:\Users\Owner\Desktop\Tech Support Forum  Experts Online now for FREE Support!.url -> [2011/06/01 13:00:32 | 000,000,121 | ---- | M] ()
 deployJava1.dll -> C:\Windows\SysNative\deployJava1.dll -> [2011/06/01 12:42:35 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.)
 javaws.exe -> C:\Windows\SysNative\javaws.exe -> [2011/06/01 12:42:35 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysNative\javaw.exe -> [2011/06/01 12:42:35 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysNative\java.exe -> [2011/06/01 12:42:35 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.)
 HijackThis - Trend Micro USA.url -> C:\Users\Owner\Desktop\HijackThis - Trend Micro USA.url -> [2011/06/01 10:41:23 | 000,000,186 | ---- | M] ()
 My Profile - Community.url -> C:\Users\Owner\Desktop\My Profile - Community.url -> [2011/06/01 07:25:57 | 000,000,198 | ---- | M] ()
 What is patch - A Word Definition From the Webopedia Computer Dictionary.url -> C:\Users\Owner\Desktop\What is patch - A Word Definition From the Webopedia Computer Dictionary.url -> [2011/05/31 17:05:27 | 000,000,191 | ---- | M] ()
 Citibank Online Consumer Card - Enter Information.url -> C:\Users\Owner\Desktop\Citibank Online Consumer Card - Enter Information.url -> [2011/05/31 16:51:22 | 000,000,263 | ---- | M] ()
 Question.url -> C:\Users\Owner\Desktop\Question.url -> [2011/05/31 13:45:52 | 000,000,239 | ---- | M] ()
 Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2011/05/31 08:29:19 | 000,001,974 | ---- | M] ()
 Vectren bill Info.url -> C:\Users\Owner\Desktop\Vectren bill Info.url -> [2011/05/30 16:36:13 | 000,000,199 | ---- | M] ()
 Unemp;oyment.url -> C:\Users\Owner\Desktop\Unemp;oyment.url -> [2011/05/30 16:35:33 | 000,000,195 | ---- | M] ()
 Multiply AutoUploader.lnk -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Multiply AutoUploader.lnk -> [2011/05/29 21:48:29 | 000,001,311 | ---- | M] ()
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2011/05/29 21:42:44 | 000,404,640 | ---- | M] (Adobe Systems Incorporated)
 mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation)
 Secunia PSI Tray.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk -> [2011/05/26 19:42:45 | 000,001,062 | ---- | M] ()
 Computer reset.url -> C:\Users\Owner\Desktop\Computer reset.url -> [2011/05/26 10:05:52 | 000,000,200 | ---- | M] ()
 resmon.resmoncfg -> C:\Users\Owner\AppData\Local\resmon.resmoncfg -> [2011/05/25 11:06:39 | 000,000,017 | ---- | M] ()
 Hotmail.url -> C:\Users\Owner\Desktop\Hotmail.url -> [2011/05/25 09:31:15 | 000,000,226 | ---- | M] ()
 University of Evansville.url -> C:\Users\Owner\Desktop\University of Evansville.url -> [2011/05/24 20:31:30 | 000,000,176 | ---- | M] ()
 Explorer 9.url -> C:\Users\Owner\Desktop\Explorer 9.url -> [2011/05/24 20:08:44 | 000,000,215 | ---- | M] ()
 Search and find the latest information on john frieda at cvs.com.url -> C:\Users\Owner\Desktop\Search and find the latest information on john frieda at cvs.com.url -> [2011/05/24 19:58:30 | 000,000,364 | ---- | M] ()
 Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2011/05/24 07:15:56 | 000,002,491 | ---- | M] ()
 Apple Safari.lnk -> C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2011/05/23 17:50:01 | 000,002,515 | ---- | M] ()
 iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/05/23 14:20:02 | 000,001,743 | ---- | M] ()
 QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2011/05/23 14:15:15 | 000,001,805 | ---- | M] ()
 klin.dat -> C:\Windows\SysNative\drivers\klin.dat -> [2011/05/23 12:24:08 | 000,152,233 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2011/05/23 10:14:35 | 000,001,393 | ---- | M] ()
 ieapfltr.dat -> C:\Windows\SysWow64\ieapfltr.dat -> [2011/05/23 10:12:48 | 003,695,416 | ---- | M] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysWow64\jscript9.dll -> [2011/05/23 10:12:48 | 001,797,632 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2011/05/23 10:12:48 | 001,427,456 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2011/05/23 10:12:48 | 000,716,800 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2011/05/23 10:12:48 | 000,580,608 | ---- | M] (Microsoft Corporation)
 ieapfltr.dll -> C:\Windows\SysWow64\ieapfltr.dll -> [2011/05/23 10:12:48 | 000,434,176 | ---- | M] (Microsoft Corporation)
 html.iec -> C:\Windows\SysWow64\html.iec -> [2011/05/23 10:12:48 | 000,367,104 | ---- | M] (Microsoft Corporation)
 dxtmsft.dll -> C:\Windows\SysWow64\dxtmsft.dll -> [2011/05/23 10:12:48 | 000,353,792 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2011/05/23 10:12:48 | 000,231,936 | ---- | M] (Microsoft Corporation)
 ieaksie.dll -> C:\Windows\SysWow64\ieaksie.dll -> [2011/05/23 10:12:48 | 000,227,840 | ---- | M] (Microsoft Corporation)
 dxtrans.dll -> C:\Windows\SysWow64\dxtrans.dll -> [2011/05/23 10:12:48 | 000,223,232 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2011/05/23 10:12:48 | 000,176,640 | ---- | M] (Microsoft Corporation)
 ieakui.dll -> C:\Windows\SysWow64\ieakui.dll -> [2011/05/23 10:12:48 | 000,163,840 | ---- | M] (Microsoft Corporation)
 msrating.dll -> C:\Windows\SysWow64\msrating.dll -> [2011/05/23 10:12:48 | 000,162,304 | ---- | M] (Microsoft Corporation)
 msls31.dll -> C:\Windows\SysWow64\msls31.dll -> [2011/05/23 10:12:48 | 000,161,792 | ---- | M] (Microsoft Corporation)
 wextract.exe -> C:\Windows\SysWow64\wextract.exe -> [2011/05/23 10:12:48 | 000,152,064 | ---- | M] (Microsoft Corporation)
 iexpress.exe -> C:\Windows\SysWow64\iexpress.exe -> [2011/05/23 10:12:48 | 000,150,528 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2011/05/23 10:12:48 | 000,142,848 | ---- | M] (Microsoft Corporation)
 ieakeng.dll -> C:\Windows\SysWow64\ieakeng.dll -> [2011/05/23 10:12:48 | 000,130,560 | ---- | M] (Microsoft Corporation)
 occache.dll -> C:\Windows\SysWow64\occache.dll -> [2011/05/23 10:12:48 | 000,123,392 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2011/05/23 10:12:48 | 000,118,784 | ---- | M] (Microsoft Corporation)
 IEAdvpack.dll -> C:\Windows\SysWow64\IEAdvpack.dll -> [2011/05/23 10:12:48 | 000,110,592 | ---- | M] (Microsoft Corporation)
 admparse.dll -> C:\Windows\SysWow64\admparse.dll -> [2011/05/23 10:12:48 | 000,101,888 | ---- | M] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2011/05/23 10:12:48 | 000,086,528 | ---- | M] (Microsoft Corporation)
 inseng.dll -> C:\Windows\SysWow64\inseng.dll -> [2011/05/23 10:12:48 | 000,078,848 | ---- | M] (Microsoft Corporation)
 SetIEInstalledDate.exe -> C:\Windows\SysWow64\SetIEInstalledDate.exe -> [2011/05/23 10:12:48 | 000,076,800 | ---- | M] (Microsoft Corporation)
 RegisterIEPKEYs.exe -> C:\Windows\SysWow64\RegisterIEPKEYs.exe -> [2011/05/23 10:12:48 | 000,074,752 | ---- | M] (Microsoft Corporation)
 iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2011/05/23 10:12:48 | 000,074,752 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2011/05/23 10:12:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
 ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2011/05/23 10:12:48 | 000,072,822 | ---- | M] ()
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2011/05/23 10:12:48 | 000,072,704 | ---- | M] (Microsoft Corporation)
 icardie.dll -> C:\Windows\SysWow64\icardie.dll -> [2011/05/23 10:12:48 | 000,066,048 | ---- | M] (Microsoft Corporation)
 tdc.ocx -> C:\Windows\SysWow64\tdc.ocx -> [2011/05/23 10:12:48 | 000,063,488 | ---- | M] (Microsoft Corporation)
 pngfilt.dll -> C:\Windows\SysWow64\pngfilt.dll -> [2011/05/23 10:12:48 | 000,054,272 | ---- | M] (Microsoft Corporation)
 mshtmler.dll -> C:\Windows\SysWow64\mshtmler.dll -> [2011/05/23 10:12:48 | 000,048,640 | ---- | M] (Microsoft Corporation)
 imgutil.dll -> C:\Windows\SysWow64\imgutil.dll -> [2011/05/23 10:12:48 | 000,035,840 | ---- | M] (Microsoft Corporation)
 iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2011/05/23 10:12:48 | 000,031,744 | ---- | M] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysWow64\licmgr10.dll -> [2011/05/23 10:12:48 | 000,023,552 | ---- | M] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2011/05/23 10:12:48 | 000,010,752 | ---- | M] (Microsoft Corporation)
 msls31.dll -> C:\Windows\SysNative\msls31.dll -> [2011/05/23 10:12:47 | 000,222,208 | ---- | M] (Microsoft Corporation)
 RegisterIEPKEYs.exe -> C:\Windows\SysNative\RegisterIEPKEYs.exe -> [2011/05/23 10:12:47 | 000,089,088 | ---- | M] (Microsoft Corporation)
 ieapfltr.dat -> C:\Windows\SysNative\ieapfltr.dat -> [2011/05/23 10:12:46 | 003,695,416 | ---- | M] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2011/05/23 10:12:46 | 002,303,488 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2011/05/23 10:12:46 | 001,492,992 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2011/05/23 10:12:46 | 000,818,176 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2011/05/23 10:12:46 | 000,697,344 | ---- | M] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2011/05/23 10:12:46 | 000,603,648 | ---- | M] (Microsoft Corporation)
 ieapfltr.dll -> C:\Windows\SysNative\ieapfltr.dll -> [2011/05/23 10:12:46 | 000,534,528 | ---- | M] (Microsoft Corporation)
 dxtmsft.dll -> C:\Windows\SysNative\dxtmsft.dll -> [2011/05/23 10:12:46 | 000,452,608 | ---- | M] (Microsoft Corporation)
 html.iec -> C:\Windows\SysNative\html.iec -> [2011/05/23 10:12:46 | 000,448,512 | ---- | M] (Microsoft Corporation)
 dxtrans.dll -> C:\Windows\SysNative\dxtrans.dll -> [2011/05/23 10:12:46 | 000,282,112 | ---- | M] (Microsoft Corporation)
 ieaksie.dll -> C:\Windows\SysNative\ieaksie.dll -> [2011/05/23 10:12:46 | 000,267,776 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2011/05/23 10:12:46 | 000,248,320 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2011/05/23 10:12:46 | 000,236,544 | ---- | M] (Microsoft Corporation)
 msrating.dll -> C:\Windows\SysNative\msrating.dll -> [2011/05/23 10:12:46 | 000,197,120 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2011/05/23 10:12:46 | 000,173,056 | ---- | M] (Microsoft Corporation)
 iexpress.exe -> C:\Windows\SysNative\iexpress.exe -> [2011/05/23 10:12:46 | 000,165,888 | ---- | M] (Microsoft Corporation)
 ieakui.dll -> C:\Windows\SysNative\ieakui.dll -> [2011/05/23 10:12:46 | 000,163,840 | ---- | M] (Microsoft Corporation)
 wextract.exe -> C:\Windows\SysNative\wextract.exe -> [2011/05/23 10:12:46 | 000,160,256 | ---- | M] (Microsoft Corporation)
 ieakeng.dll -> C:\Windows\SysNative\ieakeng.dll -> [2011/05/23 10:12:46 | 000,160,256 | ---- | M] (Microsoft Corporation)
 occache.dll -> C:\Windows\SysNative\occache.dll -> [2011/05/23 10:12:46 | 000,149,504 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2011/05/23 10:12:46 | 000,145,920 | ---- | M] (Microsoft Corporation)
 IEAdvpack.dll -> C:\Windows\SysNative\IEAdvpack.dll -> [2011/05/23 10:12:46 | 000,135,168 | ---- | M] (Microsoft Corporation)
 admparse.dll -> C:\Windows\SysNative\admparse.dll -> [2011/05/23 10:12:46 | 000,114,176 | ---- | M] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2011/05/23 10:12:46 | 000,111,616 | ---- | M] (Microsoft Corporation)
 inseng.dll -> C:\Windows\SysNative\inseng.dll -> [2011/05/23 10:12:46 | 000,103,936 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2011/05/23 10:12:46 | 000,096,256 | ---- | M] (Microsoft Corporation)
 SetIEInstalledDate.exe -> C:\Windows\SysNative\SetIEInstalledDate.exe -> [2011/05/23 10:12:46 | 000,091,648 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2011/05/23 10:12:46 | 000,089,088 | ---- | M] (Microsoft Corporation)
 iesetup.dll -> C:\Windows\SysNative\iesetup.dll -> [2011/05/23 10:12:46 | 000,085,504 | ---- | M] (Microsoft Corporation)
 icardie.dll -> C:\Windows\SysNative\icardie.dll -> [2011/05/23 10:12:46 | 000,082,432 | ---- | M] (Microsoft Corporation)
 tdc.ocx -> C:\Windows\SysNative\tdc.ocx -> [2011/05/23 10:12:46 | 000,076,800 | ---- | M] (Microsoft Corporation)
 ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2011/05/23 10:12:46 | 000,072,822 | ---- | M] ()
 pngfilt.dll -> C:\Windows\SysNative\pngfilt.dll -> [2011/05/23 10:12:46 | 000,065,024 | ---- | M] (Microsoft Corporation)
 imgutil.dll -> C:\Windows\SysNative\imgutil.dll -> [2011/05/23 10:12:46 | 000,049,664 | ---- | M] (Microsoft Corporation)
 mshtmler.dll -> C:\Windows\SysNative\mshtmler.dll -> [2011/05/23 10:12:46 | 000,048,640 | ---- | M] (Microsoft Corporation)
 iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2011/05/23 10:12:46 | 000,039,936 | ---- | M] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysNative\licmgr10.dll -> [2011/05/23 10:12:46 | 000,030,720 | ---- | M] (Microsoft Corporation)
 mshta.exe -> C:\Windows\SysNative\mshta.exe -> [2011/05/23 10:12:46 | 000,012,288 | ---- | M] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2011/05/23 10:12:46 | 000,010,752 | ---- | M] (Microsoft Corporation)
 http--www.cyberlink.com-downloads-trials-streamauthor-requirements_en_US.html.url -> C:\Users\Owner\Desktop\http--www.cyberlink.com-downloads-trials-streamauthor-requirements_en_US.html.url -> [2011/05/22 14:25:21 | 000,000,227 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/05/22 11:16:06 | 000,726,316 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/05/22 11:16:06 | 000,624,178 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/05/22 11:16:06 | 000,106,522 | ---- | M] ()
 Insight Broadband.url -> C:\Users\Owner\Desktop\Insight Broadband.url -> [2011/05/19 09:16:13 | 000,000,174 | ---- | M] ()
 LoveShack.org Community Forums (2).url -> C:\Users\Owner\Documents\LoveShack.org Community Forums (2).url -> [2011/05/19 09:14:25 | 000,000,248 | ---- | M] ()
 The Year Without Summer - 1816 in Allegany County, NY.url -> C:\Users\Owner\Documents\The Year Without Summer - 1816 in Allegany County, NY.url -> [2011/05/16 13:34:30 | 000,000,246 | ---- | M] ()
 All Recipes.com.url -> C:\Users\Owner\Desktop\All Recipes.com.url -> [2011/05/16 13:16:03 | 000,000,177 | ---- | M] ()
 Horseshoe Southern Indiana.url -> C:\Users\Owner\Desktop\Horseshoe Southern Indiana.url -> [2011/05/16 13:11:59 | 000,000,329 | ---- | M] ()
 Pollen Count.url -> C:\Users\Owner\Desktop\Pollen Count.url -> [2011/05/16 12:47:59 | 000,000,360 | ---- | M] ()
 Crossword Heaven.url -> C:\Users\Owner\Desktop\Crossword Heaven.url -> [2011/05/06 18:20:55 | 000,000,183 | ---- | M] ()
 Crossword Solver.url -> C:\Users\Owner\Desktop\Crossword Solver.url -> [2011/05/06 18:20:22 | 000,000,208 | ---- | M] ()
 
[Files - No Company Name]
 KLIF.spi -> C:\Windows\KLIF.spi -> [2011/06/02 07:44:48 | 000,001,754 | -HS- | C] ()
 Tech Support Guy Forums - Re Diane Woodson, Evansville, IN, USA.url -> C:\Users\Owner\Desktop\Tech Support Guy Forums - Re Diane Woodson, Evansville, IN, USA.url -> [2011/06/01 15:42:41 | 000,000,206 | ---- | C] ()
 Adobe unexpected things... - Page 4 - Tech Support Guy Forums.url -> C:\Users\Owner\Desktop\Adobe unexpected things... - Page 4 - Tech Support Guy Forums.url -> [2011/06/01 14:20:22 | 000,000,250 | ---- | C] ()
 Document.rtf -> C:\Users\Owner\Desktop\Document.rtf -> [2011/06/01 13:54:06 | 000,000,182 | R--- | C] ()
 Tech Support Forum  Experts Online now for FREE Support!.url -> C:\Users\Owner\Desktop\Tech Support Forum  Experts Online now for FREE Support!.url -> [2011/06/01 13:00:32 | 000,000,121 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2011/06/01 12:13:26 | 000,001,089 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/06/01 12:13:26 | 000,001,065 | ---- | C] ()
 HijackThis - Trend Micro USA.url -> C:\Users\Owner\Desktop\HijackThis - Trend Micro USA.url -> [2011/06/01 10:41:22 | 000,000,186 | ---- | C] ()
 My Profile - Community.url -> C:\Users\Owner\Desktop\My Profile - Community.url -> [2011/06/01 07:25:39 | 000,000,198 | ---- | C] ()
 What is patch - A Word Definition From the Webopedia Computer Dictionary.url -> C:\Users\Owner\Desktop\What is patch - A Word Definition From the Webopedia Computer Dictionary.url -> [2011/05/31 17:05:27 | 000,000,191 | ---- | C] ()
 Citibank Online Consumer Card - Enter Information.url -> C:\Users\Owner\Desktop\Citibank Online Consumer Card - Enter Information.url -> [2011/05/31 16:51:22 | 000,000,263 | ---- | C] ()
 Question.url -> C:\Users\Owner\Desktop\Question.url -> [2011/05/31 13:45:52 | 000,000,239 | ---- | C] ()
 Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2011/05/31 08:29:19 | 000,001,974 | ---- | C] ()
 tech support.url -> C:\Users\Owner\Desktop\tech support.url -> [2011/05/31 07:49:07 | 000,000,178 | ---- | C] ()
 Multiply AutoUploader.lnk -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Multiply AutoUploader.lnk -> [2011/05/29 21:48:29 | 000,001,311 | ---- | C] ()
 Secunia PSI Tray.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk -> [2011/05/26 19:42:45 | 000,001,062 | ---- | C] ()
 Secunia PSI.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk -> [2011/05/26 19:42:44 | 000,001,025 | ---- | C] ()
 Secunia CSI.lnk -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Secunia CSI.lnk -> [2011/05/26 19:41:41 | 000,001,043 | ---- | C] ()
 Computer reset.url -> C:\Users\Owner\Desktop\Computer reset.url -> [2011/05/26 10:05:51 | 000,000,200 | ---- | C] ()
 Playlist.com  Michael.url -> C:\Users\Owner\Desktop\Playlist.com  Michael.url -> [2011/05/26 08:12:19 | 000,000,200 | ---- | C] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/05/25 11:48:05 | 000,000,896 | ---- | C] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/05/25 11:48:04 | 000,000,892 | ---- | C] ()
 resmon.resmoncfg -> C:\Users\Owner\AppData\Local\resmon.resmoncfg -> [2011/05/25 11:06:39 | 000,000,017 | ---- | C] ()
 Hotmail.url -> C:\Users\Owner\Desktop\Hotmail.url -> [2011/05/25 09:31:15 | 000,000,226 | ---- | C] ()
 University of Evansville.url -> C:\Users\Owner\Desktop\University of Evansville.url -> [2011/05/24 20:31:30 | 000,000,176 | ---- | C] ()
 Explorer 9.url -> C:\Users\Owner\Desktop\Explorer 9.url -> [2011/05/24 20:08:44 | 000,000,215 | ---- | C] ()
 Search and find the latest information on john frieda at cvs.com.url -> C:\Users\Owner\Desktop\Search and find the latest information on john frieda at cvs.com.url -> [2011/05/24 19:58:30 | 000,000,364 | ---- | C] ()
 Apple Safari.lnk -> C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2011/05/23 17:50:01 | 000,002,515 | ---- | C] ()
 Safari.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk -> [2011/05/23 17:50:01 | 000,002,503 | ---- | C] ()
 Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2011/05/23 17:50:01 | 000,002,491 | ---- | C] ()
 iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/05/23 14:20:02 | 000,001,743 | ---- | C] ()
 QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2011/05/23 14:15:15 | 000,001,805 | ---- | C] ()
 Apple Software Update.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> [2011/05/23 14:14:41 | 000,002,519 | ---- | C] ()
 ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2011/05/23 10:12:48 | 000,072,822 | ---- | C] ()
 ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2011/05/23 10:12:46 | 000,072,822 | ---- | C] ()
 http--www.cyberlink.com-downloads-trials-streamauthor-requirements_en_US.html.url -> C:\Users\Owner\Desktop\http--www.cyberlink.com-downloads-trials-streamauthor-requirements_en_US.html.url -> [2011/05/22 14:25:21 | 000,000,227 | ---- | C] ()
 LoveShack.org Community Forums (2).url -> C:\Users\Owner\Documents\LoveShack.org Community Forums (2).url -> [2011/05/20 07:40:47 | 000,000,248 | ---- | C] ()
 The Year Without Summer - 1816 in Allegany County, NY.url -> C:\Users\Owner\Documents\The Year Without Summer - 1816 in Allegany County, NY.url -> [2011/05/20 07:40:18 | 000,000,246 | ---- | C] ()
 Insight Broadband.url -> C:\Users\Owner\Desktop\Insight Broadband.url -> [2011/05/19 09:16:13 | 000,000,174 | ---- | C] ()
 Pollen Count.url -> C:\Users\Owner\Desktop\Pollen Count.url -> [2011/05/16 12:47:59 | 000,000,360 | ---- | C] ()
 All Recipes.com.url -> C:\Users\Owner\Desktop\All Recipes.com.url -> [2011/05/06 16:37:02 | 000,000,177 | ---- | C] ()
 Canon_BJC4300_Manual.pdf -> C:\Users\Owner\Documents\Canon_BJC4300_Manual.pdf -> [2011/05/06 10:29:43 | 010,370,048 | ---- | C] ()
 GhostObjGAFix.xml -> C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml -> [2011/03/28 08:21:18 | 000,001,854 | ---- | C] ()
 ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2010/11/20 03:49:18 | 000,000,000 | ---- | C] ()
 RStoneLog2.ini -> C:\Windows\SysWow64\RStoneLog2.ini -> [2010/11/20 03:40:34 | 000,000,268 | ---- | C] ()
 RStoneLog.ini -> C:\Windows\SysWow64\RStoneLog.ini -> [2010/11/20 03:40:34 | 000,000,209 | ---- | C] ()
 HPWA.ini -> C:\Windows\SysWow64\HPWA.ini -> [2010/07/14 12:32:50 | 000,000,188 | ---- | C] ()
 HP Documentation.ini -> C:\Windows\SysWow64\HP Documentation.ini -> [2010/07/14 11:30:39 | 000,000,186 | ---- | C] ()
 atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2010/06/15 22:28:54 | 000,002,857 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 00:38:36 | 000,067,584 | --S- | C] ()
 NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 21:35:51 | 000,000,741 | ---- | C] ()
 dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 21:34:42 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2009/07/13 19:10:29 | 000,043,131 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] ()
 igkrng400.bin -> C:\Windows\SysWow64\igkrng400.bin -> [2009/07/13 16:59:36 | 001,498,564 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] ()
 mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 16:26:10 | 000,673,088 | ---- | C] ()
< End of report >
```


----------



## mmddevansville (May 30, 2011)

I have just gotten about 50 new threats and quarantined them do you need me to send this too??diane


----------



## mmddevansville (May 30, 2011)

Cookiegal said:


> If you have a Kaspersky scan going then emptying the recycle bin then let it continue until it's finished and the post the new log. Then also please do the latest instructions I posted to download and run OTS.


My husband came home and I may be going out of town with him, so I will check every 15 or 20 minutes while I am doing things around the house in case you have any instructions for me...My Kapersky is at 53 on a new scan right now and I did some things it said to a few minutes ago....looks like I had more to worry about than any old Adobe!!! Hope you had a good lunch!


----------



## Cookiegal (Aug 27, 2003)

Please post the report with the threats listed.


----------



## mmddevansville (May 30, 2011)

Hi Cookie, I will Update in one hour when karesky is completedDate: Today (70)	6/2/2011 7:16:58 AM	Kaspersky Anti-Virus	IM Anti-Virus	Task started	IM Anti-Virus 6/2/2011 7:16:58 AM	Kaspersky Anti-Virus	File Anti-Virus Task started	File Anti-Virus 6/2/2011 7:16:58 AM	Kaspersky Anti-Virus	Mail Anti-Virus	Task started	Mail Anti-Virus 6/2/2011 7:16:58 AM	Kaspersky Anti-Virus	Proactive Defense	Task started	Proactive Defense 6/2/2011 7:16:58 AM	Kaspersky Anti-Virus	Web Anti-Virus	Task started	Web Anti-Virus 6/2/2011 7:17:28 AM	Kaspersky Anti-Virus	Protection Center	Your computer is protected 6/2/2011 7:17:41 AM	Kaspersky Anti-Virus	Custom Scan	Task started	Full Scan 6/2/2011 7:30:30 AM	Host Process for Windows Services	File Anti-Virus	Processing error	C:\$EXTEND\$ObjId:$O:$INDEX_ALLOCATION	Read error	6/2/2011 7:31:30 AM	Kaspersky Anti-Virus	Custom Scan	Task started	Vulnerability Scan 6/2/2011 7:40:33 AM	Microsoft Windows Search Indexer	File Anti-Virus	Processing error	C:\$EXTEND\$Reparse:$R:$INDEX_ALLOCATION	Read error	6/2/2011 7:45:01 AM	Host Process for Windows Services	Self-Defense	Denied	C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe 6/2/2011 7:45:07 AM	Windows Problem Reporting	Self-Defense	Denied	C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe 6/2/2011 7:46:49 AM	Unknown	Protection Center >>>To delete the file C:\Users\Owner\Local Settings\History\History.IE5\index.dat reboot is required 6/2/2011 7:46:49 AM	Unknown	Protection Center >>>To delete the file C:\Users\Owner\Local Settings\Microsoft\Windows\History\History.IE5\index.dat reboot is required 6/2/2011 7:46:49 AM	Unknown	Protection Center >>>To delete the file C:\Users\Owner\Local Settings\History\History.IE5\index.dat reboot is required 6/2/2011 7:46:49 AM	Unknown	Protection Center >>>To delete the file C:\Users\Owner\Local Settings\Microsoft\Windows\History\History.IE5\index.dat reboot is required 6/2/2011 7:46:49 AM	Unknown	Protection Center >>>To delete the file C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\index.dat reboot is required 6/2/2011 7:46:49 AM	Unknown	Protection Center >>>To delete the file C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\index.dat reboot is required 6/2/2011 8:12:41 AM	Internet Explorer	Web Anti-Virus	Packed: Swf2Swc	http://www.myinsight.com/offers/100dayshdgiveaway/images/memory_game1c.swf 6/2/2011 8:12:56 AM	Internet Explorer	File Anti-Virus	Packed: Swf2Swc	C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\Windows\Temporary Internet Files\Low\Content.IE5\KG837H9E\memory_game1c[1].swf 6/2/2011 8:14:38 AM	Kaspersky Anti-Virus	Custom Scan	Task completed	Vulnerability Scan 6/2/2011 8:17:16 AM	Internet Explorer	File Anti-Virus	Packed: Swf2Swc	C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\Windows\Temporary Internet Files\Low\Content.IE5\KG837H9E\memory_game1c[1].swf 6/2/2011 8:54:56 AM	Tech Support Guy System Info Utility	Proactive Defense	Detected: PDM.Invader (loader)	C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\C33SHA57\SYSINFO.EXE 6/2/2011 8:54:56 AM	Tech Support Guy System Info Utility	Proactive Defense	Allowed: PDM.Invader (loader)	C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\C33SHA57\SYSINFO.EXE	Action selected according to the settings	6/2/2011 8:57:07 AM	Tech Support Guy System Info Utility	Proactive Defense	Detected: PDM.Invader (loader)	C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\C33SHA57\SYSINFO.EXE 6/2/2011 8:57:07 AM	Tech Support Guy System Info Utility	Proactive Defense	Allowed: PDM.Invader (loader)	C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\C33SHA57\SYSINFO.EXE	Action selected according to the settings	6/2/2011 9:49:58 AM	Windows Explorer	File Anti-Virus	Packed: UPX	C:\$Recycle.Bin\S-1-5-21-117643980-48443553-1900770038-1000\$RRKSUKT.pif 6/2/2011 9:49:58 AM	Windows Explorer	File Anti-Virus	Packed: UPX	C:\$Recycle.Bin\S-1-5-21-117643980-48443553-1900770038-1000\$RA3EOEI.scr 6/2/2011 9:50:02 AM	Kaspersky Anti-Virus	File Anti-Virus	Packed: UPX	C:\$Recycle.Bin\S-1-5-21-117643980-48443553-1900770038-1000\$RRKSUKT.pif 6/2/2011 9:50:16 AM	Kaspersky Anti-Virus	File Anti-Virus	Will be deleted on reboot: UDSangerousObject.Multi.Generic	C:\$Recycle.Bin\S-1-5-21-117643980-48443553-1900770038-1000\$RRKSUKT.pif 6/2/2011 9:55:49 AM	Internet Explorer	Web Anti-Virus	Packed: PE_Patch.PECompact	http://oldtimer.geekstogo.com/OTS.exe 6/2/2011 9:55:49 AM	Internet Explorer	Web Anti-Virus	Packed: PecBundle	http://oldtimer.geekstogo.com/OTS.exe//PE_Patch.PECompact 6/2/2011 9:55:49 AM	Internet Explorer	Web Anti-Virus	Packed: PECompact	http://oldtimer.geekstogo.com/OTS.exe//PE_Patch.PECompact//PecBundle 6/2/2011 9:55:51 AM	Host Process for Windows Services	File Anti-Virus	Packed: PE_Patch.PECompact	C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\Windows\Temporary Internet Files\CONTENT.IE5\CMIWV54A\OTS.exe 6/2/2011 9:55:51 AM	Host Process for Windows Services	File Anti-Virus	Packed: PecBundle	C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\Windows\Temporary Internet Files\CONTENT.IE5\CMIWV54A\OTS.exe/PE_Patch.PECompact 6/2/2011 9:55:51 AM	Host Process for Windows Services	File Anti-Virus	Packed: PECompact	C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\Windows\Temporary Internet Files\CONTENT.IE5\CMIWV54A\OTS.exe/PE_Patch.PECompact/PecBundle 6/2/2011 9:55:59 AM	OTS.exe	Proactive Defense	Detected: PDM.Invader (loader)	C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\CMIWV54A\OTS.EXE 6/2/2011 9:55:59 AM	OTS.exe	Proactive Defense	Allowed: PDM.Invader (loader)	C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\CMIWV54A\OTS.EXE	Action selected according to the settings	6/2/2011 9:56:12 AM	Internet Explorer	Web Anti-Virus	Packed: PE_Patch.PECompact	http://oldtimer.geekstogo.com/OTS.exe 6/2/2011 9:56:12 AM	Internet Explorer	Web Anti-Virus	Packed: PecBundle	http://oldtimer.geekstogo.com/OTS.exe//PE_Patch.PECompact 6/2/2011 9:56:12 AM	Internet Explorer	Web Anti-Virus	Packed: PECompact	http://oldtimer.geekstogo.com/OTS.exe//PE_Patch.PECompact//PecBundle 6/2/2011 9:56:23 AM	OTS.EXE	Proactive Defense	Detected: PDM.Invader (loader)	C:\USERS\OWNER\DOWNLOADS\OTS.EXE 6/2/2011 9:56:23 AM	OTS.EXE	Proactive Defense	Allowed: PDM.Invader (loader)	C:\USERS\OWNER\DOWNLOADS\OTS.EXE	Action selected according to the settings	6/2/2011 10:16:46 AM	OTS.EXE	Proactive Defense	Detected: PDM.Invader (loader)	C:\USERS\OWNER\DOWNLOADS\OTS.EXE 6/2/2011 10:16:46 AM	OTS.EXE	Proactive Defense	Allowed: PDM.Invader (loader)	C:\USERS\OWNER\DOWNLOADS\OTS.EXE	Action selected according to the settings	6/2/2011 10:18:02 AM	OTS.EXE	Proactive Defense	Detected: PDM.Invader (loader)	C:\USERS\OWNER\DOWNLOADS\OTS.EXE 6/2/2011 10:18:02 AM	OTS.EXE	Proactive Defense	Allowed: PDM.Invader (loader)	C:\USERS\OWNER\DOWNLOADS\OTS.EXE	Action selected according to the settings	6/2/2011 10:21:14 AM	Kaspersky Anti-Virus	Custom Scan	Task started	Critical Areas Scan 6/2/2011 10:28:08 AM	Kaspersky Anti-Virus	Custom Scan	Task completed	Critical Areas Scan 6/2/2011 10:46:33 AM	Kaspersky Anti-Virus	Update	Task started	Update 6/2/2011 10:47:57 AM	Kaspersky Anti-Virus	Update	Task completed	Update 6/2/2011 11:03:50 AM	Kaspersky Anti-Virus	IM Anti-Virus	Task started	IM Anti-Virus 6/2/2011 11:03:50 AM	Kaspersky Anti-Virus	Mail Anti-Virus	Task started	Mail Anti-Virus 6/2/2011 11:03:50 AM	Kaspersky Anti-Virus	Proactive Defense	Task started	Proactive Defense 6/2/2011 11:03:50 AM	Kaspersky Anti-Virus	File Anti-Virus	Task started	File Anti-Virus 6/2/2011 11:03:50 AM	Kaspersky Anti-Virus	Web Anti-Virus	Task started	Web Anti-Virus 6/2/2011 11:05:16 AM	Kaspersky Anti-Virus	Protection Center	Your computer is protected 6/2/2011 11:06:26 AM	Kaspersky Anti-Virus	Custom Scan	Task started	Full Scan 6/2/2011 11:18:24 AM	Host Process for Windows Services	Self-Defense	Denied	C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe 6/2/2011 11:18:25 AM	Windows Problem Reporting	Self-Defense	Denied	C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe 6/2/2011 11:18:43 AM	Host Process for Windows Services	File Anti-Virus	Processing error	C:\$EXTEND\$ObjId:$O:$INDEX_ALLOCATION	Read error	6/2/2011 11:23:39 AM	Kaspersky Anti-Virus	Custom Scan	Task started	Virus Scan 6/2/2011 11:24:00 AM	Kaspersky Anti-Virus	Custom Scan	Task stopped	Virus Scan 6/2/2011 11:32:07 AM	Windows Explorer	Self-Defense	Denied	C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe 6/2/2011 11:33:02 AM	Secunia PSI Agent	File Anti-Virus	Packed: UPX	C:\USERS\OWNER\DOWNLOADS\HijackThis.exe 6/2/2011 11:47:12 AM	Host Process for Windows Services	Self-Defense	Denied	C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe 6/2/2011 11:47:13 AM	Windows Problem Reporting	Self-Defense	Denied	C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe 6/2/2011 11:47:24 AM	Windows Problem Reporting	Self-Defense	Denied	C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe 6/2/2011 1:01:21 PM	Kaspersky Anti-Virus	Update	Task started	Update 6/2/2011 1:01:55 PM	Kaspersky Anti-Virus	Update	Task completed	Update ompleted....thanks


----------



## mmddevansville (May 30, 2011)

Cookiegal said:


> If you have a Kaspersky scan going then emptying the recycle bin then let it continue until it's finished and the post the new log. Then also please do the latest instructions I posted to download and run OTS.


My posts have my name that when I reply to you not sure but hope you are getting these anyway...any problems and I will gladly resend!!! jeepers!!!!!!!!


----------



## mmddevansville (May 30, 2011)

I am not able to search from the techguy website and couldn;t find anywhere else to write from....I am going to check and see if I can use any other like Google since I am thinking I should get the logs off the computer...just don't know what to do right now and am hoping to hear from you soon, I am sure you are very busy...see you...diane


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

```
[Kill All Processes]
[Unregister Dlls]
[Processes - Safe List]
YY -> installiqupdater.exe -> C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
[Registry - Safe List]
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN
< HOSTS File > ([2009/06/10 16:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts
YN -> Reset Hosts -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {28387537-e3f9-4ed7-860c-11e69af4a8a0} [HKLM] -> [MediaBar]
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} [HKLM] -> C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll [NetAssistantBHO Class]
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "10" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{28387537-e3f9-4ed7-860c-11e69af4a8a0}" [HKLM] -> [MediaBar]
YN -> "10" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D7E97865-918F-41E4-9CD0-25AB1C574CE8}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
YY -> "InstallIQUpdater" -> C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe ["C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun]
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll -> 
YN -> C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll -> 
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
[Files/Folders - Created Within 30 Days]
NY ->  W3i -> C:\Program Files (x86)\W3i
NY ->  InstallIQ Updater -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater
[Empty Temp Folders]
[EmptyFlash]
[Start Explorer]
[Reboot]
```


----------



## mmddevansville (May 30, 2011)

It is running in the background, should I keep the ots program? thanks


----------



## mmddevansville (May 30, 2011)

I now have the notepad file waiting in case you need it sent to you...I had to wait for reboot so it took a bit of time....thanks diane


----------



## mmddevansville (May 30, 2011)

Did I send everything you needed?


----------



## mmddevansville (May 30, 2011)

I got it Cookie!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:06:12 PM, on 6/2/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Multiply AutoUploader.lnk = C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11876 bytes


----------



## Cookiegal (Aug 27, 2003)

In Kaspersky click on Reports and then Detected Threats and post that report. The other is a lot of saying different components started and it's difficult to read. The only thing that's important is what was detected.


----------



## mmddevansville (May 30, 2011)

Date: Today (140) 
I am going back this is very difficult to figure out why it won't let me paste...I will try copying...


----------



## mmddevansville (May 30, 2011)

6/2/2011 8:54:56 AM Unknown application Detected: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\C33SHA57\SYSINFO.EXE Looks like they copy one at time...good thing my husband is late !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


----------



## mmddevansville (May 30, 2011)

6/2/2011 8:54:56 AM Unknown application Detected: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\C33SHA57\SYSINFO.EXE 
I just can't beleive it all of them were highlighted...i'll go down the list and do them one by one


----------



## mmddevansville (May 30, 2011)

Date: Today (25) 
6/2/2011 4:00:57 PM OTS.EXE Detected: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE 
6/2/2011 4:00:24 PM OTS.EXE Detected: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\85BQRFMG\OTS.EXE 
6/2/2011 4:00:02 PM OTS.EXE Detected: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1ESL2QGU\OTS.EXE 
6/2/2011 3:51:29 PM OTS.EXE Detected: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE 
6/2/2011 3:47:51 PM Kaspersky Anti-Virus Task started Proactive Defense 
6/2/2011 3:41:59 PM OTS.EXE Detected: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE 
6/2/2011 11:03:50 AM Kaspersky Anti-Virus Task started Proactive Defense 
6/2/2011 10:18:02 AM OTS.EXE Detected: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE 
6/2/2011 10:16:46 AM OTS.EXE Detected: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE 
6/2/2011 9:56:23 AM OTS.EXE Detected: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE 
6/2/2011 9:55:59 AM Unknown application Detected: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\CMIWV54A\OTS.EXE 
6/2/2011 8:57:07 AM Unknown application Detected: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\C33SHA57\SYSINFO.EXE 
6/2/2011 8:54:56 AM Unknown application Detected: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\C33SHA57\SYSINFO.EXE 
6/2/2011 7:16:58 AM Kaspersky Anti-Virus Task started Proactive Defense 
6/2/2011 4:00:57 PM OTS.EXE Allowed: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE Action selected according to the settings 
6/2/2011 4:00:24 PM OTS.EXE Allowed: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\85BQRFMG\OTS.EXE Action selected according to the settings 
6/2/2011 4:00:02 PM OTS.EXE Allowed: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1ESL2QGU\OTS.EXE Action selected according to the settings 
6/2/2011 3:51:29 PM OTS.EXE Allowed: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE Action selected according to the settings 
6/2/2011 3:41:59 PM OTS.EXE Allowed: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE Action selected according to the settings 
6/2/2011 10:18:02 AM OTS.EXE Allowed: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE Action selected according to the settings 
6/2/2011 10:16:46 AM OTS.EXE Allowed: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE Action selected according to the settings 
6/2/2011 9:56:23 AM OTS.EXE Allowed: PDM.Invader (loader) C:\USERS\OWNER\DOWNLOADS\OTS.EXE Action selected according to the settings 
6/2/2011 9:55:59 AM Unknown application Allowed: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\CMIWV54A\OTS.EXE Action selected according to the settings 
6/2/2011 8:57:07 AM Unknown application Allowed: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\C33SHA57\SYSINFO.EXE Action selected according to the settings 
6/2/2011 8:54:56 AM Unknown application Allowed: PDM.Invader (loader) C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\C33SHA57\SYSINFO.EXE Action selected according to the settings 
Think I got em all this time...they sure were hard to get but we are getting somewhere, right??


----------



## Cookiegal (Aug 27, 2003)

None of those are real threats. They are all related to the tools we've used. It's quite common for anti-virus programs to detect them as malicious even though they're not because of the nature of what the programs do.

We need to run ComboFix.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## mmddevansville (May 30, 2011)

I will do it, now I am not worried about the computer except that I think by downloading Exp 9 -64 which I already did have stupid mistake! I may have caused the internet to go down or something...I never had that until then I sure hope I have not opened up another problem, I will be home tomorrow so thank God I still have time before we leave on the trip..Cookiegal you sure have been wonderful!


----------



## mmddevansville (May 30, 2011)

This site will not let me register to do as you asked....I have tried 4 times to do it, something about my e-mail already in use....


----------



## mmddevansville (May 30, 2011)

this thing has to be somewhere else I will google it and see if I can do it that way


----------



## mmddevansville (May 30, 2011)

I downloaded it but it is called reimage...is this ok??


----------



## mmddevansville (May 30, 2011)

it says to install a flash, and I have none since I uninstalled air yesterday...jeepers Can we start back up tomorrow and see if I can get combofix, where you said maybe I am doing something wrong??? it must be


----------



## mmddevansville (May 30, 2011)

I just turned off Kapersky and did the combofix as instructed but cannot find the file that showed up on my laptop screen....I hurried as fast as I could while antiv was off and got back here to report what is going on, I will send it and hunted through all the log files but can make no sense of them, or what to send I looked on notepad too....I have been working for over an hour and will be back asap to see what I need to do next...Good Morning.....diane


----------



## mmddevansville (May 30, 2011)

I did combofix and it still shows no help in getting it on the notepad....


----------



## Cookiegal (Aug 27, 2003)

The log should be at: C:\ComboFix.txt.


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> This site will not let me register to do as you asked....I have tried 4 times to do it, something about my e-mail already in use....


Why are you trying to register again when you already have an account? If you log out then you just have to log back in again to be able to post.


----------



## mmddevansville (May 30, 2011)

Good Morning!! I am back on line finally and wondering if I need to do anything else..Hope you had a nice weekend! diane


----------



## Cookiegal (Aug 27, 2003)

Good morning. Please post the ComboFix log.


----------



## mmddevansville (May 30, 2011)

Good Morning! Combofix is located in my documents here but I am finding nothing. I will try and run it again and send this to you...thanks cookie!! Michael has had his back to flare up again so I haven't been able to do much...see you! Diane


----------



## mmddevansville (May 30, 2011)

I get a message from windows says that I should say yes or no for this to open and make changes then it dissapears...


----------



## Cookiegal (Aug 27, 2003)

It shouldn't be in "My Documents", it was to be downloaded to the Desktop. 

Do you see a ComboFix.txt file in My Documents?

Right-click on it and select "Open with" and "Notepad" and then copy and paste the contents.


----------



## mmddevansville (May 30, 2011)

no just combofix and it won't open...guess i could download again???


----------



## Cookiegal (Aug 27, 2003)

Yes, this time to the desktop please.


----------



## mmddevansville (May 30, 2011)

That login was simple!! I am here now...thanks


----------



## mmddevansville (May 30, 2011)

Good Afternoon....I am having a bit of a problem with "diagnose connection" internet.....anyone there??


----------



## Cookiegal (Aug 27, 2003)

I'm still waiting for you to complete my last instructions which were to run ComboFix. Remove the one you have by dragging it to the recycle bin and grab the latest version:

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

This time, be sure to save it to your desktop.


----------



## mmddevansville (May 30, 2011)

Oh good I am glad you are there...I tried to do this at night, its just redirecting me to bleeping computer and I did run it again, however it will not do the save to notepad thing for me...I am sure I am just doing it wrong. I just ran the hp diagnostics on the laptop and its working, I can listen to music from a web-site and am going to stop worrying about not having flash player since it will cost me an arm and a leg, and looks like I may not need it anyway...I will go to Combofix and get to work...thanks bunches...diane


----------



## mmddevansville (May 30, 2011)

I ran it still have the icon on the desktop, but could find no place to attach or do anything...now I have to go back since I was off the internet for about 10 minutes during the time after it ran...all my desktop icons disappeared it was a true experience in being horrified...kapersky sent lots of singnals and I am sure to get pages of them for you...What should I do now that its up and running? Run combo again?? thanks..thought i had been attacked by an army or something!


----------



## mmddevansville (May 30, 2011)

Wait cookie...it says its preparing to run a log and it just ran one right before the computer lost cyber connection...what do I do now!


----------



## mmddevansville (May 30, 2011)

Here isComboFix 11-06-13.06 - Owner 06/14/2011 12:26:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1194 [GMT -5:00]
Running from: c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZQ8V3NI\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Temp\SDIAG_f990de5d-2f03-4362-ae1d-3e29c87fdcb9\DiagPackage.dll
c:\users\Owner\AppData\Local\Temp\SDIAG_f990de5d-2f03-4362-ae1d-3e29c87fdcb9\en-US\DiagPackage.dll.mui
c:\windows\SysWow64\drivers\dfg.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-14 17:43 . 2011-06-14 17:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-06-14 17:43 . 2011-06-14 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 16:08 . 2011-06-14 16:08 -------- d-----w- c:\users\Owner\AppData\Roaming\Uniblue
2011-06-14 16:08 . 2011-06-14 16:08 -------- dc-h--w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-14 16:08 . 2011-06-14 16:08 -------- d-----w- c:\program files (x86)\Uniblue
2011-06-14 15:39 . 2011-06-14 15:39 -------- d-----w- c:\windows\system32\Macromed
2011-06-14 15:03 . 2011-06-14 15:03 -------- d-----w- C:\HP_TOOLS_mountHPSF
2011-06-14 12:01 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9BBCCAD-2186-440B-8482-9F9C71610114}\mpengine.dll
2011-06-13 18:22 . 2011-06-14 16:05 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-06-13 17:58 . 2011-06-13 17:58 -------- d-----w- c:\program files (x86)\Superfish
2011-06-13 17:58 . 2011-06-13 17:58 -------- d-----w- c:\program files (x86)\Driver-Soft
2011-06-13 17:58 . 2011-06-13 17:58 -------- d-----w- c:\program files (x86)\StartNow Toolbar
2011-06-11 17:21 . 2011-06-11 17:22 -------- d-----w- c:\program files (x86)\RegZooka
2011-06-10 23:28 . 2011-06-10 23:28 -------- d-----w- c:\users\Owner\AppData\Roaming\Kaspersky Lab
2011-06-10 23:00 . 2011-06-10 23:00 -------- d-----w- c:\users\Owner\AppData\Roaming\ConsumerSoft
2011-06-10 23:00 . 2011-06-10 23:00 -------- d-----w- c:\program files (x86)\ConsumerSoft
2011-06-10 22:03 . 2011-06-10 22:07 -------- d-----w- c:\program files (x86)\iTunes
2011-06-10 22:03 . 2011-06-10 22:03 -------- d-----w- c:\program files\iPod
2011-06-10 22:03 . 2011-06-10 22:07 -------- d-----w- c:\program files\iTunes
2011-06-02 20:42 . 2011-06-02 20:42 -------- d-----w- C:\_OTS
2011-06-01 17:13 . 2011-06-01 17:13 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-06-01 17:13 . 2011-06-01 17:13 -------- d-----w- c:\programdata\Malwarebytes
2011-06-01 17:13 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-01 17:13 . 2011-06-01 18:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-01 17:13 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-30 02:48 . 2011-05-30 02:48 -------- d-----w- c:\users\Owner\AppData\Roaming\com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1
2011-05-30 02:48 . 2011-05-30 02:48 -------- d-----w- c:\program files (x86)\Multiply
2011-05-27 01:05 . 2011-05-27 01:05 -------- d-----w- c:\program files (x86)\MSN Toolbar
2011-05-27 00:51 . 2011-05-27 00:51 -------- d-----w- c:\users\Owner\AppData\Local\WindowsUpdate
2011-05-27 00:49 . 2011-05-27 00:49 -------- d-----w- c:\users\Owner\AppData\Local\Secunia CSI
2011-05-27 00:48 . 2011-05-27 00:48 -------- d-----w- c:\users\Owner\AppData\Local\Secunia PSI
2011-05-27 00:41 . 2011-05-27 00:42 -------- d-----w- c:\program files (x86)\Secunia
2011-05-26 23:06 . 2011-05-26 23:06 -------- d-----w- c:\users\Owner\AppData\Local\Windows Live Writer
2011-05-26 23:06 . 2011-05-26 23:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Windows Live Writer
2011-05-25 16:54 . 2011-06-11 15:49 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 16:47 . 2011-05-25 16:47 -------- d-----w- c:\program files\Google
2011-05-25 16:47 . 2011-05-25 16:47 -------- d-----w- c:\program files (x86)\Google
2011-05-25 12:19 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-23 22:49 . 2011-05-23 22:50 -------- d-----w- c:\program files (x86)\Safari
2011-05-23 19:20 . 2011-06-10 22:22 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer
2011-05-23 19:20 . 2011-05-25 16:03 -------- d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
2011-05-23 19:19 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-23 19:19 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-05-23 19:19 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-05-23 19:18 . 2011-05-23 19:19 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-23 19:15 . 2011-05-23 19:15 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-23 19:15 . 2011-05-23 19:15 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-23 19:15 . 2011-05-23 19:15 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-23 19:15 . 2011-05-23 19:15 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-23 19:15 . 2011-05-23 19:15 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-23 19:15 . 2011-05-23 19:15 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-23 19:15 . 2011-05-23 19:15 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-05-23 19:15 . 2011-06-10 22:03 -------- d-----w- c:\programdata\Apple Computer
2011-05-23 19:15 . 2011-05-23 19:15 -------- d-----w- c:\program files (x86)\QuickTime
2011-05-23 19:14 . 2011-05-23 19:14 -------- d-----w- c:\users\Owner\AppData\Local\Apple
2011-05-23 19:14 . 2011-05-23 19:14 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-05-23 19:14 . 2011-05-23 19:14 -------- d-----w- c:\program files\Common Files\Apple
2011-05-23 19:13 . 2011-05-23 19:13 -------- d-----w- c:\program files\Bonjour
2011-05-23 19:13 . 2011-05-23 19:13 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-23 19:13 . 2011-06-10 22:03 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-05-23 19:13 . 2011-05-23 19:13 -------- d-----w- c:\programdata\Apple
2011-05-23 15:16 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-23 15:16 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-18 12:51 . 2011-05-18 12:51 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 20:07 . 2010-07-14 16:52 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-09 16:24 . 2011-03-12 14:29 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-09 16:23 . 2011-04-12 22:01 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-06-09 16:23 . 2011-04-12 22:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-25 14:51 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-05-25 14:51 . 2009-08-18 19:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-25 00:14 . 2011-03-09 12:43 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-11 17:23 . 2011-04-09 16:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-24 01:22 . 2011-04-24 01:22 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-20 19:08 . 2011-03-12 14:29 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-20 19:07 . 2011-03-12 14:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-20 19:07 . 2011-04-20 19:07 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-09 07:02 . 2011-05-12 00:06 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:02 . 2011-05-12 00:06 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-12 00:06 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-06 21:26 . 2011-04-06 21:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:26 . 2011-04-06 21:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:26 . 2011-04-06 21:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:26 . 2011-04-06 21:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-25 03:29 . 2011-05-12 00:06 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:29 . 2011-05-12 00:06 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:29 . 2011-05-11 16:16 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:29 . 2011-05-12 00:06 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:29 . 2011-05-12 00:06 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:28 . 2011-05-12 00:06 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-21 18:22 . 2011-03-21 18:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-03-21 18:22 . 2011-03-21 18:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-03-21 18:22 . 2010-11-20 08:45 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-03-20 21:13 . 2010-11-20 08:46 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-03-20 20:57 . 2011-03-20 20:58 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-03-20 20:57 . 2011-03-20 20:58 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2011-03-20 20:57 . 2011-03-20 20:58 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2011-03-20 20:57 . 2011-03-20 20:58 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-03-20 20:57 . 2011-03-20 20:58 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-03-20 20:57 . 2011-03-20 20:58 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2011-03-20 20:57 . 2011-03-20 20:58 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2011-03-20 20:57 . 2011-03-20 20:58 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2011-03-20 20:57 . 2011-03-20 20:58 80488 ----a-w- c:\windows\system32\RCoInst64.dll
2011-03-20 20:57 . 2011-03-20 20:58 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2011-03-20 20:57 . 2010-11-20 08:44 1251944 ----a-w- c:\windows\RtlExUpd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-06-02 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-03 365336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Multiply AutoUploader.lnk - c:\program files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe [2011-5-29 142336]
Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
2010-11-09 20:20 586296 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-06-17 16:48 98304 ----a-w- c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 136176]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 cpuz134;cpuz134;c:\users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 Toolbar Updater Service;Toolbar Updater Service;c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-03-24 199904]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 16:47]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 16:47]
.
2011-06-14 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-06-14 09:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-03-20 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://igoogle.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-TaskTray - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-06-14 13:13:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-14 18:13
.
Pre-Run: 251,729,252,352 bytes free
Post-Run: 252,082,520,064 bytes free
.
- - End Of File - - 107E80B6C23EB7B65EE3E7F81262D398
what is on the notepad Cookie....Thanks this was kind of scarey!


----------



## mmddevansville (May 30, 2011)

Should I be too worried about not being able to get to Google, I deleted all the shart button shortcuts and may get rid of the desktop ones soon if it does that again....


----------



## mmddevansville (May 30, 2011)

I am back on line now and hoping it won't go off again....I am watching to see when you post while I get some ironing done....I am close by...


----------



## mmddevansville (May 30, 2011)

Guess we're havin dinner now...see you tomorrow!! diane


----------



## Cookiegal (Aug 27, 2003)

You were supposed to save ComboFix to the desktop. You're running it from the Temporary Internet files.

Anyway, let's leave it and do this:

Please go to the following link and run TDSSKiller:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Allow it cure anything if prompted.

Please post the log back here.


----------



## mmddevansville (May 30, 2011)

I sm running it now...will send tomorrow morning


----------



## mmddevansville (May 30, 2011)

good morning !!!
Nothing found on the scan and I have nothing but the app saved...what do you need .......there were no infections found...thanks, diane


----------



## mmddevansville (May 30, 2011)

This is Kapersky I ran last night and thought you should look at it...who knows maybe kapersky didn't find what you were thinking might be here.....I also have 82% from a 95 a few days ago on the Secunia scan...Hope you are having a good day! Diane 


2011/06/14 21:23:59.0901 6088 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/14 21:24:01.0352 6088 ================================================================================
2011/06/14 21:24:01.0352 6088 SystemInfo:
2011/06/14 21:24:01.0352 6088 
2011/06/14 21:24:01.0352 6088 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/14 21:24:01.0352 6088 Product type: Workstation
2011/06/14 21:24:01.0352 6088 ComputerName: OWNER-HP
2011/06/14 21:24:01.0352 6088 UserName: Owner
2011/06/14 21:24:01.0352 6088 Windows directory: C:\Windows
2011/06/14 21:24:01.0352 6088 System windows directory: C:\Windows
2011/06/14 21:24:01.0352 6088 Running under WOW64
2011/06/14 21:24:01.0352 6088 Processor architecture: Intel x64
2011/06/14 21:24:01.0352 6088 Number of processors: 2
2011/06/14 21:24:01.0352 6088 Page size: 0x1000
2011/06/14 21:24:01.0352 6088 Boot type: Normal boot
2011/06/14 21:24:01.0352 6088 ================================================================================
2011/06/14 21:24:02.0834 6088 Initialize success
2011/06/14 21:24:11.0227 1492 ================================================================================
2011/06/14 21:24:11.0227 1492 Scan started
2011/06/14 21:24:11.0227 1492 Mode: Manual; 
2011/06/14 21:24:11.0227 1492 ================================================================================
2011/06/14 21:24:13.0333 1492 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/06/14 21:24:13.0395 1492 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/06/14 21:24:13.0551 1492 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/06/14 21:24:13.0629 1492 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/14 21:24:13.0832 1492 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/14 21:24:13.0894 1492 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/14 21:24:14.0160 1492 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/06/14 21:24:14.0316 1492 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/06/14 21:24:14.0518 1492 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/06/14 21:24:14.0690 1492 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/06/14 21:24:14.0862 1492 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/14 21:24:15.0267 1492 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/14 21:24:15.0595 1492 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/14 21:24:15.0688 1492 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/14 21:24:15.0829 1492 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/14 21:24:15.0985 1492 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/14 21:24:16.0172 1492 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/14 21:24:16.0328 1492 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/06/14 21:24:16.0546 1492 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/14 21:24:16.0593 1492 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/14 21:24:16.0656 1492 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/14 21:24:16.0812 1492 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/06/14 21:24:17.0030 1492 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/14 21:24:17.0217 1492 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/14 21:24:17.0436 1492 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/14 21:24:17.0623 1492 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/14 21:24:17.0872 1492 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/14 21:24:18.0075 1492 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/14 21:24:18.0278 1492 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/14 21:24:18.0481 1492 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/14 21:24:18.0606 1492 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/14 21:24:18.0730 1492 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/14 21:24:18.0902 1492 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/14 21:24:18.0980 1492 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/14 21:24:19.0058 1492 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/14 21:24:19.0105 1492 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/14 21:24:19.0167 1492 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/14 21:24:19.0386 1492 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/14 21:24:19.0510 1492 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/06/14 21:24:19.0729 1492 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/14 21:24:19.0854 1492 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/14 21:24:20.0150 1492 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/14 21:24:20.0228 1492 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/06/14 21:24:20.0290 1492 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/06/14 21:24:20.0493 1492 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/14 21:24:20.0602 1492 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/14 21:24:20.0977 1492 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/14 21:24:21.0164 1492 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/06/14 21:24:21.0242 1492 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/14 21:24:21.0382 1492 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/14 21:24:21.0585 1492 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/14 21:24:21.0757 1492 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/14 21:24:21.0960 1492 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/14 21:24:22.0240 1492 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/14 21:24:22.0318 1492 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/06/14 21:24:22.0412 1492 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/14 21:24:22.0474 1492 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/14 21:24:22.0552 1492 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/14 21:24:22.0724 1492 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/14 21:24:22.0833 1492 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/14 21:24:22.0896 1492 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/14 21:24:22.0958 1492 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/06/14 21:24:23.0161 1492 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/14 21:24:23.0208 1492 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/14 21:24:23.0286 1492 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/14 21:24:23.0332 1492 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/14 21:24:23.0379 1492 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/14 21:24:23.0457 1492 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/14 21:24:23.0535 1492 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/06/14 21:24:23.0691 1492 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/14 21:24:23.0800 1492 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/14 21:24:23.0878 1492 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/14 21:24:23.0941 1492 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/14 21:24:24.0112 1492 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/14 21:24:24.0378 1492 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/14 21:24:24.0549 1492 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/06/14 21:24:24.0768 1492 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/14 21:24:24.0970 1492 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/06/14 21:24:25.0033 1492 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/06/14 21:24:25.0236 1492 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/14 21:24:25.0532 1492 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/14 21:24:25.0657 1492 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/14 21:24:25.0719 1492 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/06/14 21:24:25.0766 1492 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/14 21:24:25.0813 1492 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/14 21:24:25.0875 1492 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/14 21:24:25.0953 1492 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/14 21:24:26.0109 1492 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/14 21:24:26.0172 1492 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/06/14 21:24:26.0218 1492 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/06/14 21:24:26.0281 1492 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/06/14 21:24:26.0437 1492 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/06/14 21:24:26.0546 1492 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
2011/06/14 21:24:26.0718 1492 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
2011/06/14 21:24:26.0889 1492 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
2011/06/14 21:24:27.0045 1492 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
2011/06/14 21:24:27.0092 1492 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/06/14 21:24:27.0154 1492 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/14 21:24:27.0201 1492 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/14 21:24:27.0357 1492 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/14 21:24:27.0576 1492 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/14 21:24:27.0794 1492 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/14 21:24:27.0934 1492 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/14 21:24:27.0997 1492 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/14 21:24:28.0044 1492 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/14 21:24:28.0075 1492 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/14 21:24:28.0215 1492 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
2011/06/14 21:24:28.0324 1492 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/14 21:24:28.0402 1492 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/14 21:24:28.0480 1492 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/14 21:24:28.0543 1492 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/14 21:24:28.0605 1492 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/14 21:24:28.0777 1492 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/14 21:24:28.0933 1492 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/06/14 21:24:29.0011 1492 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/06/14 21:24:29.0042 1492 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/14 21:24:29.0120 1492 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/06/14 21:24:29.0182 1492 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/14 21:24:29.0229 1492 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/14 21:24:29.0260 1492 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/14 21:24:29.0323 1492 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/06/14 21:24:29.0370 1492 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/06/14 21:24:29.0448 1492 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/14 21:24:29.0666 1492 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/14 21:24:29.0916 1492 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/06/14 21:24:30.0181 1492 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/14 21:24:30.0352 1492 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/14 21:24:30.0618 1492 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/14 21:24:30.0836 1492 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/06/14 21:24:31.0070 1492 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/06/14 21:24:31.0320 1492 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/14 21:24:31.0538 1492 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/14 21:24:31.0756 1492 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/14 21:24:31.0990 1492 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/14 21:24:32.0209 1492 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/06/14 21:24:32.0427 1492 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/14 21:24:32.0630 1492 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/14 21:24:32.0848 1492 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/14 21:24:33.0067 1492 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/14 21:24:33.0254 1492 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/06/14 21:24:33.0457 1492 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/14 21:24:33.0582 1492 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/14 21:24:33.0909 1492 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/06/14 21:24:34.0206 1492 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/14 21:24:34.0268 1492 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/14 21:24:34.0315 1492 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/14 21:24:34.0408 1492 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/06/14 21:24:34.0580 1492 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/14 21:24:34.0705 1492 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/06/14 21:24:34.0861 1492 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/06/14 21:24:34.0923 1492 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/06/14 21:24:34.0986 1492 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/06/14 21:24:35.0095 1492 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/14 21:24:35.0142 1492 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/06/14 21:24:35.0204 1492 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/06/14 21:24:35.0251 1492 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/06/14 21:24:35.0298 1492 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/14 21:24:35.0360 1492 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/14 21:24:35.0376 1492 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/14 21:24:35.0500 1492 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/14 21:24:35.0563 1492 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/14 21:24:35.0688 1492 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/14 21:24:35.0937 1492 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/06/14 21:24:36.0031 1492 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/14 21:24:36.0140 1492 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/14 21:24:36.0187 1492 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/14 21:24:36.0218 1492 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/14 21:24:36.0249 1492 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/14 21:24:36.0312 1492 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/14 21:24:36.0358 1492 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/14 21:24:36.0390 1492 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/14 21:24:36.0452 1492 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/14 21:24:36.0499 1492 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/14 21:24:36.0546 1492 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/14 21:24:36.0577 1492 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/14 21:24:36.0608 1492 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/14 21:24:36.0655 1492 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/06/14 21:24:36.0826 1492 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/06/14 21:24:37.0107 1492 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/14 21:24:37.0294 1492 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
2011/06/14 21:24:37.0388 1492 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/14 21:24:37.0482 1492 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/14 21:24:37.0528 1492 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/14 21:24:37.0622 1492 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
2011/06/14 21:24:37.0856 1492 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/14 21:24:38.0059 1492 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/14 21:24:38.0137 1492 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/14 21:24:38.0184 1492 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/14 21:24:38.0262 1492 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/06/14 21:24:38.0277 1492 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/14 21:24:38.0308 1492 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/14 21:24:38.0340 1492 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/14 21:24:38.0527 1492 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/14 21:24:38.0620 1492 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/14 21:24:38.0823 1492 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/14 21:24:39.0010 1492 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/14 21:24:39.0088 1492 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/06/14 21:24:39.0135 1492 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/14 21:24:39.0229 1492 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/06/14 21:24:39.0385 1492 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/06/14 21:24:39.0541 1492 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/06/14 21:24:39.0634 1492 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/14 21:24:39.0744 1492 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/14 21:24:39.0806 1492 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/06/14 21:24:40.0009 1492 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/14 21:24:40.0180 1492 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/06/14 21:24:40.0430 1492 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/14 21:24:40.0539 1492 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/14 21:24:40.0602 1492 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/14 21:24:40.0633 1492 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/14 21:24:40.0726 1492 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/14 21:24:40.0804 1492 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/06/14 21:24:41.0038 1492 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/14 21:24:41.0241 1492 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/14 21:24:41.0428 1492 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/14 21:24:41.0506 1492 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/14 21:24:41.0569 1492 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/14 21:24:41.0631 1492 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/14 21:24:41.0772 1492 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/14 21:24:41.0881 1492 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/14 21:24:42.0052 1492 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/06/14 21:24:42.0115 1492 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/14 21:24:42.0177 1492 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/06/14 21:24:42.0208 1492 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/14 21:24:42.0255 1492 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/06/14 21:24:42.0458 1492 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/14 21:24:42.0536 1492 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/14 21:24:42.0583 1492 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/14 21:24:42.0630 1492 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/14 21:24:42.0723 1492 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/14 21:24:42.0786 1492 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/14 21:24:42.0864 1492 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/14 21:24:43.0066 1492 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/14 21:24:43.0176 1492 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/14 21:24:43.0363 1492 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/06/14 21:24:43.0550 1492 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/06/14 21:24:43.0737 1492 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/06/14 21:24:43.0878 1492 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/06/14 21:24:44.0080 1492 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/06/14 21:24:44.0314 1492 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/14 21:24:44.0486 1492 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/14 21:24:44.0720 1492 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/14 21:24:44.0923 1492 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/14 21:24:45.0141 1492 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/14 21:24:45.0360 1492 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 21:24:45.0391 1492 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 21:24:45.0609 1492 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/14 21:24:45.0796 1492 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/14 21:24:46.0062 1492 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/14 21:24:46.0155 1492 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/14 21:24:46.0436 1492 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/14 21:24:46.0686 1492 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/14 21:24:46.0920 1492 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/06/14 21:24:47.0154 1492 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/14 21:24:47.0481 1492 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/06/14 21:24:47.0559 1492 MBR (0x1B8) (b09fc9269d6acf393cf1d800183bb948) \Device\Harddisk0\DR0
2011/06/14 21:24:47.0575 1492 ================================================================================
2011/06/14 21:24:47.0575 1492 Scan finished
2011/06/14 21:24:47.0575 1492 ================================================================================
2011/06/14 21:24:47.0590 5056 Detected object count: 0
2011/06/14 21:24:47.0590 5056 Actual detected object count: 0
2011/06/14 21:24:57.0216 2332 Deinitialize success


----------



## mmddevansville (May 30, 2011)

I just now did malwarebytes and there was only 1 thing a rogue...I am wondering what to do?? take care, diane


----------



## mmddevansville (May 30, 2011)

This is it cookie...I hope this may help and I just did the Secunia, all thats left is adobe shockwave which I have been searching for everywhere and just cannot find a free that will download from adobe page....looks like I may be buying a new one when I get the printer....oh well...thanks .......diane
The music is playing with no freezes while I stay busy....that is a big improvement from a couple weeks ago....

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6861
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
6/15/2011 1:36:40 PM
mbam-log-2011-06-15 (13-36-40).txt
Scan type: Quick scan
Objects scanned: 177499
Time elapsed: 5 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Owner\Desktop\free software downloads and software reviews - cnet download.com.url (Rogue.Link) -> Quarantined and deleted successfully.


----------



## Cookiegal (Aug 27, 2003)

Sorry, I hadn't seen the last post as it was on the next page. I'll post back soon.


----------



## mmddevansville (May 30, 2011)

mmddevansville said:


> This is it cookie...I hope this may help and I just did the Secunia, all thats left is adobe shockwave which I have been searching for everywhere and just cannot find a free that will download from adobe page....looks like I may be buying a new one when I get the printer....oh well...thanks .......diane
> The music is playing with no freezes while I stay busy....that is a big improvement from a couple weeks ago....
> 
> Malwarebytes' Anti-Malware 1.51.0.1200
> ...


----------



## Cookiegal (Aug 27, 2003)

What does Secunia say about Adobe Shockwave?


----------



## mmddevansville (May 30, 2011)

Ok I am working as hard as I can when you are off line to get all I can so we can get it done. see you diane


----------



## mmddevansville (May 30, 2011)

To install update solution, when I do that it directs me to adobe page with download, but it is blank after I hit it...I am thinking it wants me to purchase it but this is a patch I am not sure but know that even after trying twice it did the same thing so I moved on to get other things checkd. There is nothing but instructions on the adobe downlad page and a tiny blue circle/


----------



## Cookiegal (Aug 27, 2003)

Please post a screenshot of the Secunia report.


----------



## mmddevansville (May 30, 2011)

Cookie I think there could still be something attacking my laptop...The e-mail does not load in right...a different sort of view????Anyway I am turning on Kapersky while we wait for the results I will be here until 5 and am hoping that was nothing I just saw on my insight...e-mail..gotta get to this..diane


----------



## mmddevansville (May 30, 2011)

Going to Secunia and just finished posting asking for insrtruct on cut paste anything to get you the results...I will go back and see if anyone has written me back...


----------



## mmddevansville (May 30, 2011)

Nothing yet I can highlight the secunia page but its inside a scroll box and won't let me pick it up and try to paste it..jeepers


----------



## Cookiegal (Aug 27, 2003)

Can you just type it?


----------



## mmddevansville (May 30, 2011)

I am right on it...Its quite lengthy but I will hit the highpoints..


----------



## mmddevansville (May 30, 2011)

Here it is and I was not needing to do the long page, as it is a history of whats been done by Secunia... I sure hope not anywat

Adobe Shockwv Playr...10.x End of Life 10.4.1.29 High threat..one bar left on rating before it goes off charts.. tried fixing it over and over

Micro soft XMC Core Svcs. (MSXML)4x

Sun Java 1.6.x/6.x windows update scheduled


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## mmddevansville (May 30, 2011)

Here it is cookie.....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:11:31 PM, on 6/15/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 
O4 - Startup: Multiply AutoUploader.lnk = C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Toolbar Updater Service - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12174 bytes


----------



## Cookiegal (Aug 27, 2003)

It was the uninstall list from HijackThis that I wanted please.


----------



## mmddevansville (May 30, 2011)

I am trying this morning to get the Kapersky back on..seems like I have one after another...it has to do with the password prompt I have been getting...be back to the site shortly...diane


----------



## mmddevansville (May 30, 2011)

Here is Hijack list....Thanks cookie!!

=== Verbose logging started: 6/17/2011 7:50:21 Build type: SHIP UNICODE 5.00.7601.00 Calling process: C:\Windows\SysWOW64\msiexec.exe ===
MSI (c) (FC:E0) [07:50:21:587]: Resetting cached policy values
MSI (c) (FC:E0) [07:50:21:587]: Machine policy value 'Debug' is 0
MSI (c) (FC:E0) [07:50:21:587]: ******* RunEngine:
******* Product: {4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
******* Action: 
******* CommandLine: **********
MSI (c) (FC:E0) [07:50:21:587]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (FC:E0) [07:50:21:587]: Grabbed execution mutex.
MSI (c) (FC:E0) [07:50:21:603]: Cloaking enabled.
MSI (c) (FC:E0) [07:50:21:603]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (FC:E0) [07:50:21:603]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:48) [07:50:21:650]: Running installation inside multi-package transaction {4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
MSI (s) (B0:48) [07:50:21:650]: Grabbed execution mutex.
MSI (s) (B0:9C) [07:50:21:650]: Resetting cached policy values
MSI (s) (B0:9C) [07:50:21:650]: Machine policy value 'Debug' is 0
MSI (s) (B0:9C) [07:50:21:650]: ******* RunEngine:
******* Product: {4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
******* Action: 
******* CommandLine: **********
MSI (s) (B0:9C) [07:50:21:650]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (B0:9C) [07:50:21:650]: MainEngineThread is returning 1605
MSI (s) (B0:48) [07:50:21:650]: User policy value 'DisableRollback' is 0
MSI (s) (B0:48) [07:50:21:650]: Machine policy value 'DisableRollback' is 0
MSI (s) (B0:48) [07:50:21:650]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:48) [07:50:21:650]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:48) [07:50:21:650]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:48) [07:50:21:650]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:48) [07:50:21:650]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:48) [07:50:21:650]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (B0:48) [07:50:21:650]: Restoring environment variables
MSI (c) (FC:E0) [07:50:21:650]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (FC:E0) [07:50:21:650]: MainEngineThread is returning 1605
=== Verbose logging stopped: 6/17/2011 7:50:21 ===
=== Verbose logging started: 6/17/2011 7:50:41 Build type: SHIP UNICODE 5.00.7601.00 Calling process: C:\Windows\SysWOW64\msiexec.exe ===
MSI (c) (2C:F0) [07:50:41:165]: Resetting cached policy values
MSI (c) (2C:F0) [07:50:41:165]: Machine policy value 'Debug' is 0
MSI (c) (2C:F0) [07:50:41:165]: ******* RunEngine:
******* Product: {D0DCD54F-C829-41A5-AF32-71E632BB0E2C}
******* Action: 
******* CommandLine: **********
MSI (c) (2C:F0) [07:50:41:165]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (2C:F0) [07:50:41:165]: Grabbed execution mutex.
MSI (c) (2C:F0) [07:50:41:181]: Cloaking enabled.
MSI (c) (2C:F0) [07:50:41:181]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (2C:F0) [07:50:41:196]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:48) [07:50:41:196]: Running installation inside multi-package transaction {D0DCD54F-C829-41A5-AF32-71E632BB0E2C}
MSI (s) (B0:48) [07:50:41:196]: Grabbed execution mutex.
MSI (s) (B0:74) [07:50:41:196]: Resetting cached policy values
MSI (s) (B0:74) [07:50:41:196]: Machine policy value 'Debug' is 0
MSI (s) (B0:74) [07:50:41:196]: ******* RunEngine:
******* Product: {D0DCD54F-C829-41A5-AF32-71E632BB0E2C}
******* Action: 
******* CommandLine: **********
MSI (s) (B0:74) [07:50:41:196]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (B0:74) [07:50:41:196]: MainEngineThread is returning 1605
MSI (s) (B0:48) [07:50:41:196]: User policy value 'DisableRollback' is 0
MSI (s) (B0:48) [07:50:41:196]: Machine policy value 'DisableRollback' is 0
MSI (s) (B0:48) [07:50:41:196]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:48) [07:50:41:196]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:48) [07:50:41:196]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:48) [07:50:41:196]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:48) [07:50:41:196]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:48) [07:50:41:196]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (B0:48) [07:50:41:196]: Restoring environment variables
MSI (c) (2C:F0) [07:50:41:196]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (2C:F0) [07:50:41:196]: MainEngineThread is returning 1605
=== Verbose logging stopped: 6/17/2011 7:50:41 ===
=== Verbose logging started: 6/17/2011 7:50:41 Build type: SHIP UNICODE 5.00.7601.00 Calling process: C:\Windows\SysWOW64\msiexec.exe ===
MSI (c) (50:2C) [07:50:41:852]: Resetting cached policy values
MSI (c) (50:2C) [07:50:41:852]: Machine policy value 'Debug' is 0
MSI (c) (50:2C) [07:50:41:852]: ******* RunEngine:
******* Product: {C774410D-3EF9-4DE7-AC01-332613163ECF}
******* Action: 
******* CommandLine: **********
MSI (c) (50:2C) [07:50:41:852]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (50:2C) [07:50:41:852]: Grabbed execution mutex.
MSI (c) (50:2C) [07:50:41:867]: Cloaking enabled.
MSI (c) (50:2C) [07:50:41:867]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (50:2C) [07:50:41:883]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:48) [07:50:41:883]: Running installation inside multi-package transaction {C774410D-3EF9-4DE7-AC01-332613163ECF}
MSI (s) (B0:48) [07:50:41:883]: Grabbed execution mutex.
MSI (s) (B0:38) [07:50:41:883]: Resetting cached policy values
MSI (s) (B0:38) [07:50:41:883]: Machine policy value 'Debug' is 0
MSI (s) (B0:38) [07:50:41:883]: ******* RunEngine:
******* Product: {C774410D-3EF9-4DE7-AC01-332613163ECF}
******* Action: 
******* CommandLine: **********
MSI (s) (B0:38) [07:50:41:883]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (B0:38) [07:50:41:883]: MainEngineThread is returning 1605
MSI (s) (B0:48) [07:50:41:883]: User policy value 'DisableRollback' is 0
MSI (s) (B0:48) [07:50:41:883]: Machine policy value 'DisableRollback' is 0
MSI (s) (B0:48) [07:50:41:883]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:48) [07:50:41:883]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:48) [07:50:41:883]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:48) [07:50:41:883]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:48) [07:50:41:883]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:48) [07:50:41:883]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (B0:48) [07:50:41:883]: Restoring environment variables
MSI (c) (50:2C) [07:50:41:883]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (50:2C) [07:50:41:883]: MainEngineThread is returning 1605
=== Verbose logging stopped: 6/17/2011 7:50:41 ===
=== Verbose logging started: 6/17/2011 7:50:43 Build type: SHIP UNICODE 5.00.7601.00 Calling process: C:\Windows\SysWOW64\msiexec.exe ===
MSI (c) (FC:EC) [07:50:43:646]: Resetting cached policy values
MSI (c) (FC:EC) [07:50:43:646]: Machine policy value 'Debug' is 0
MSI (c) (FC:EC) [07:50:43:646]: ******* RunEngine:
******* Product: {75193929-9A52-4CA4-98DE-8C7296940920}
******* Action: 
******* CommandLine: **********
MSI (c) (FC:EC) [07:50:43:646]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (FC:EC) [07:50:43:646]: Grabbed execution mutex.
MSI (c) (FC:EC) [07:50:43:661]: Cloaking enabled.
MSI (c) (FC:EC) [07:50:43:661]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (FC:EC) [07:50:43:661]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:48) [07:50:43:661]: Running installation inside multi-package transaction {75193929-9A52-4CA4-98DE-8C7296940920}
MSI (s) (B0:48) [07:50:43:661]: Grabbed execution mutex.
MSI (s) (B0:FC) [07:50:43:661]: Resetting cached policy values
MSI (s) (B0:FC) [07:50:43:661]: Machine policy value 'Debug' is 0
MSI (s) (B0:FC) [07:50:43:661]: ******* RunEngine:
******* Product: {75193929-9A52-4CA4-98DE-8C7296940920}
******* Action: 
******* CommandLine: **********
MSI (s) (B0:FC) [07:50:43:661]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (B0:FC) [07:50:43:677]: MainEngineThread is returning 1605
MSI (s) (B0:48) [07:50:43:677]: User policy value 'DisableRollback' is 0
MSI (s) (B0:48) [07:50:43:677]: Machine policy value 'DisableRollback' is 0
MSI (s) (B0:48) [07:50:43:677]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:48) [07:50:43:677]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:48) [07:50:43:677]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:48) [07:50:43:677]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:48) [07:50:43:677]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:48) [07:50:43:677]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (B0:48) [07:50:43:677]: Restoring environment variables
MSI (c) (FC:EC) [07:50:43:677]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (FC:EC) [07:50:43:677]: MainEngineThread is returning 1605
=== Verbose logging stopped: 6/17/2011 7:50:43 ===
=== Verbose logging started: 6/17/2011 7:51:11 Build type: SHIP UNICODE 5.00.7601.00 Calling process: C:\Windows\SysWOW64\msiexec.exe ===
MSI (c) (54:68) [07:51:11:538]: Resetting cached policy values
MSI (c) (54:68) [07:51:11:538]: Machine policy value 'Debug' is 0
MSI (c) (54:68) [07:51:11:538]: ******* RunEngine:
******* Product: {6C8342CD-1489-4BF7-BB05-6CE70F2619DF}
******* Action: 
******* CommandLine: **********
MSI (c) (54:68) [07:51:11:538]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (54:68) [07:51:11:538]: Grabbed execution mutex.
MSI (c) (54:68) [07:51:11:554]: Cloaking enabled.
MSI (c) (54:68) [07:51:11:554]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (54:68) [07:51:11:570]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:04) [07:51:11:570]: Running installation inside multi-package transaction {6C8342CD-1489-4BF7-BB05-6CE70F2619DF}
MSI (s) (B0:04) [07:51:11:570]: Grabbed execution mutex.
MSI (s) (B0:70) [07:51:11:570]: Resetting cached policy values
MSI (s) (B0:70) [07:51:11:570]: Machine policy value 'Debug' is 0
MSI (s) (B0:70) [07:51:11:570]: ******* RunEngine:
******* Product: {6C8342CD-1489-4BF7-BB05-6CE70F2619DF}
******* Action: 
******* CommandLine: **********
MSI (s) (B0:70) [07:51:11:570]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (B0:70) [07:51:11:570]: MainEngineThread is returning 1605
MSI (s) (B0:04) [07:51:11:570]: User policy value 'DisableRollback' is 0
MSI (s) (B0:04) [07:51:11:570]: Machine policy value 'DisableRollback' is 0
MSI (s) (B0:04) [07:51:11:570]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:04) [07:51:11:570]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:04) [07:51:11:570]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:04) [07:51:11:570]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:04) [07:51:11:570]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:04) [07:51:11:570]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (B0:04) [07:51:11:570]: Restoring environment variables
MSI (c) (54:68) [07:51:11:570]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (54:68) [07:51:11:570]: MainEngineThread is returning 1605
=== Verbose logging stopped: 6/17/2011 7:51:11 ===
=== Verbose logging started: 6/17/2011 7:51:15 Build type: SHIP UNICODE 5.00.7601.00 Calling process: C:\Windows\SysWOW64\msiexec.exe ===
MSI (c) (7C:78) [07:51:15:267]: Resetting cached policy values
MSI (c) (7C:78) [07:51:15:267]: Machine policy value 'Debug' is 0
MSI (c) (7C:78) [07:51:15:267]: ******* RunEngine:
******* Product: {79B986AD-54D8-4498-AA06-89808829ACC0}
******* Action: 
******* CommandLine: **********
MSI (c) (7C:78) [07:51:15:267]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (7C:78) [07:51:15:267]: Grabbed execution mutex.
MSI (c) (7C:78) [07:51:15:282]: Cloaking enabled.
MSI (c) (7C:78) [07:51:15:282]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (7C:78) [07:51:15:282]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:04) [07:51:15:282]: Running installation inside multi-package transaction {79B986AD-54D8-4498-AA06-89808829ACC0}
MSI (s) (B0:04) [07:51:15:282]: Grabbed execution mutex.
MSI (s) (B0:10) [07:51:15:282]: Resetting cached policy values
MSI (s) (B0:10) [07:51:15:282]: Machine policy value 'Debug' is 0
MSI (s) (B0:10) [07:51:15:282]: ******* RunEngine:
******* Product: {79B986AD-54D8-4498-AA06-89808829ACC0}
******* Action: 
******* CommandLine: **********
MSI (s) (B0:10) [07:51:15:282]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (B0:10) [07:51:15:282]: MainEngineThread is returning 1605
MSI (s) (B0:04) [07:51:15:282]: User policy value 'DisableRollback' is 0
MSI (s) (B0:04) [07:51:15:282]: Machine policy value 'DisableRollback' is 0
MSI (s) (B0:04) [07:51:15:282]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B0:04) [07:51:15:282]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:04) [07:51:15:282]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (B0:04) [07:51:15:282]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:04) [07:51:15:282]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2 
MSI (s) (B0:04) [07:51:15:282]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (B0:04) [07:51:15:282]: Restoring environment variables
MSI (c) (7C:78) [07:51:15:298]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (7C:78) [07:51:15:298]: MainEngineThread is returning 1605
=== Verbose logging stopped: 6/17/2011 7:51:15 ===


----------



## Cookiegal (Aug 27, 2003)

Again, that's not the correct log. Please follow these instructions carefully:

Open HijackThis and click on Config and then on Misc Tools then Open Uninstall Manager. Finally, click on Save List and save it in Notepad. Please copy and paste the log here.


----------



## mmddevansville (May 30, 2011)

Here it is and I got Kapersky re-installed finally!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:48:56 PM, on 6/17/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: StartNowToolbarHelper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Multiply AutoUploader.lnk = C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Toolbar Updater Service - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12609 bytes


----------



## Cookiegal (Aug 27, 2003)

Are you reading the instructions that I post?


----------



## mmddevansville (May 30, 2011)

I must have sent the wrong thing...will be back online tomorrow...Sorry...diane


----------



## mmddevansville (May 30, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:16:43 AM, on 6/20/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Owner\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: StartNowToolbarHelper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Multiply AutoUploader.lnk = C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Toolbar Updater Service - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner -

This is the hijack log I sure hope this helps...diane

C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12611 bytes


----------



## mmddevansville (May 30, 2011)

Is this one it? I hope so if not I have two kaperskys I was emailed to send you too, if you need them...diane


----------



## Cookiegal (Aug 27, 2003)

I'm sorry but I think if you're stilling having problems the best thing would be to back up your important stuff like documents, photos, music, etc. and reformat the machine.


----------



## mmddevansville (May 30, 2011)

Do you think its probably a serious threat or something? It has taken a while to do this but every since the internet guy came yesterday to put battery back in its seemed fine...I have been on Secunia and finally got the flash player issue fixed, even though I do believe it had no reason, but they have knowledge from scans as you do to figure it out....I will do as you said.. I have no way to get cds to back this up since he is out of town working...just knew I should have re-done that old back-up but ran out of discs... I am taking it to the office and hooking it up so I will have the best connection...thats here in our home....I am going to be sure to find some discs somehow


----------



## Cookiegal (Aug 27, 2003)

The main question is are you having any problems with the system right now?


----------



## mmddevansville (May 30, 2011)

Cookie, I think my suspicions were correct on the Air thing....I am going to quarantine this.....just done less than 5 min. ago....will write tomorrow....diane




Vulnerability Scan: completed 2 minutes ago (events: 66, objects: 65085, time: 00:20:55)	
Result: Detected (29)	
Result: Packed (35)	
6/22/2011 6:48:06 PM	C:\Program Files (x86)\Adobe\Acrobat.com\bin-debug\AppContainer_en_US_prod.swf 
6/22/2011 6:49:32 PM	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.swf 
6/22/2011 6:49:33 PM	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\stylesNative.swf 
6/22/2011 6:49:34 PM	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\setup.swf 
6/22/2011 6:57:06 PM	C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\ISSetup.dll 
6/22/2011 6:57:06 PM	C:\Program Files (x86)\InstallShield Installation Information\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\ISSetup.dll 
6/22/2011 6:57:06 PM	C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\ISSetup.dll 
6/22/2011 6:57:08 PM	C:\Program Files (x86)\InstallShield Installation Information\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\ISSetup.dll 
6/22/2011 6:57:08 PM	C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\ISSetup.dll 
6/22/2011 6:57:09 PM	C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\ISSetup.dll 
6/22/2011 6:57:09 PM	C:\Program Files (x86)\InstallShield Installation Information\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\ISSetup.dll 
6/22/2011 6:57:13 PM	C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\ISSetup.dll 
6/22/2011 6:57:13 PM	C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\ISSetup.dll/PE_Patch.PECompact 
6/22/2011 6:57:13 PM	C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\ISSetup.dll/PE_Patch.PECompact/PecBundle 
6/22/2011 6:57:13 PM	C:\Program Files (x86)\InstallShield Installation Information\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\ISSetup.dll 
6/22/2011 6:57:13 PM	C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\ISSetup.dll 
6/22/2011 6:57:14 PM	C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\ISSetup.dll 
6/22/2011 6:57:14 PM	C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\ISSetup.dll/PE_Patch.PECompact 
6/22/2011 6:57:14 PM	C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\ISSetup.dll/PE_Patch.PECompact/PecBundle 
6/22/2011 6:57:14 PM	C:\Program Files (x86)\InstallShield Installation Information\{889C6F39-241F-4119-8026-1B2F4A124839}\ISSetup.dll 
6/22/2011 6:57:20 PM	C:\Program Files (x86)\InstallShield Installation Information\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\ISSetup.dll 
6/22/2011 6:57:20 PM	C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\ISSetup.dll 
6/22/2011 6:57:20 PM	C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ISSetup.dll 
6/22/2011 6:57:27 PM	C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\ISSetup.dll 
6/22/2011 6:57:27 PM	C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\ISSetup.dll 
6/22/2011 7:01:07 PM	C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\AutoUploader.swf 
6/22/2011 7:01:07 PM	C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\god.swf 
6/22/2011 7:01:48 PM	C:\Program Files (x86)\RegZooka\RegZookaCleanup.exe 
6/22/2011 7:01:48 PM	C:\Program Files (x86)\RegZooka\Update.exe 
6/22/2011 7:01:48 PM	C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe 
6/22/2011 7:01:49 PM	C:\Program Files (x86)\RegZooka\RegZooka.exe 
6/22/2011 7:08:05 PM	C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe 
6/22/2011 7:08:05 PM	C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe/PE_Patch.PECompact 
6/22/2011 7:08:06 PM	C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe/PE_Patch.PECompact/PecBundle 
6/22/2011 7:08:08 PM	C:\Windows\SysWOW64\drivers\dfg.sys 
Result: Task started (1)	
Result: Task completed (1)	
Startup Objects Scan: running (events: 1, objects: 0, time: 00:00:07)	
Result: Task started (1)


----------



## mmddevansville (May 30, 2011)

Good Morning!! Cookie....does windows defender have to run, when it wants to?? I have not had any issue with it, I am doing back up on new discs I bought yesterday, and it skipped files....should I use my maxtor that I used on the old dell insipon I had....I thought that wasn't a good idea....I think the disc is about to pop out...will be back...I am doing what you said, you know lots more than me and I am going to do what I am supposed to with these discs and am labeling them....trying to keep from worrying about it, just need to do this correctly so I won't have to keep starting over with it!!!


----------



## mmddevansville (May 30, 2011)

Just in case you might need this, it was the results....skipped files Thank you Diane The computer seems to be fine but I do know this back-up was needed and you suggested it and well I am going to Secunia to see if I can do something about the last program that it needs me to install/re-install that is... I am going to get all I can done today since I have not alot to do here at home, and its important to finish it...thanks 

Backup encountered a problem while backing up file C:\Users\Owner\Desktop\Microsoft Office. ErrorThe system cannot find the file specified. (0x80070002))
Backup encountered a problem while backing up file C:\Users\Owner\Desktop\Microsoft Office. ErrorThe system cannot find the file specified. (0x80070002))


----------



## Cookiegal (Aug 27, 2003)

There is nothing wrong with that scan from Kaspersky. It's not detecting malware. 

I don't really know what you mean about Adobe Air. There's no need to quarantine it.

I've been trying to get you to post the uninstall list using HijackThis but you've failed to do so and I can't do any more unless you do that. I'll post the instructions again.

Open HijackThis, run the regular scan, then click on the button that says "config" in the lower right-hand side. Then at the top fo the next screen click on Misc Tools and then click on "Open Uninstall Manager" then click on "Save List". Save it in Notepad and then copy and paste the contents here please.


----------



## mmddevansville (May 30, 2011)

I meant that on Secunia I am advised to do something, like patch it, reinstall..... Thanks, I just get worried and mess up, but I cannot find a file log when I do this....I promise to get it done if I can find it, I will go really slow and stop worrying that something is wrong, that probably isn't ok? I didn't mean to mess it up...thank you and I will be back when I have the file....for you to look at. diane


----------



## Cookiegal (Aug 27, 2003)

It's probably an outdated version. Take your time and read the instructions carefully and you'll get the correct log. It will be a long list of programs that are installed on your computer.


----------



## mmddevansville (May 30, 2011)

I did as you said and I just know its right this time, but don't take my computer dummie word for it!!!!!!!!

Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5 MUI
Adobe Shockwave Player 11.5
Adobe Shockwave Player 11.6
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Catalyst Control Center - Branding
CinemaNow Media Manager
CyberLink DVD Suite
CyberLink DVD Suite
CyberLink MediaShow
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink PowerDVD 9
CyberLink YouCam
CyberLink YouCam
Definition update for Microsoft Office 2010 (KB982726)
Energy Star Digital Logo
ESU for Microsoft Windows 7
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HP Customer Experience Enhancements
HP Documentation
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
InstallIQ Updater
Java(TM) 6 Update 24
Junk Mail filter update
Kaspersky Anti-Virus 2011
Kaspersky Internet Security 2011
LabelPrint
LabelPrint
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
Multiply AutoUploader
Multiply AutoUploader
NetAssistant
PhotoNow!
PhotoNow!
Power2Go
Power2Go
PowerDirector
PowerDirector
QuickTime
Radio365 2.1
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RegZooka
Roxio CinemaNow 2.0
Safari
Secunia CSI (4.1.0.2007)
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
StartNow Toolbar 2.0
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Microsoft Outlook Social Connector (KB2441641)
Window Shopper
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Install Manager
Yahoo! Widgets


----------



## mmddevansville (May 30, 2011)

I am sorry its taken weeks to do this...I had no idea these things take a long time....You have been great and very very patient....diane


----------



## mmddevansville (May 30, 2011)

Cookie this is really odd...I have been doing a back-up and I am thinking of doing it on the old maxtor, just a couple years old, I know it has space surely...the cd thing is wierd and I used 5 of them...whenever you can get to it I will do this the way you say too...


----------



## Cookiegal (Aug 27, 2003)

What are you trying to back up on the Maxtor drive? Is it just documents, music, photos?

Please click on this link and report back the version of Adobe Flash it says you have:

http://www.adobe.com/software/flash/about/


----------



## mmddevansville (May 30, 2011)

just the windows back up that I should have done....a few months


----------



## mmddevansville (May 30, 2011)

Adobe 10.3.181.26


----------



## Cookiegal (Aug 27, 2003)

Uninstall the following via the Control Panel - Add or Remove programs:

Adobe AIR
Adobe Reader 9.4.5 MUI
Adobe Shockwave Player 11.5
Adobe Shockwave Player 11.6

If you use the GoogleToolbar you can keep it but I recommend uninstalling it (both of the following):

Google Toolbar for Internet Explorer
Google Update Helper

You have both of these:

Kaspersky Anti-Virus 2011
Kaspersky Internet Security 2011

I don't know if they're both current or not but you should only be running one or the other so you'll have to uninstall one of those Kaspersky programs.

Go to the following link and install the latest version of Adobe Reader:

http://get.adobe.com/reader/

Be sure to uncheck (opt out) of any additional program or toolbar that may come with it.

Once you've done all of the above, please post a new HijackThis uninstall list as well as the regular HijackThis scan log.


----------



## mmddevansville (May 30, 2011)

I have run into a glitch....all my programs are in reverse abc order, acrobat reader has not gone on yeat but I am still trying...will work on hijack in the meantime...diane


----------



## mmddevansville (May 30, 2011)

Here we are now I am going to check and see if Reader got on here....

ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Catalyst Control Center - Branding
CinemaNow Media Manager
CyberLink DVD Suite
CyberLink DVD Suite
CyberLink MediaShow
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink PowerDVD 9
CyberLink YouCam
CyberLink YouCam
Definition update for Microsoft Office 2010 (KB982726)
Energy Star Digital Logo
ESU for Microsoft Windows 7
HP Customer Experience Enhancements
HP Documentation
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
InstallIQ Updater
Java(TM) 6 Update 24
Junk Mail filter update
Kaspersky Anti-Virus 2011
Kaspersky Internet Security 2011
LabelPrint
LabelPrint
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
Multiply AutoUploader
Multiply AutoUploader
NetAssistant
PhotoNow!
PhotoNow!
Power2Go
Power2Go
PowerDirector
PowerDirector
QuickTime
Radio365 2.1
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RegZooka
Roxio CinemaNow 2.0
Safari
Secunia CSI (4.1.0.2007)
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
StartNow Toolbar 2.0
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Microsoft Outlook Social Connector (KB2441641)
Window Shopper
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Install Manager
Yahoo! Widgets


----------



## mmddevansville (May 30, 2011)

Reader is installing right now...I just checked and it started up as quick as I clicked on the program??? Sure its ok!!! thank goodness....goong to the kitchen will be back in a snap...diane


----------



## mmddevansville (May 30, 2011)

I download screen is on the far left of my screen just about an inch is showing and I can't beleive this...I will try to click on there and hope it goes through.....I t won't move when I try with the mouse...probably nothing


----------



## mmddevansville (May 30, 2011)

Just checked Adobe Reader is on my program list!!! voila!!! thanks cookie. I guess I am ready for anything now!!!!!


----------



## mmddevansville (May 30, 2011)

When I open internet explorer 9 here what should I see?? I really don't know what to think when google is opening fine, but internet won't show the page....its an unexplainable thing for some other day....jeepers...I am full of weird things...I do know how to use this thing...maybe thats why I recognize it, well not a teacher or anything....will go for now and may be back in a couple hours or so since I must get dinner going, Cookie.....I do not see how you do all this!!!!!!!!!!! I am fine, just need a break for a couple hours...have a great evening!!


----------



## Cookiegal (Aug 27, 2003)

OK, let me see the new uninstall list after installing Adobe Reader please.


----------



## mmddevansville (May 30, 2011)

I can't windows won't let me open it I will keep looking for a few minutes


----------



## mmddevansville (May 30, 2011)

I will have to send it by e-mail...can you send the address....thanks or else I will find it....on tech guy..


----------



## mmddevansville (May 30, 2011)

I made it into a microsoft word doc and pasted it...hope its readable for you....have a good night....diane


ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Catalyst Control Center - Branding
CinemaNow Media Manager
CyberLink DVD Suite
CyberLink DVD Suite
CyberLink MediaShow
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink PowerDVD 9
CyberLink YouCam
CyberLink YouCam
Definition update for Microsoft Office 2010 (KB982726)
Energy Star Digital Logo
ESU for Microsoft Windows 7
HP Customer Experience Enhancements
HP Documentation
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
InstallIQ Updater
Java(TM) 6 Update 24
Junk Mail filter update
Kaspersky Anti-Virus 2011
Kaspersky Internet Security 2011
LabelPrint
LabelPrint
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010


----------



## Cookiegal (Aug 27, 2003)

Have you not yet installed Adobe Reader and uninstalled one of the Kaspersky programs?


----------



## mmddevansville (May 30, 2011)

I did the Kapersky last week and the Adobe Reader yesterday>>>>Is something wrong there?


----------



## mmddevansville (May 30, 2011)

I know the Kapersky I am running is ok, I looked under control panel, programs uninstall and only found one Kapersky program, maybe I looked in the wrong place....


----------



## Cookiegal (Aug 27, 2003)

Adobe Reader is not showing in the uninstall list so either you didn't install it or you installed it after you created the list.

Also, both Kaspersky programs are still listed. Which one are you seeing in Add or Remove Programs?


----------



## mmddevansville (May 30, 2011)

Anti-virus..its in the control panel, surely I am not looking in the wrong place??


----------



## mmddevansville (May 30, 2011)

Cookie, I beleive you, why am I able to open it from my programs and everything comes up, before nothing but a red page, as for Kapersky I took it off when they gave me instructions from the e-mail I sent and they kept it on my other account with the same numbers to trace it...this is odd isn't it??? What do we do??


----------



## Cookiegal (Aug 27, 2003)

Is Adobe Reader showing in Add or Remove Programs in the Control Panel?

I assume you have the product key for Kaspersky so you can uninstall and reinstall it? If so, please uninstall the Kaspersky Anti-Virus via the Control Panel - Add or Remove Programs. Then download and run this removal tool to be sure everything is removed:

http://support.kaspersky.com/faq/?qid=208279463

Then reboot the computer and reinstall the Kaspersky product that you want and have the key for.

Once you've done that, please post a new uninstall list from HijackThis.


----------



## mmddevansville (May 30, 2011)

Yes I have the box...and its there...I will get right on this...I am supposed to close everything down, I don't have to remove the firewall during this do I?


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> Yes I have the box...and its there...I will get right on this...I am supposed to close everything down, I don't have to remove the firewall during this do I?


Not the Windows firewall (you can't remove that) but the Kaspersky firewall will be removed as it's part of Kaskpersky Internet Security.

Which product will you be reinstalling? Kaspersky Anti-Virus or Kaspersky Internet Security?


----------



## mmddevansville (May 30, 2011)

Cookie, I got an error message 1723, there was a problem with the installation ....I will go back and try to take it off again....I am running a bads antivirus aren't I???? I can't beleive this....


----------



## mmddevansville (May 30, 2011)

I couldn't do it so I am trying to repair, my internet or something may be interrupted during this it said


----------



## mmddevansville (May 30, 2011)

The Kapersky has now been repaired, the antivirus updated and I am hoping pages will load quicker than they have been so I can see when you write....I am doing all I can and will take it off now if you want to and put it back on...I have about an hour before I go and get him...to finish work up for the week....


----------



## mmddevansville (May 30, 2011)

I just took off three Apple programs and support things since I am not using my ipod anyway and I hope that will help something..Secunia is giving my software 97% so that is the highest been since I have used this to help figure it out right before I found you...


----------



## Cookiegal (Aug 27, 2003)

Were you able to reinstall Kaspersky?

Please post a new uninstall list.


----------



## mmddevansville (May 30, 2011)

its still there and works and we don't have to go so i have time to work on this


----------



## mmddevansville (May 30, 2011)

I can't beleive I didn't know there was an error when I installed Kaperstky, I just thought it was fine, I guess its the computer...I got allyahoo and apple software off of this computer and I am going to check to make sure it got off for sure..


----------



## mmddevansville (May 30, 2011)

I am finding on Secunia that windows 64 bit is not good for browsing according to their diagnostic thing of the programs, could it be I don't have a good windows program, as if you aren't taking care of more than enough already...I am making sure there are no more unused programs and am working on e-mail end to get freeze inbox toolbar off too...I will be back in a few...


----------



## mmddevansville (May 30, 2011)

Good Morning and I hope we have a great week!! I just noticed that the icon for adobe reader does not match the other one on the programs, I have Adobe Reader for Service Pack 2 and I am sure that I have Pack 1 so I am thinking we may have to fix it...maybe thats why I am running slow...I am going out to mow the grass and will be back in about 30 minutes to see if you are here...Hope the morning is going fine for you, considering its Monday...see you, d


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> I am finding on Secunia *that windows 64 bit is not good for browsing* according to their diagnostic thing of the programs, could it be I don't have a good windows program, as if you aren't taking care of more than enough already...I am making sure there are no more unused programs and am working on e-mail end to get freeze inbox toolbar off too...I will be back in a few...


You must be reading that wrong. Can you quote what it says?


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> Good Morning and I hope we have a great week!! I just noticed that the icon for adobe reader does not match the other one on the programs, I have Adobe Reader for Service Pack 2 and I am sure that I have Pack 1 so I am thinking we may have to fix it...maybe thats why I am running slow...I am going out to mow the grass and will be back in about 30 minutes to see if you are here...Hope the morning is going fine for you, considering its Monday...see you, d


There is no Service Pack 2 yet for Windows 7. I don't understand what is the problem with Adobe Reader?


----------



## mmddevansville (May 30, 2011)

Hi Cookie I have been offlne for 3 days wondering what had attached to this comp when all it was was offline at start menu was checked somehow...Whew...I do know the Reader is not compatible but am not sure what to do....Guess you've had a good week so far...I am on line and if I need to do some stuff am here if you write....Thank God, it was going to cost over 200 at best buy, I took it there last night....see you...diane


----------



## mmddevansville (May 30, 2011)

The computer thing someplace on Monday told me that the program isn't compatible yet its showing up in programs and loads up ok...what do I know....will be 55 on tuesday and am still learning!!!!!!!!!!!!!!!!!!!


----------



## Cookiegal (Aug 27, 2003)

Why did you take the computer to Best Buy?

When you installed Adode did you right-click the setup file and select "Run as Administrator"?


----------



## mmddevansville (May 30, 2011)

I was in safe mode Monday afternoon, and didn't know why, before it went into this, the computer was real slow, I was worried that something was wrong with it....anyway..the man at the store said it wouldn't do that unless there was a hardware problem, I got my maxtor external hard drive out this morning, since we were gone out of town tues and got home yesterday, and started trying to back up my pictures...then I called the cable co to see if they could help..they gave me Total Tech a group that does things to see how bad it is...the man told me what to do, safe mode was checked in there...knowing me I probably did it, anyway its running fast now...I am so happy, it wouldve been lots of money for nothing being wrong.......I was planning to take it to the library get you on the library comp and see what you could do for it....People probably pay lots of money needlessly, cookie when its some simple thing...He had me hit reset under internet options wrie back ok...see you diane


----------



## mmddevansville (May 30, 2011)

Cookie my secunia scan is running a 99%, the highest its ever done, I AM NOT touching anything unless you say so today on here, just hunting a obituary and doing e-mail and stuff like that....


----------



## mmddevansville (May 30, 2011)

Cookie, to answer your question I hope, I don't know about what I did on this reader thing when I installed but it is running now with "internet protected mode off" and I am doing the Kapersky full scan right now... Its at 47% and still running...I am going to have to do some things here, it may be, so I will work on ironing shirts and watch to see in case you write back....I am sorry I didn't answer your question about this....I am going to have to cut down on the coffee! hope you are having a good mid-day...diane


----------



## mmddevansville (May 30, 2011)

I might or probably won't know what to look for but just in case you need this...

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6987
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
6/30/2011 1:47:56 PM
mbam-log-2011-06-30 (13-47-56).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 342869
Time elapsed: 1 hour(s), 48 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> Cookie *my secunia scan is running a 99%, the highest its ever done,* I AM NOT touching anything unless you say so today on here, just hunting a obituary and doing e-mail and stuff like that....


What do you mean by this?


----------



## mmddevansville (May 30, 2011)

He called to tell me a friend of his or his dad had died and we hadn't been told about it, but anyway it was nothing bad I meant, seriously, I was just telling you what I am doing here on the computer and not messing it up again...I am sorry I should not have told you about that...diane


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> Cookie, to answer your question I hope, I don't know about what I did on this reader thing when I installed but it is running now with "*internet protected mode off*" and I am doing the Kapersky full scan right now... Its at 47% and still running...I am going to have to do some things here, it may be, so I will work on ironing shirts and watch to see in case you write back....I am sorry I didn't answer your question about this....I am going to have to cut down on the coffee! hope you are having a good mid-day...diane


And what do you mean by this? Adobe reader doesn't have an "Internet Protected Mode", that would be Internet Explorer. So it sounds like he had you reset Internet Explorer back to default settings but all that has nothing to do with Adobe Reader.

I would suggest uninstalling Adobe Reader and then reboot the machine and reinstall it. Something might have gone wrong during the installation. Once it's installed, please post a new uninstall list using HijackThis.


----------



## mmddevansville (May 30, 2011)

Right, I guess my sentence ran on, but the person this morning who helps people with things that come up for our cable/internet company had me do that..

.I have checked properties on Adobe Reader just to see today, and I had to change it, from XP to Windows 7 in the properties big box....I am just so glad its running I just knew I had gotten a bad program in Windpows or something... for 3 days this week. I will make sure to be more specific, and stick to the subject.


----------



## mmddevansville (May 30, 2011)

I am doing that back up I have needed to do and its going on my external hard drive so surely it won't skip anything this time...


----------



## mmddevansville (May 30, 2011)

Everything got bigger, I thought I was in protected mode again, ie, and I was opening Adobe reader to find exactly what we talked about above...now everything looks normal and I do not know what to think about this computer at all...I have had 2 before and they never did things like everything going larger...I must find out what is wrong, or else I just will not use my computer till I do....It was the strangest thing besides Mondays events I have had a computer to ever do anywhere, at the library...or anything....I am just bewildered Cookie... I am afraid to touch Adobe Reader again, but have a feeling it might just maybe be the problem...


----------



## mmddevansville (May 30, 2011)

Now that I am over the shock of it, The print everything, was larger like it was in safe mode Monday and yesterday when we got home...There must be an explanation, but I know you have done almost everything you can I am almost sure....The longer I use my computer the less I know about it, I just hope no body elses is doing all these things too...safe mode as far as I can does me no good, since you can't do much of anything at all while the computer is operating that way...anyway I will be back in a few...diane


----------



## mmddevansville (May 30, 2011)

Cookie, The back-up completed but files were skipped again!! This is the third back-up I have tried to do since I have had my laptop, which I got it March 5th this year....first two on cd's this one on the maxtor


----------



## mmddevansville (May 30, 2011)

Microsoft update page offers suggestions..a 32 bit involved which could be a clue...no more wierd things have happened and we are using crossword site..have a good evening!!!


----------



## mmddevansville (May 30, 2011)

I won't be on here today since we are going to see family....hope this thing holds out til we get back...Have a Happy Fourth of July....diane


----------



## Cookiegal (Aug 27, 2003)

OK, when you post back give me a detailed description of what problems you are having but make it in one post and please don't post anything else until you hear back from me. It's very difficult to follow with you posting five or six posts in quick succession all the time.


----------



## mmddevansville (May 30, 2011)

Thanks I appreciate this...I am having one web-site which is Indiana.gov that won't open, Cable tech confirmed they can't either. I have one program Adobe Reader 10 exe that asks for permission...then if I do it takes to safe mode. I am not touching it. I don't know of other problems, and Secunia is giving me 100% on programs including Adobe, for the first time. I am running full scan before we go in a bit... Today is my 55th birthday and he is coming to get me in 45 minutes. Can I post you when I am going to be home all day and work on it then? Thanks Cookie, you have been so nice to help. Diane


----------



## Cookiegal (Aug 27, 2003)

Happy belated birthday. I hope you had a good day. I'm sorry for the delay in replying.

When you click on a link to the Indiana government site what happens? Is that a link that's in your bookmarks or are you accessing it through Google?


----------



## mmddevansville (May 30, 2011)

It is ok...it was nice but I have a cold, its bad anytime of year...I am happy to say I got Microsoft chat support on the issue with Indiana site and it was in tools internet explorer, I had to reset, now I am back on MSN when I get on line, which is fine..I have google and both are fine... The things now that concern me are getting the back-up done and that the Adobe reader is a bad program, I have Secunia saying that my programs are all ok, I have 100% rating...I just wonder if there is something else but hey I shouldn't worry so much and look for things that don't exist... It is up to what you have seen from all the reports I sent, and whether they look ok I guess. thanks cookie!!


----------



## Cookiegal (Aug 27, 2003)

OK. I'm not sure if I had you do this before but even if we did, I'd like to do it again.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## mmddevansville (May 30, 2011)

I am right on it but I am getting a virus notification from Kapesrky... which was nothing but that we are doing this with OTSI will 

try to get this on the desktop asap... I am truly computer technology uneducated, as you knew before today, really well!



I am writing on this post to save room........like you asked the other day.....dw

Cookie Did you get the ots I sent? It is not showing up on page 15?? I got a white screen after I sent it Oh not again something weird happening!!


----------



## Cookiegal (Aug 27, 2003)

You may have to disable Kaspersky temporarily.


----------



## mmddevansville (May 30, 2011)

Here it is Cookie, I am lucky to be getting it on here though, my keyboard would not even type and no cursor was visible less than 5 minutes ago, I had a wierd time getting this cut and pasted....it must be a wierd defect in this machine, no kidding...I have never had this kind of things happen...I will wait until you write back and the print looks funny too,,, diane


```
OTS logfile created on: 7/7/2011 2:25:17 PM - Run 3
OTS by OldTimer - Version 3.1.44.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.62 Gb Total Space | 232.34 Gb Free Space | 82.80% Space Free | Partition Type: NTFS
Drive D: | 17.17 Gb Total Space | 2.45 Gb Free Space | 14.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-HP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Owner\Downloads\OTS.exe -> [2011/07/07 14:15:26 | 000,645,120 | ---- | M] (OldTimer Tools)
flashutil10t_activex.exe -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -> [2011/06/17 14:19:30 | 000,240,288 | ---- | M] (Adobe Systems, Inc.)
armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated)
mbamgui.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
mbamservice.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
psia.exe -> C:\Program Files (x86)\Secunia\PSI\psia.exe -> [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia)
sua.exe -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia)
psi_tray.exe -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe -> [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia)
toolbarupdaterservice.exe -> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -> [2011/03/24 04:59:34 | 000,199,904 | ---- | M] ()
hpdrvmntsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company)
hpmsgsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe -> [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpwmisvc.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -> [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.)
avp.exe -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -> [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)

[Modules - Safe List]
ots.exe -> C:\Users\Owner\Downloads\OTS.exe -> [2011/07/07 14:15:26 | 000,645,120 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll -> [2010/11/20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation)
normaliz.dll -> C:\Windows\SysWOW64\normaliz.dll -> [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD)
64bit-(RtVOsdService)  [Auto | Running] -> C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -> [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(HP Wireless Assistant Service)  [Disabled | Stopped] -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -> [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company)
64bit-(AERTFilters)  [Auto | Running] -> C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -> [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation)
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated)
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
(Secunia PSI Agent) Secunia PSI Agent [Auto | Running] -> C:\Program Files (x86)\Secunia\PSI\PSIA.exe -> [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia)
(Secunia Update Agent) Secunia Update Agent [Auto | Running] -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia)
(Toolbar Updater Service) Toolbar Updater Service [Auto | Running] -> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -> [2011/03/24 04:59:34 | 000,199,904 | ---- | M] ()
(HPDrvMntSvc.exe) HP Quick Synchronization Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company)
(HPWMISVC) HPWMISVC [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -> [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(AVP) Kaspersky Anti-Virus Service [Auto | Running] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -> [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)
(CinemaNow Service) CinemaNow Service [Disabled | Stopped] -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek                                            )
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2010/11/20 02:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation)
64bit-(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\SysNative\drivers\klif.sys -> [2010/10/01 10:37:40 | 000,556,120 | ---- | M] (Kaspersky Lab)
64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.)
64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\BCMWL664.SYS -> [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation)
64bit-(PSI) PSI [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\psi_mf.sys -> [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia)
64bit-(kl2) kl2 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\kl2.sys -> [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO)
64bit-(KL1) KL1 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\kl1.sys -> [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO)
64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2010/05/07 14:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(AtiHdmiService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtiHdmi.sys -> [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2010/04/22 20:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated)
64bit-(KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klim6.sys -> [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO)
64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices)
64bit-(klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klmouflt.sys -> [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab)
64bit-(amdsata) amdsata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices)
64bit-(AtiPcie) AMD PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AtiPcie.sys -> [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(SrvHsfV92) SrvHsfV92 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTDPV6.SYS -> [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfWinac) SrvHsfWinac [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTCNXT6.SYS -> [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfHDA) SrvHsfHDA [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTAZL6.SYS -> [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 15:38:56 | 000,000,308 | ---- | M] ()
64bit-(igfx) igfx [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation)
64bit-(yukonw7) NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\yk62x64.sys -> [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell)
64bit-(netw5v64) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\netw5v64.sys -> [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
(dfg) dfg [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\dfg.sys -> [2008/12/11 18:26:10 | 000,023,552 | ---- | M] (defrag Development Team)

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> [URL]http://g.msn.com/HPNOT/1[/URL] -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> [URL]http://www.yahoo.com[/URL] -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> [URL]http://www.google.com/[/URL] -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502} -> C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\ [C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\] -> [2011/05/26 20:06:47 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e} -> C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\ [C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\] -> [2011/05/26 20:07:16 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\[email protected]] -> [2011/06/17 14:11:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\[email protected]] -> [2011/06/17 14:11:22 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2011/06/02 15:42:15 | 000,000,050 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1    localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll [IEVkbdBHO Class] -> [2010/10/05 20:27:50 | 000,061,624 | ---- | M] (Kaspersky Lab ZAO)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [FilterBHO Class] -> [2010/10/05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [IEVkbdBHO Class] -> [2010/10/05 20:27:00 | 000,068,280 | ---- | M] (Kaspersky Lab ZAO)
{6E13D095-45C3-4271-9475-F3B48227DD9F} [HKLM] -> C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll [StartNow Toolbar Helper] -> [2011/03/24 04:59:32 | 000,290,016 | ---- | M] (Zugo)
{74F475FA-6C75-43BD-AAB9-ECDA6184F600} [HKLM] -> C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll [Window Shopper] -> [2010/09/26 07:32:26 | 000,303,104 | ---- | M] (Superfish)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll [Bing Bar BHO] -> [2010/11/12 17:27:20 | 000,612,616 | ---- | M] (Microsoft Corporation)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [FilterBHO Class] -> [2010/10/05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{5911488E-9D1E-40ec-8CBB-06B231CC153F}" [HKLM] -> C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll [StartNow Toolbar] -> [2011/03/24 04:59:32 | 000,290,016 | ---- | M] (Zugo)
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll [@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100] -> [2010/11/12 17:27:20 | 000,612,616 | ---- | M] (Microsoft Corporation)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HPWirelessAssistant" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden] -> [2010/06/18 18:26:18 | 000,008,192 | ---- | M] ()
"RTHDVCPL" -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s] -> [2011/03/20 15:57:27 | 006,489,704 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVP" -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"] -> [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)
"HP Quick Launch" -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe] -> [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"Malwarebytes' Anti-Malware" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Skype" ->  ["C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoActiveDesktop"]\\"NoActiveDesktop[/URL]" ->  [1] -> File not found
[URL="file://\\"NoActiveDesktopChanges"]\\"NoActiveDesktopChanges[/URL]" ->  [1] -> File not found
[URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [28] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[URL="file://\\"ConsentPromptBehaviorAdmin"]\\"ConsentPromptBehaviorAdmin[/URL]" ->  [5] -> File not found
[URL="file://\\"ConsentPromptBehaviorUser"]\\"ConsentPromptBehaviorUser[/URL]" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDesktopCleanupWizard"]\\"NoDesktopCleanupWizard[/URL]" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [Button: &Virtual Keyboard] -> [2010/10/05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [Button: URLs c&heck] -> [2010/10/05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [Button: &Virtual Keyboard] -> [2010/10/05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}:{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} [HKLM] -> C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll [Button: Window Shopper] -> [2010/09/26 07:32:26 | 000,303,104 | ---- | M] (Superfish)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [Button: URLs c&heck] -> [2010/10/05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> [URL]http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s[/URL] -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> [URL]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/URL] [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0971C9A0-5EF9-4006-B583-0534F8AF2AF6}\\DhcpNameServer -> 192.168.1.1   (Realtek PCIe FE Family Controller) -> 
{8A77247A-8A94-42E9-8DD7-4FB12D1D9AE6}\\DhcpNameServer -> 192.168.1.1   (Broadcom 4313 802.11b/g/n) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
"User Stylesheet" -> 
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll ->  -> File not found
C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll ->  -> File not found
*MultiFile Done* -> -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~2\KASPER~1\KASPER~3\mzvkbd3.dll -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll -> [2010/10/05 20:27:10 | 000,109,240 | ---- | M] (Kaspersky Lab ZAO)
*MultiFile Done* -> -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 20:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
klogon -> C:\Windows\SysNative\klogon.dll -> [2010/10/05 20:27:52 | 000,233,656 | ---- | M] (Kaspersky Lab ZAO)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0436250A-5E8A-4CD8-84E9-C0F258A855D9} -> rport=1900 | profile=domain | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-150"][email protected],-150[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{0F29A4FF-9D5E-4A92-9EAF-509DFFC80013} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{12C664A2-FB09-4655-B24C-E7855E6EFB94} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-32809"][email protected],-32809[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{13839D9A-FB7D-402C-A046-46B25511178A} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28548"][email protected],-28548[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{2616FF4E-2660-4FB7-B589-6412965A92C9} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32789"][email protected],-32789[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{3424376E-5B1A-4472-8793-2235EE388C98} -> rport=2869 | profile=domain | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-152"][email protected],-152[/EMAIL] | app=system | 
{35835AD4-1CAD-4AA1-BAD0-32D5537CCB5A} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
{4EABA665-A618-4374-9D9C-A7AAC0E6D8FC} -> lport=67 | profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-144"][email protected],-144[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | 
{51E09F63-E85A-49C6-92F3-2D1868757309} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28515"][email protected],-28515[/EMAIL] | app=system | 
{5490CF0D-5128-4C1F-9CEF-10AD4FEFB294} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28503"][email protected],-28503[/EMAIL] | app=system | 
{57499CDE-9501-471F-9982-331204EC7995} -> lport=547 | profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-142"][email protected],-142[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | 
{67131FC1-CC20-4C8D-A44E-043EFB141800} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32805"][email protected],-32805[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{6BA96735-0F34-4496-8914-4DB7129B461D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{6CE564EE-E7F7-4699-B04B-A68D3329E72D} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-32801"][email protected],-32801[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{6E0B9C59-FCC4-4364-A027-D9EF201A93C5} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28507"][email protected],-28507[/EMAIL] | app=system | 
{6F70D903-3A04-495D-B9FE-667BFAF311A9} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28531"][email protected],-28531[/EMAIL] | app=system | 
{7FD86F87-FA5B-4168-A053-AEFF8EF65B52} -> lport=68 | profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-145"][email protected],-145[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | 
{8CA60E9A-4099-4218-9E5B-9E282A4F26E0} -> lport=1900 | profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-147"][email protected],-147[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{95A32AE8-A519-450B-9B72-B0CC9AF7366D} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28511"][email protected],-28511[/EMAIL] | app=system | 
{9D964924-7CB3-45E1-BAE0-D44008C2284B} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28550"][email protected],-28550[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{A168E357-32CF-4705-A97F-947113ED4C5A} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-32753"][email protected],-32753[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{A879F345-3BE3-4B7E-AFBF-2E663FAD3394} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28539"][email protected],-28539[/EMAIL] | svc=rpcss | 
{C03FD88D-D243-4628-9DF9-38CEFAD11E7A} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32811"][email protected],-32811[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{C3425495-D995-452C-8B9E-3462BA9B6F4E} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32757"][email protected],-32757[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{C7C3A054-2908-48FE-945D-C71C7E76CE5E} -> lport=2869 | profile=domain | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-146"][email protected],-146[/EMAIL] | app=system | 
{C94172EA-2839-4AA8-B8BD-6D04F2CCC097} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28535"][email protected],-28535[/EMAIL] | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{D14042DE-0B2F-4D05-81D6-A40C3C4A6869} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-32785"][email protected],-32785[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{EAC1B51E-1624-4B35-A7E0-496723C25AD0} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28519"][email protected],-28519[/EMAIL] | app=system | 
{F824F1FF-A720-4FD0-A7CC-341D86DBDC00} -> lport=53 | profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-143"][email protected],-143[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | 
{F8743194-347A-4120-A555-FA69A800A8D9} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28527"][email protected],-28527[/EMAIL] | app=system | 
{F8CF256D-3A5C-443A-96C5-70787BC719DF} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28523"][email protected],-28523[/EMAIL] | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{10262EC5-A6E7-4A05-8569-3273D1874D0A} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{1A3D528A-30A3-4319-BF97-E9CBAC37CF3A} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{1F6EA44C-A95A-43C0-BC69-F66D8E28B0B7} -> profile=public | protocol=58 | dir=in | action=allow | [EMAIL="[email protected],-28545"][email protected],-28545[/EMAIL] | 
{243AB7B7-87B3-41D0-84ED-13ABB87F654A} -> profile=public | protocol=17 | dir=in | action=allow | name=google chrome | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe | 
{39FC1912-B142-4323-9764-AC2F4B4C6839} -> profile=public | protocol=17 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
{46D68AA0-7E9E-4C66-B5AB-F0C46B90F087} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
{5749CC31-D695-4A20-85AA-0E98F424BB8D} -> profile=public | protocol=1 | dir=in | action=allow | [EMAIL="[email protected],-28543"][email protected],-28543[/EMAIL] | 
{5ACD4E8B-27FD-47BE-B35B-F597282ED87C} -> profile=public | protocol=58 | dir=out | action=allow | [EMAIL="[email protected],-28546"][email protected],-28546[/EMAIL] | 
{5F2E203C-86E2-4DCF-9ECF-DB471DC2C921} -> profile=domain | protocol=58 | dir=in | action=allow | [EMAIL="[email protected],-148"][email protected],-148[/EMAIL] | 
{607B9267-F31A-40FE-9EFD-85D0E6A75AD5} -> profile=public | protocol=17 | dir=in | action=allow | name=roxio cinemanow 2.0 | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
{646B0565-563B-4F41-BD72-0914E71AA453} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{6B3ECC95-216F-4626-921C-A4961A2A2769} -> profile=public | protocol=6 | dir=in | action=allow | name=google chrome | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe | 
{8AA8DD53-FE5A-4ACA-AB97-63C15CADCB27} -> profile=public | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-32821"][email protected],-32821[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{8D41A220-B250-457A-B3D5-544AC814AC6D} -> profile=public | protocol=1 | dir=out | action=allow | [EMAIL="[email protected],-28544"][email protected],-28544[/EMAIL] | 
{941E5132-BE18-4120-BC27-AAB2C78552D4} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{A233F935-D9C7-4F18-AE1E-AB50AD01D40A} -> profile=domain | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-149"][email protected],-149[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{A9181A34-EF91-4F43-BF79-031C620F0598} -> profile=public | protocol=6 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
{AA288E5D-70B7-45E8-A33C-2B45D4878A43} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
{BA02EF4D-E6A1-4F11-9055-95BE43CDDE92} -> dir=in | action=allow | name=cyberlink powerdvd 9.0 | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
{C43C7705-CD50-47D6-BB00-5C079FF823F1} -> profile=public | protocol=6 | dir=in | action=allow | name=roxio cinemanow 2.0 | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
{E7842C57-C18A-4E44-8405-1ADD9A919164} -> profile=domain | dir=out | action=allow | [EMAIL="[email protected],-151"][email protected],-151[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [\SystemRoot\system32\drivers\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< 64bit-Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
"CinemaNow Service" -> -> 
"HP Wireless Assistant Service" -> -> 
"HPDrvMntSvc.exe" -> -> 
"hpqwmiex" -> -> 
"HPWMISVC" -> -> 
"RtVOsdService" -> -> 
< 64bit-Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 2 -> 
"startup" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 6/27/2011 1:17:48 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x728  Faulting application start time: 0x01cc34ee19cc5df4  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 60cece66-a0e1-11e0-b015-cd1f3ad90a0d
Application [ Error ] 6/27/2011 1:17:53 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x74c  Faulting application start time: 0x01cc34ee1d35f6f8  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 63db91bf-a0e1-11e0-b015-cd1f3ad90a0d
Application [ Error ] 6/27/2011 1:17:53 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x764  Faulting application start time: 0x01cc34ee1d5c0cfc  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 6401a7c3-a0e1-11e0-b015-cd1f3ad90a0d
Application [ Error ] 6/27/2011 1:32:48 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x3bc  Faulting application start time: 0x01cc34f032256870  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 7990956d-a0e3-11e0-b384-b6e209bed50e
Application [ Error ] 6/27/2011 2:42:03 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x798  Faulting application start time: 0x01cc34f9de600bff  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 25cd9a5d-a0ed-11e0-b947-b3e936fbd20c
Application [ Error ] 6/27/2011 2:42:08 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x7bc  Faulting application start time: 0x01cc34f9e22d9ece  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 28d33995-a0ed-11e0-b947-b3e936fbd20c
Application [ Error ] 6/27/2011 2:43:13 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x300  Faulting application start time: 0x01cc34fa08c1cc17  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 4f75af1f-a0ed-11e0-b947-b3e936fbd20c
Application [ Error ] 6/27/2011 2:43:22 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x3fc  Faulting application start time: 0x01cc34fa0e7e7d1f  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 552417e6-a0ed-11e0-b947-b3e936fbd20c
Application [ Error ] 6/27/2011 2:43:34 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x4f0  Faulting application start time: 0x01cc34fa158d318d  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 5c32cc54-a0ed-11e0-b947-b3e936fbd20c
Application [ Error ] 6/27/2011 2:43:41 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x24c  Faulting application start time: 0x01cc34fa19ee59ad  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 609655d4-a0ed-11e0-b947-b3e936fbd20c
Hewlett-Packard [ Error ] 4/8/2011 9:57:28 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = en-US Object reference not set to an instance of an object. Configurator    at Configurator.ConfiguratorClass.loadXML()     at Configurator.ConfiguratorClass..ctor(Boolean loadxml)     at HPSFConfigReader.ConfigHelper..ctor()     at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) 
Hewlett-Packard [ Error ] 4/8/2011 9:57:32 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041108085729.xml File not created by asset agent
Hewlett-Packard [ Error ] 5/2/2011 7:57:49 PM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = en-US Object reference not set to an instance of an object. Configurator    at Configurator.ConfiguratorClass.loadXML()     at Configurator.ConfiguratorClass..ctor(Boolean loadxml)     at HPSFConfigReader.ConfigHelper..ctor()     at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) 
Hewlett-Packard [ Error ] 5/2/2011 7:58:04 PM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051102065801.xml File not created by asset agent
Hewlett-Packard [ Error ] 6/2/2011 3:09:46 PM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061102020942.xml File not created by asset agent
Hewlett-Packard [ Error ] 6/14/2011 10:59:45 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = en-US Object reference not set to an instance of an object. Configurator    at Configurator.ConfiguratorClass.loadXML()     at Configurator.ConfiguratorClass..ctor(Boolean loadxml)     at HPSFConfigReader.ConfigHelper..ctor()     at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) 
Hewlett-Packard [ Error ] 6/14/2011 10:59:47 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = en-US Object reference not set to an instance of an object. Configurator    at Configurator.ConfiguratorClass.loadXML()     at Configurator.ConfiguratorClass..ctor(Boolean loadxml)     at HPSFConfigReader.ConfigHelper..ctor()     at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) 
Hewlett-Packard [ Error ] 6/14/2011 10:59:47 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = en-US Object reference not set to an instance of an object. Configurator    at Configurator.ConfiguratorClass.loadXML()     at Configurator.ConfiguratorClass..ctor(Boolean loadxml)     at HPSFConfigReader.ConfigHelper..ctor()     at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) 
Hewlett-Packard [ Error ] 6/14/2011 11:00:39 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061114100007.xml File not created by asset agent
Hewlett-Packard [ Error ] 6/14/2011 11:01:11 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061114100039.xml File not created by asset agent
HP Wireless Assistant [ Error ] 6/20/2011 7:59:16 PM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args)
HP Wireless Assistant [ Error ] 6/20/2011 7:59:23 PM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = MainWindow.ShowImpl; not initialized, closing application...
HP Wireless Assistant [ Error ] 6/21/2011 8:59:58 AM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args)
HP Wireless Assistant [ Error ] 6/21/2011 9:00:00 AM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = MainWindow.ShowImpl; not initialized, closing application...
HP Wireless Assistant [ Error ] 6/21/2011 9:00:52 AM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args)
HP Wireless Assistant [ Error ] 6/21/2011 9:00:52 AM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = MainWindow.ShowImpl; not initialized, closing application...
HP Wireless Assistant [ Error ] 6/21/2011 12:57:09 PM Computer Name = Owner-HP | Source = HP WA Mobility Center Tile Link | ID = 0 -> Description = HardwareAccess.UnableToConnectException App.ApplicationStartup; a problem was encountered while starting the app and needs to terminate Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HPWA_MobilityCenterTileLink.App.ApplicationStartup(Object sender, StartupEventArgs args)
HP Wireless Assistant [ Error ] 6/21/2011 12:57:09 PM Computer Name = Owner-HP | Source = HP WA Mobility Center Tile Link | ID = 0 -> Description = System.NullReferenceException App.UpdateTileData; an unexpected error occured however the application will continue running Object reference not set to an instance of an object.    at HPWA_MobilityCenterTileLink.App.UpdateTileData(Boolean error)
HP Wireless Assistant [ Error ] 6/21/2011 12:57:35 PM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args)
HP Wireless Assistant [ Error ] 6/21/2011 12:57:36 PM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = MainWindow.ShowImpl; not initialized, closing application...
Media Center [ Error ] 6/6/2011 8:40:47 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 7:40:46 AM - Error connecting to the internet.  7:40:47 AM -     Unable to contact server..  
Media Center [ Error ] 6/9/2011 10:19:21 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 9:19:21 AM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)  
Media Center [ Error ] 6/9/2011 11:20:34 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:20:34 AM - Failed to retrieve Directory (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)  
Media Center [ Error ] 6/9/2011 11:21:29 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:21:17 AM - Failed to retrieve NetTV (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)  
Media Center [ Error ] 6/9/2011 11:21:40 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:21:40 AM - Failed to retrieve MCEClientUX (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)  
Media Center [ Error ] 6/9/2011 11:21:40 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:21:40 AM - Failed to retrieve SportsSchedule (Error: The request was aborted: Could not create SSL/TLS secure channel.)  
Media Center [ Error ] 6/9/2011 11:21:40 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:21:40 AM - Failed to retrieve SportsV2 (Error: The request was aborted: Could not create SSL/TLS secure channel.)  
Media Center [ Error ] 6/16/2011 7:03:16 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 6:03:01 AM - Error connecting to the internet.  6:03:01 AM -     Unable to contact server..  
Media Center [ Error ] 6/17/2011 11:35:13 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:35:07 AM - Error connecting to the internet.  10:35:07 AM -     Unable to contact server..  
Media Center [ Error ] 6/26/2011 9:34:09 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 8:34:01 AM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)  
System [ Error ] 5/19/2011 10:27:55 AM Computer Name = Owner-HP | Source = DCOM | ID = 10016 -> Description = 
System [ Error ] 5/19/2011 11:52:10 AM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 10:46:44 AM on ?5/?19/?2011 was unexpected.
System [ Error ] 5/19/2011 11:58:52 AM Computer Name = Owner-HP | Source = Service Control Manager | ID = 7022 -> Description = The Windows Update service hung on starting.
System [ Error ] 5/20/2011 12:24:31 PM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 11:20:23 AM on ?5/?20/?2011 was unexpected.
System [ Error ] 5/20/2011 4:27:43 PM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 3:18:17 PM on ?5/?20/?2011 was unexpected.
System [ Error ] 5/22/2011 8:52:15 AM Computer Name = Owner-HP | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 5/23/2011 9:34:28 AM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 8:27:40 AM on ?5/?23/?2011 was unexpected.
System [ Error ] 5/23/2011 10:51:03 AM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 9:49:36 AM on ?5/?23/?2011 was unexpected.
System [ Error ] 5/23/2011 4:05:51 PM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 2:51:08 PM on ?5/?23/?2011 was unexpected.
System [ Error ] 5/23/2011 4:14:31 PM Computer Name = Owner-HP | Source = DCOM | ID = 10010 -> Description =

[Files/Folders - Created Within 30 Days]
 New folder -> C:\Users\Owner\Desktop\New folder -> [2011/07/07 14:12:37 | 000,000,000 | ---D | C]
 Microsoft Easy Assist -> C:\Program Files (x86)\Microsoft Easy Assist -> [2011/07/07 12:05:59 | 000,000,000 | ---D | C]
 Applications -> C:\ProgramData\Applications -> [2011/07/07 12:05:13 | 000,000,000 | ---D | C]
 Java -> C:\Program Files (x86)\Common Files\Java -> [2011/07/04 11:12:54 | 000,000,000 | ---D | C]
 javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2011/07/04 11:11:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2011/07/04 11:11:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysWow64\java.exe -> [2011/07/04 11:11:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 {E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> [2011/07/04 09:07:47 | 000,000,000 | ---D | C]
 iolo -> C:\Users\Owner\AppData\Roaming\iolo -> [2011/07/03 23:43:15 | 000,000,000 | ---D | C]
 iolo -> C:\ProgramData\iolo -> [2011/07/03 23:43:15 | 000,000,000 | ---D | C]
 iolo -> C:\Program Files (x86)\iolo -> [2011/07/03 23:43:15 | 000,000,000 | ---D | C]
 WinMaximizer -> C:\ProgramData\WinMaximizer -> [2011/07/03 23:38:22 | 000,000,000 | ---D | C]
 Virus Removal Tool -> C:\Users\Owner\Desktop\Virus Removal Tool -> [2011/06/30 12:07:20 | 000,000,000 | ---D | C]
 MSXML 4.0 -> C:\Program Files (x86)\MSXML 4.0 -> [2011/06/30 10:31:15 | 000,000,000 | ---D | C]
 drvinst.exe -> C:\Windows\SysWow64\drvinst.exe -> [2011/06/30 09:39:17 | 000,252,928 | ---- | C] (Microsoft Corporation)
 devrtl.dll -> C:\Windows\SysWow64\devrtl.dll -> [2011/06/30 09:39:17 | 000,044,544 | ---- | C] (Microsoft Corporation)
 tquery.dll -> C:\Windows\SysNative\tquery.dll -> [2011/06/30 09:39:14 | 002,315,776 | ---- | C] (Microsoft Corporation)
 mssrch.dll -> C:\Windows\SysNative\mssrch.dll -> [2011/06/30 09:39:14 | 002,223,616 | ---- | C] (Microsoft Corporation)
 mssrch.dll -> C:\Windows\SysWow64\mssrch.dll -> [2011/06/30 09:39:14 | 001,401,344 | ---- | C] (Microsoft Corporation)
 tquery.dll -> C:\Windows\SysWow64\tquery.dll -> [2011/06/30 09:39:13 | 001,549,312 | ---- | C] (Microsoft Corporation)
 mssvp.dll -> C:\Windows\SysNative\mssvp.dll -> [2011/06/30 09:39:13 | 000,778,752 | ---- | C] (Microsoft Corporation)
 mssph.dll -> C:\Windows\SysNative\mssph.dll -> [2011/06/30 09:39:13 | 000,491,520 | ---- | C] (Microsoft Corporation)
 mssph.dll -> C:\Windows\SysWow64\mssph.dll -> [2011/06/30 09:39:13 | 000,337,408 | ---- | C] (Microsoft Corporation)
 SearchProtocolHost.exe -> C:\Windows\SysNative\SearchProtocolHost.exe -> [2011/06/30 09:39:13 | 000,249,856 | ---- | C] (Microsoft Corporation)
 SearchFilterHost.exe -> C:\Windows\SysNative\SearchFilterHost.exe -> [2011/06/30 09:39:13 | 000,113,664 | ---- | C] (Microsoft Corporation)
 mssvp.dll -> C:\Windows\SysWow64\mssvp.dll -> [2011/06/30 09:39:12 | 000,666,624 | ---- | C] (Microsoft Corporation)
 mssphtb.dll -> C:\Windows\SysNative\mssphtb.dll -> [2011/06/30 09:39:12 | 000,288,256 | ---- | C] (Microsoft Corporation)
 mssphtb.dll -> C:\Windows\SysWow64\mssphtb.dll -> [2011/06/30 09:39:12 | 000,197,120 | ---- | C] (Microsoft Corporation)
 msscntrs.dll -> C:\Windows\SysNative\msscntrs.dll -> [2011/06/30 09:39:12 | 000,075,264 | ---- | C] (Microsoft Corporation)
 msscntrs.dll -> C:\Windows\SysWow64\msscntrs.dll -> [2011/06/30 09:39:12 | 000,059,392 | ---- | C] (Microsoft Corporation)
 pss -> C:\Windows\pss -> [2011/06/27 10:54:47 | 000,000,000 | ---D | C]
 RegCure -> C:\ProgramData\RegCure -> [2011/06/27 10:20:42 | 000,000,000 | ---D | C]
 RegCure -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCure -> [2011/06/27 10:20:42 | 000,000,000 | ---D | C]
 RegCure -> C:\Program Files (x86)\RegCure -> [2011/06/27 10:20:41 | 000,000,000 | ---D | C]
 Adobe -> C:\Program Files (x86)\Common Files\Adobe -> [2011/06/23 16:04:40 | 000,000,000 | ---D | C]
 My Google Gadgets -> C:\Users\Owner\Documents\My Google Gadgets -> [2011/06/23 14:37:37 | 000,000,000 | ---D | C]
 New folder (2) -> C:\Users\Owner\Documents\New folder (2) -> [2011/06/22 19:18:41 | 000,000,000 | ---D | C]
 New folder -> C:\Users\Owner\Documents\New folder -> [2011/06/22 19:18:11 | 000,000,000 | ---D | C]
 Kaspersky Anti-Virus 2011 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011 -> [2011/06/17 13:30:25 | 000,000,000 | ---D | C]
 Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2011/06/17 13:25:34 | 000,000,000 | ---D | C]
 Kaspersky Lab Setup Files -> C:\ProgramData\Kaspersky Lab Setup Files -> [2011/06/17 13:23:47 | 000,000,000 | ---D | C]
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2011/06/17 12:32:51 | 000,096,256 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2011/06/17 12:32:51 | 000,072,704 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2011/06/17 12:32:50 | 000,176,640 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2011/06/17 12:32:49 | 002,303,488 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysWow64\jscript9.dll -> [2011/06/17 12:32:49 | 001,797,632 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2011/06/17 12:32:49 | 000,248,320 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2011/06/17 12:32:48 | 000,818,176 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2011/06/17 12:32:48 | 000,716,800 | ---- | C] (Microsoft Corporation)
 oleaut32.dll -> C:\Windows\SysNative\oleaut32.dll -> [2011/06/17 12:24:11 | 000,861,696 | ---- | C] (Microsoft Corporation)
 Kaspersky Lab ZAO -> C:\ProgramData\Kaspersky Lab ZAO -> [2011/06/16 08:03:17 | 000,000,000 | ---D | C]
 Last.fm -> C:\ProgramData\Last.fm -> [2011/06/15 10:43:25 | 000,000,000 | ---D | C]
 Last.fm -> C:\Users\Owner\AppData\Local\Last.fm -> [2011/06/15 10:41:53 | 000,000,000 | ---D | C]
 Last.fm -> C:\Program Files (x86)\Last.fm -> [2011/06/15 10:41:36 | 000,000,000 | ---D | C]
 cookie -> C:\Users\Owner\cookie -> [2011/06/14 21:26:36 | 000,000,000 | ---D | C]
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2011/06/14 12:24:26 | 000,060,416 | ---- | C] (NirSoft)
 Uniblue -> C:\Users\Owner\AppData\Roaming\Uniblue -> [2011/06/14 11:08:37 | 000,000,000 | ---D | C]
 {AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} -> C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} -> [2011/06/14 11:08:34 | 000,000,000 | -H-D | C]
 Uniblue -> C:\Program Files (x86)\Uniblue -> [2011/06/14 11:08:34 | 000,000,000 | ---D | C]
 javaws.exe -> C:\Windows\SysNative\javaws.exe -> [2011/06/13 15:07:34 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysNative\javaw.exe -> [2011/06/13 15:07:34 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysNative\java.exe -> [2011/06/13 15:07:34 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.)
 DriverPerformer -> C:\Users\Owner\Documents\DriverPerformer -> [2011/06/13 13:00:48 | 000,000,000 | ---D | C]
 Superfish -> C:\Program Files (x86)\Superfish -> [2011/06/13 12:58:54 | 000,000,000 | ---D | C]
 StartNow Toolbar -> C:\Program Files (x86)\StartNow Toolbar -> [2011/06/13 12:58:35 | 000,000,000 | ---D | C]
 RegZooka -> C:\Program Files (x86)\RegZooka -> [2011/06/11 12:21:26 | 000,000,000 | ---D | C]
 Passwords Database -> C:\Users\Owner\Documents\Passwords Database -> [2011/06/10 18:27:10 | 000,000,000 | --SD | C]
 ConsumerSoft -> C:\Users\Owner\AppData\Roaming\ConsumerSoft -> [2011/06/10 18:00:17 | 000,000,000 | ---D | C]
 ConsumerSoft -> C:\Program Files (x86)\ConsumerSoft -> [2011/06/10 18:00:05 | 000,000,000 | ---D | C]
 My Widgets -> C:\Users\Owner\Documents\My Widgets -> [2011/06/09 12:16:15 | 000,000,000 | ---D | C]
 1 C:\*.tmp files -> C:\*.tmp ->

[Files/Folders - Modified Within 30 Days]
 OTS.exe - Shortcut (2).lnk -> C:\Users\Owner\Desktop\OTS.exe - Shortcut (2).lnk -> [2011/07/07 14:39:08 | 000,003,290 | ---- | M] ()
 OTS.exe - Shortcut.lnk -> C:\Users\Owner\Desktop\OTS.exe - Shortcut.lnk -> [2011/07/07 14:16:26 | 000,001,053 | ---- | M] ()
 104.1 WIKY.url -> C:\Users\Owner\Desktop\104.1 WIKY.url -> [2011/07/07 13:29:09 | 000,000,109 | ---- | M] ()
 Claimant Self Service Logon.url -> C:\Users\Owner\Desktop\Claimant Self Service Logon.url -> [2011/07/07 12:46:44 | 000,000,128 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/07 10:47:30 | 000,023,248 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/07 10:47:30 | 000,023,248 | -H-- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/07/07 10:43:16 | 000,726,316 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/07/07 10:43:16 | 000,624,178 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/07/07 10:43:16 | 000,106,522 | ---- | M] ()
 hosts.ics -> C:\Windows\SysNative\drivers\etc\hosts.ics -> [2011/07/07 10:38:13 | 000,000,433 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/07/07 10:38:07 | 000,067,584 | --S- | M] ()
 WinMaximizer-Owner-Startup.job -> C:\Windows\tasks\WinMaximizer-Owner-Startup.job -> [2011/07/07 08:40:02 | 000,000,332 | ---- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/07/07 08:38:49 | 2210,582,528 | -HS- | M] ()
 deployJava1.dll -> C:\Windows\SysWow64\deployJava1.dll -> [2011/07/04 11:11:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.)
 javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2011/07/04 11:11:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2011/07/04 11:11:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysWow64\java.exe -> [2011/07/04 11:11:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 System Checkup.lnk -> C:\Users\Owner\Documents\System Checkup.lnk -> [2011/07/03 23:43:21 | 000,001,131 | ---- | M] ()
 iGoogle.url -> C:\Users\Owner\Desktop\iGoogle.url -> [2011/07/03 09:38:54 | 000,000,170 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/06/30 16:22:34 | 000,425,368 | ---- | M] ()
 Basics Portable - Shortcut.lnk -> C:\Users\Owner\Desktop\Basics Portable - Shortcut.lnk -> [2011/06/29 20:02:54 | 000,001,079 | ---- | M] ()
 klin.dat -> C:\Windows\SysNative\drivers\klin.dat -> [2011/06/24 12:12:44 | 000,152,233 | ---- | M] ()
 klick.dat -> C:\Windows\SysNative\drivers\klick.dat -> [2011/06/24 12:12:44 | 000,107,075 | ---- | M] ()
 Adobe Reader X.lnk -> C:\Users\Public\Desktop\Adobe Reader X.lnk -> [2011/06/23 16:04:55 | 000,001,979 | ---- | M] ()
 Speed up your PC - Explore Windows - Microsoft Windows.url -> C:\Users\Owner\Desktop\Speed up your PC - Explore Windows - Microsoft Windows.url -> [2011/06/23 14:02:09 | 000,000,220 | ---- | M] ()
 epplauncher.mif -> C:\Windows\epplauncher.mif -> [2011/06/23 12:11:39 | 000,002,052 | ---- | M] ()
 C.A. Jones Management Group LLC.url -> C:\Users\Owner\Desktop\C.A. Jones Management Group LLC.url -> [2011/06/21 08:29:32 | 000,000,130 | ---- | M] ()
 Kapersky2customscripts.zip -> C:\Users\Owner\Documents\Kapersky2customscripts.zip -> [2011/06/20 19:39:56 | 000,000,142 | ---- | M] ()
 Kapersky2customscripts6-30-11 -> C:\Users\Owner\Documents\Kapersky2customscripts6-30-11 -> [2011/06/20 19:07:22 | 000,000,000 | ---- | M] ()
 Kapersky2customscripts -> C:\Users\Owner\Documents\Kapersky2customscripts -> [2011/06/20 19:07:22 | 000,000,000 | ---- | M] ()
 GetSystemInfo_OWNER-HP_Owner_2011_06_20_18_56_28.zip -> C:\Users\Owner\Desktop\GetSystemInfo_OWNER-HP_Owner_2011_06_20_18_56_28.zip -> [2011/06/20 18:57:43 | 000,114,624 | ---- | M] ()
 Capital One Online Banking  Accounts Summary.url -> C:\Users\Owner\Desktop\Capital One Online Banking  Accounts Summary.url -> [2011/06/20 10:12:07 | 000,000,184 | ---- | M] ()
 Vulnerability Scan.lnk -> C:\Users\Owner\Desktop\Vulnerability Scan.lnk -> [2011/06/18 08:08:25 | 000,001,976 | ---- | M] ()
 Full Scan.lnk -> C:\Users\Owner\Desktop\Full Scan.lnk -> [2011/06/18 08:08:20 | 000,001,968 | ---- | M] ()
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2011/06/17 14:19:30 | 000,404,640 | ---- | M] (Adobe Systems Incorporated)
 microsoft.url -> C:\Users\Owner\Desktop\microsoft.url -> [2011/06/15 12:44:28 | 000,000,213 | ---- | M] ()
 GhostObjGAFix.xml -> C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml -> [2011/06/14 10:01:09 | 000,001,854 | ---- | M] ()
 deployJava1.dll -> C:\Windows\SysNative\deployJava1.dll -> [2011/06/13 15:07:21 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.)
 javaws.exe -> C:\Windows\SysNative\javaws.exe -> [2011/06/13 15:07:21 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysNative\javaw.exe -> [2011/06/13 15:07:21 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysNative\java.exe -> [2011/06/13 15:07:21 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.)
 1 C:\*.tmp files -> C:\*.tmp ->

[Files - No Company Name]
 OTS.exe - Shortcut.lnk -> C:\Users\Owner\Desktop\OTS.exe - Shortcut.lnk -> [2011/07/07 14:16:26 | 000,001,053 | ---- | C] ()
 System Checkup.lnk -> C:\Users\Owner\Documents\System Checkup.lnk -> [2011/07/07 13:31:39 | 000,001,131 | ---- | C] ()
 104.1 WIKY.url -> C:\Users\Owner\Desktop\104.1 WIKY.url -> [2011/07/07 13:29:09 | 000,000,109 | ---- | C] ()
 Claimant Self Service Logon.url -> C:\Users\Owner\Desktop\Claimant Self Service Logon.url -> [2011/07/07 12:46:44 | 000,000,128 | ---- | C] ()
 WinMaximizer-Owner-Startup.job -> C:\Windows\tasks\WinMaximizer-Owner-Startup.job -> [2011/07/03 23:38:26 | 000,000,332 | ---- | C] ()
 iGoogle.url -> C:\Users\Owner\Desktop\iGoogle.url -> [2011/07/03 09:38:54 | 000,000,170 | ---- | C] ()
 Kapersky2customscripts6-30-11 -> C:\Users\Owner\Documents\Kapersky2customscripts6-30-11 -> [2011/06/30 17:57:28 | 000,000,000 | ---- | C] ()
 Basics Portable - Shortcut.lnk -> C:\Users\Owner\Desktop\Basics Portable - Shortcut.lnk -> [2011/06/29 20:02:54 | 000,001,079 | ---- | C] ()
 Adobe Reader X.lnk -> C:\Users\Public\Desktop\Adobe Reader X.lnk -> [2011/06/23 16:04:55 | 000,001,979 | ---- | C] ()
 Adobe Reader X.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> [2011/06/23 16:04:54 | 000,002,441 | ---- | C] ()
 Speed up your PC - Explore Windows - Microsoft Windows.url -> C:\Users\Owner\Desktop\Speed up your PC - Explore Windows - Microsoft Windows.url -> [2011/06/23 14:02:09 | 000,000,220 | ---- | C] ()
 epplauncher.mif -> C:\Windows\epplauncher.mif -> [2011/06/23 12:11:39 | 000,002,052 | ---- | C] ()
 C.A. Jones Management Group LLC.url -> C:\Users\Owner\Desktop\C.A. Jones Management Group LLC.url -> [2011/06/21 08:29:32 | 000,000,130 | ---- | C] ()
 Kapersky2customscripts.zip -> C:\Users\Owner\Documents\Kapersky2customscripts.zip -> [2011/06/20 19:39:55 | 000,000,142 | ---- | C] ()
 Kapersky2customscripts -> C:\Users\Owner\Documents\Kapersky2customscripts -> [2011/06/20 19:37:39 | 000,000,000 | ---- | C] ()
 GetSystemInfo_OWNER-HP_Owner_2011_06_20_18_56_28.zip -> C:\Users\Owner\Desktop\GetSystemInfo_OWNER-HP_Owner_2011_06_20_18_56_28.zip -> [2011/06/20 18:56:51 | 000,114,624 | ---- | C] ()
 Capital One Online Banking  Accounts Summary.url -> C:\Users\Owner\Desktop\Capital One Online Banking  Accounts Summary.url -> [2011/06/20 10:12:07 | 000,000,184 | ---- | C] ()
 Vulnerability Scan.lnk -> C:\Users\Owner\Desktop\Vulnerability Scan.lnk -> [2011/06/18 08:08:25 | 000,001,976 | ---- | C] ()
 Full Scan.lnk -> C:\Users\Owner\Desktop\Full Scan.lnk -> [2011/06/18 08:08:20 | 000,001,968 | ---- | C] ()
 klin.dat -> C:\Windows\SysNative\drivers\klin.dat -> [2011/06/17 13:27:10 | 000,152,233 | ---- | C] ()
 klick.dat -> C:\Windows\SysNative\drivers\klick.dat -> [2011/06/17 13:27:10 | 000,107,075 | ---- | C] ()
 microsoft.url -> C:\Users\Owner\Desktop\microsoft.url -> [2011/06/15 12:44:28 | 000,000,213 | ---- | C] ()
 reimage.ini -> C:\Windows\reimage.ini -> [2011/06/02 18:17:53 | 000,000,286 | ---- | C] ()
 resmon.resmoncfg -> C:\Users\Owner\AppData\Local\resmon.resmoncfg -> [2011/05/25 11:06:39 | 000,000,017 | ---- | C] ()
 GhostObjGAFix.xml -> C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml -> [2011/03/28 08:21:18 | 000,001,854 | ---- | C] ()
 ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2010/11/20 03:49:18 | 000,000,000 | ---- | C] ()
 RStoneLog2.ini -> C:\Windows\SysWow64\RStoneLog2.ini -> [2010/11/20 03:40:34 | 000,000,268 | ---- | C] ()
 RStoneLog.ini -> C:\Windows\SysWow64\RStoneLog.ini -> [2010/11/20 03:40:34 | 000,000,209 | ---- | C] ()
 HPWA.ini -> C:\Windows\SysWow64\HPWA.ini -> [2010/07/14 12:32:50 | 000,000,188 | ---- | C] ()
 HP Documentation.ini -> C:\Windows\SysWow64\HP Documentation.ini -> [2010/07/14 11:30:39 | 000,000,186 | ---- | C] ()
 atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2010/06/15 22:28:54 | 000,002,857 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 00:38:36 | 000,067,584 | --S- | C] ()
 NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 21:35:51 | 000,000,741 | ---- | C] ()
 dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 21:34:42 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2009/07/13 19:10:29 | 000,043,131 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] ()
 igkrng400.bin -> C:\Windows\SysWow64\igkrng400.bin -> [2009/07/13 16:59:36 | 001,498,564 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] ()
```


----------



## Cookiegal (Aug 27, 2003)

I don't think it's the full report as it should say "< End of report >" at the end. Please repost and be sure to close the Code tags.


----------



## mmddevansville (May 30, 2011)

Here it is Think its right this time...good morning...


```
OTS logfile created on: 7/7/2011 2:25:17 PM - Run 3
OTS by OldTimer - Version 3.1.44.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.62 Gb Total Space | 232.34 Gb Free Space | 82.80% Space Free | Partition Type: NTFS
Drive D: | 17.17 Gb Total Space | 2.45 Gb Free Space | 14.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: OWNER-HP
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Owner\Downloads\OTS.exe -> [2011/07/07 14:15:26 | 000,645,120 | ---- | M] (OldTimer Tools)
flashutil10t_activex.exe -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -> [2011/06/17 14:19:30 | 000,240,288 | ---- | M] (Adobe Systems, Inc.)
armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated)
mbamgui.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
mbamservice.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
psia.exe -> C:\Program Files (x86)\Secunia\PSI\psia.exe -> [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia)
sua.exe -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia)
psi_tray.exe -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe -> [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia)
toolbarupdaterservice.exe -> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -> [2011/03/24 04:59:34 | 000,199,904 | ---- | M] ()
hpdrvmntsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company)
hpmsgsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe -> [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpwmisvc.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -> [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.)
avp.exe -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -> [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)
 
[Modules - Safe List]
ots.exe -> C:\Users\Owner\Downloads\OTS.exe -> [2011/07/07 14:15:26 | 000,645,120 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll -> [2010/11/20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation)
normaliz.dll -> C:\Windows\SysWOW64\normaliz.dll -> [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD)
64bit-(RtVOsdService)  [Auto | Running] -> C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -> [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(HP Wireless Assistant Service)  [Disabled | Stopped] -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -> [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company)
64bit-(AERTFilters)  [Auto | Running] -> C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -> [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation)
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated)
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
(Secunia PSI Agent) Secunia PSI Agent [Auto | Running] -> C:\Program Files (x86)\Secunia\PSI\PSIA.exe -> [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia)
(Secunia Update Agent) Secunia Update Agent [Auto | Running] -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia)
(Toolbar Updater Service) Toolbar Updater Service [Auto | Running] -> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -> [2011/03/24 04:59:34 | 000,199,904 | ---- | M] ()
(HPDrvMntSvc.exe) HP Quick Synchronization Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company)
(HPWMISVC) HPWMISVC [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -> [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(AVP) Kaspersky Anti-Virus Service [Auto | Running] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -> [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)
(CinemaNow Service) CinemaNow Service [Disabled | Stopped] -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek                                            )
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2010/11/20 02:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation)
64bit-(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\SysNative\drivers\klif.sys -> [2010/10/01 10:37:40 | 000,556,120 | ---- | M] (Kaspersky Lab)
64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.)
64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\BCMWL664.SYS -> [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation)
64bit-(PSI) PSI [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\psi_mf.sys -> [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia)
64bit-(kl2) kl2 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\kl2.sys -> [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO)
64bit-(KL1) KL1 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\kl1.sys -> [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO)
64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2010/05/07 14:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(AtiHdmiService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtiHdmi.sys -> [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2010/04/22 20:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated)
64bit-(KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klim6.sys -> [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO)
64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices)
64bit-(klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klmouflt.sys -> [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab)
64bit-(amdsata) amdsata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices)
64bit-(AtiPcie) AMD PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AtiPcie.sys -> [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(SrvHsfV92) SrvHsfV92 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTDPV6.SYS -> [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfWinac) SrvHsfWinac [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTCNXT6.SYS -> [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfHDA) SrvHsfHDA [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTAZL6.SYS -> [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 15:38:56 | 000,000,308 | ---- | M] ()
64bit-(igfx) igfx [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation)
64bit-(yukonw7) NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\yk62x64.sys -> [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell)
64bit-(netw5v64) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\netw5v64.sys -> [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
(dfg) dfg [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\dfg.sys -> [2008/12/11 18:26:10 | 000,023,552 | ---- | M] (defrag Development Team)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> [URL]http://g.msn.com/HPNOT/1[/URL] -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> [URL]http://www.yahoo.com[/URL] -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> [URL]http://www.google.com/[/URL] -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502} -> C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\ [C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\] -> [2011/05/26 20:06:47 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e} -> C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\ [C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\] -> [2011/05/26 20:07:16 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\[email protected]] -> [2011/06/17 14:11:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\[email protected]] -> [2011/06/17 14:11:22 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2011/06/02 15:42:15 | 000,000,050 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1    localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll [IEVkbdBHO Class] -> [2010/10/05 20:27:50 | 000,061,624 | ---- | M] (Kaspersky Lab ZAO)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [FilterBHO Class] -> [2010/10/05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [IEVkbdBHO Class] -> [2010/10/05 20:27:00 | 000,068,280 | ---- | M] (Kaspersky Lab ZAO)
{6E13D095-45C3-4271-9475-F3B48227DD9F} [HKLM] -> C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll [StartNow Toolbar Helper] -> [2011/03/24 04:59:32 | 000,290,016 | ---- | M] (Zugo)
{74F475FA-6C75-43BD-AAB9-ECDA6184F600} [HKLM] -> C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll [Window Shopper] -> [2010/09/26 07:32:26 | 000,303,104 | ---- | M] (Superfish)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll [Bing Bar BHO] -> [2010/11/12 17:27:20 | 000,612,616 | ---- | M] (Microsoft Corporation)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [FilterBHO Class] -> [2010/10/05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{5911488E-9D1E-40ec-8CBB-06B231CC153F}" [HKLM] -> C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll [StartNow Toolbar] -> [2011/03/24 04:59:32 | 000,290,016 | ---- | M] (Zugo)
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll [@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100] -> [2010/11/12 17:27:20 | 000,612,616 | ---- | M] (Microsoft Corporation)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HPWirelessAssistant" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden] -> [2010/06/18 18:26:18 | 000,008,192 | ---- | M] ()
"RTHDVCPL" -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s] -> [2011/03/20 15:57:27 | 006,489,704 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVP" -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"] -> [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)
"HP Quick Launch" -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe] -> [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"Malwarebytes' Anti-Malware" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Skype" ->  ["C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoActiveDesktop"]\\"NoActiveDesktop[/URL]" ->  [1] -> File not found
[URL="file://\\"NoActiveDesktopChanges"]\\"NoActiveDesktopChanges[/URL]" ->  [1] -> File not found
[URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [28] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[URL="file://\\"ConsentPromptBehaviorAdmin"]\\"ConsentPromptBehaviorAdmin[/URL]" ->  [5] -> File not found
[URL="file://\\"ConsentPromptBehaviorUser"]\\"ConsentPromptBehaviorUser[/URL]" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDesktopCleanupWizard"]\\"NoDesktopCleanupWizard[/URL]" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [Button: &Virtual Keyboard] -> [2010/10/05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [Button: URLs c&heck] -> [2010/10/05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [Button: &Virtual Keyboard] -> [2010/10/05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}:{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} [HKLM] -> C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll [Button: Window Shopper] -> [2010/09/26 07:32:26 | 000,303,104 | ---- | M] (Superfish)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [Button: URLs c&heck] -> [2010/10/05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> [URL]http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s[/URL] -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> [URL]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/URL] [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0971C9A0-5EF9-4006-B583-0534F8AF2AF6}\\DhcpNameServer -> 192.168.1.1   (Realtek PCIe FE Family Controller) -> 
{8A77247A-8A94-42E9-8DD7-4FB12D1D9AE6}\\DhcpNameServer -> 192.168.1.1   (Broadcom 4313 802.11b/g/n) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
"User Stylesheet" -> 
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll ->  -> File not found
C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll ->  -> File not found
*MultiFile Done* -> -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~2\KASPER~1\KASPER~3\mzvkbd3.dll -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll -> [2010/10/05 20:27:10 | 000,109,240 | ---- | M] (Kaspersky Lab ZAO)
*MultiFile Done* -> -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 20:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
klogon -> C:\Windows\SysNative\klogon.dll -> [2010/10/05 20:27:52 | 000,233,656 | ---- | M] (Kaspersky Lab ZAO)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0436250A-5E8A-4CD8-84E9-C0F258A855D9} -> rport=1900 | profile=domain | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-150"][email protected],-150[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{0F29A4FF-9D5E-4A92-9EAF-509DFFC80013} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{12C664A2-FB09-4655-B24C-E7855E6EFB94} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-32809"][email protected],-32809[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{13839D9A-FB7D-402C-A046-46B25511178A} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28548"][email protected],-28548[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{2616FF4E-2660-4FB7-B589-6412965A92C9} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32789"][email protected],-32789[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{3424376E-5B1A-4472-8793-2235EE388C98} -> rport=2869 | profile=domain | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-152"][email protected],-152[/EMAIL] | app=system | 
{35835AD4-1CAD-4AA1-BAD0-32D5537CCB5A} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
{4EABA665-A618-4374-9D9C-A7AAC0E6D8FC} -> lport=67 | profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-144"][email protected],-144[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | 
{51E09F63-E85A-49C6-92F3-2D1868757309} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28515"][email protected],-28515[/EMAIL] | app=system | 
{5490CF0D-5128-4C1F-9CEF-10AD4FEFB294} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28503"][email protected],-28503[/EMAIL] | app=system | 
{57499CDE-9501-471F-9982-331204EC7995} -> lport=547 | profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-142"][email protected],-142[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | 
{67131FC1-CC20-4C8D-A44E-043EFB141800} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32805"][email protected],-32805[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{6BA96735-0F34-4496-8914-4DB7129B461D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{6CE564EE-E7F7-4699-B04B-A68D3329E72D} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-32801"][email protected],-32801[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{6E0B9C59-FCC4-4364-A027-D9EF201A93C5} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28507"][email protected],-28507[/EMAIL] | app=system | 
{6F70D903-3A04-495D-B9FE-667BFAF311A9} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28531"][email protected],-28531[/EMAIL] | app=system | 
{7FD86F87-FA5B-4168-A053-AEFF8EF65B52} -> lport=68 | profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-145"][email protected],-145[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | 
{8CA60E9A-4099-4218-9E5B-9E282A4F26E0} -> lport=1900 | profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-147"][email protected],-147[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{95A32AE8-A519-450B-9B72-B0CC9AF7366D} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28511"][email protected],-28511[/EMAIL] | app=system | 
{9D964924-7CB3-45E1-BAE0-D44008C2284B} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28550"][email protected],-28550[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{A168E357-32CF-4705-A97F-947113ED4C5A} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-32753"][email protected],-32753[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{A879F345-3BE3-4B7E-AFBF-2E663FAD3394} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28539"][email protected],-28539[/EMAIL] | svc=rpcss | 
{C03FD88D-D243-4628-9DF9-38CEFAD11E7A} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32811"][email protected],-32811[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{C3425495-D995-452C-8B9E-3462BA9B6F4E} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-32757"][email protected],-32757[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{C7C3A054-2908-48FE-945D-C71C7E76CE5E} -> lport=2869 | profile=domain | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-146"][email protected],-146[/EMAIL] | app=system | 
{C94172EA-2839-4AA8-B8BD-6D04F2CCC097} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28535"][email protected],-28535[/EMAIL] | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{D14042DE-0B2F-4D05-81D6-A40C3C4A6869} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected]pi.dll,-32785"][email protected],-32785[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{EAC1B51E-1624-4B35-A7E0-496723C25AD0} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28519"][email protected],-28519[/EMAIL] | app=system | 
{F824F1FF-A720-4FD0-A7CC-341D86DBDC00} -> lport=53 | profile=domain | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-143"][email protected],-143[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | 
{F8743194-347A-4120-A555-FA69A800A8D9} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28527"][email protected],-28527[/EMAIL] | app=system | 
{F8CF256D-3A5C-443A-96C5-70787BC719DF} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28523"][email protected],-28523[/EMAIL] | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{10262EC5-A6E7-4A05-8569-3273D1874D0A} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{1A3D528A-30A3-4319-BF97-E9CBAC37CF3A} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{1F6EA44C-A95A-43C0-BC69-F66D8E28B0B7} -> profile=public | protocol=58 | dir=in | action=allow | [EMAIL="[email protected],-28545"][email protected],-28545[/EMAIL] | 
{243AB7B7-87B3-41D0-84ED-13ABB87F654A} -> profile=public | protocol=17 | dir=in | action=allow | name=google chrome | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe | 
{39FC1912-B142-4323-9764-AC2F4B4C6839} -> profile=public | protocol=17 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
{46D68AA0-7E9E-4C66-B5AB-F0C46B90F087} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
{5749CC31-D695-4A20-85AA-0E98F424BB8D} -> profile=public | protocol=1 | dir=in | action=allow | [EMAIL="[email protected],-28543"][email protected],-28543[/EMAIL] | 
{5ACD4E8B-27FD-47BE-B35B-F597282ED87C} -> profile=public | protocol=58 | dir=out | action=allow | [EMAIL="[email protected],-28546"][email protected],-28546[/EMAIL] | 
{5F2E203C-86E2-4DCF-9ECF-DB471DC2C921} -> profile=domain | protocol=58 | dir=in | action=allow | [EMAIL="[email protected],-148"][email protected],-148[/EMAIL] | 
{607B9267-F31A-40FE-9EFD-85D0E6A75AD5} -> profile=public | protocol=17 | dir=in | action=allow | name=roxio cinemanow 2.0 | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
{646B0565-563B-4F41-BD72-0914E71AA453} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{6B3ECC95-216F-4626-921C-A4961A2A2769} -> profile=public | protocol=6 | dir=in | action=allow | name=google chrome | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe | 
{8AA8DD53-FE5A-4ACA-AB97-63C15CADCB27} -> profile=public | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-32821"][email protected],-32821[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{8D41A220-B250-457A-B3D5-544AC814AC6D} -> profile=public | protocol=1 | dir=out | action=allow | [EMAIL="[email protected],-28544"][email protected],-28544[/EMAIL] | 
{941E5132-BE18-4120-BC27-AAB2C78552D4} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{A233F935-D9C7-4F18-AE1E-AB50AD01D40A} -> profile=domain | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-149"][email protected],-149[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{A9181A34-EF91-4F43-BF79-031C620F0598} -> profile=public | protocol=6 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
{AA288E5D-70B7-45E8-A33C-2B45D4878A43} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
{BA02EF4D-E6A1-4F11-9055-95BE43CDDE92} -> dir=in | action=allow | name=cyberlink powerdvd 9.0 | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
{C43C7705-CD50-47D6-BB00-5C079FF823F1} -> profile=public | protocol=6 | dir=in | action=allow | name=roxio cinemanow 2.0 | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
{E7842C57-C18A-4E44-8405-1ADD9A919164} -> profile=domain | dir=out | action=allow | [EMAIL="[email protected],-151"][email protected],-151[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [\SystemRoot\system32\drivers\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< 64bit-Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
"CinemaNow Service" -> -> 
"HP Wireless Assistant Service" -> -> 
"HPDrvMntSvc.exe" -> -> 
"hpqwmiex" -> -> 
"HPWMISVC" -> -> 
"RtVOsdService" -> -> 
< 64bit-Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 2 -> 
"startup" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 6/27/2011 1:17:48 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x728  Faulting application start time: 0x01cc34ee19cc5df4  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 60cece66-a0e1-11e0-b015-cd1f3ad90a0d
Application [ Error ] 6/27/2011 1:17:53 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x74c  Faulting application start time: 0x01cc34ee1d35f6f8  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 63db91bf-a0e1-11e0-b015-cd1f3ad90a0d
Application [ Error ] 6/27/2011 1:17:53 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x764  Faulting application start time: 0x01cc34ee1d5c0cfc  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 6401a7c3-a0e1-11e0-b015-cd1f3ad90a0d
Application [ Error ] 6/27/2011 1:32:48 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x3bc  Faulting application start time: 0x01cc34f032256870  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 7990956d-a0e3-11e0-b384-b6e209bed50e
Application [ Error ] 6/27/2011 2:42:03 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x798  Faulting application start time: 0x01cc34f9de600bff  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 25cd9a5d-a0ed-11e0-b947-b3e936fbd20c
Application [ Error ] 6/27/2011 2:42:08 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x7bc  Faulting application start time: 0x01cc34f9e22d9ece  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 28d33995-a0ed-11e0-b947-b3e936fbd20c
Application [ Error ] 6/27/2011 2:43:13 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x300  Faulting application start time: 0x01cc34fa08c1cc17  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 4f75af1f-a0ed-11e0-b947-b3e936fbd20c
Application [ Error ] 6/27/2011 2:43:22 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x3fc  Faulting application start time: 0x01cc34fa0e7e7d1f  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 552417e6-a0ed-11e0-b947-b3e936fbd20c
Application [ Error ] 6/27/2011 2:43:34 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x4f0  Faulting application start time: 0x01cc34fa158d318d  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 5c32cc54-a0ed-11e0-b947-b3e936fbd20c
Application [ Error ] 6/27/2011 2:43:41 PM Computer Name = Owner-HP | Source = Application Error | ID = 1000 -> Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc  Faulting module name: chrome.dll, version: 12.0.742.100, time stamp: 0x4df67d88  Exception code: 0x80000003  Fault offset: 0x005a6fb2  Faulting process id: 0x24c  Faulting application start time: 0x01cc34fa19ee59ad  Faulting application path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe  Faulting module path: C:\Users\Owner\AppData\Local\Google\Chrome\Application\12.0.742.100\chrome.dll  Report Id: 609655d4-a0ed-11e0-b947-b3e936fbd20c
Hewlett-Packard [ Error ] 4/8/2011 9:57:28 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = en-US Object reference not set to an instance of an object. Configurator    at Configurator.ConfiguratorClass.loadXML()     at Configurator.ConfiguratorClass..ctor(Boolean loadxml)     at HPSFConfigReader.ConfigHelper..ctor()     at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) 
Hewlett-Packard [ Error ] 4/8/2011 9:57:32 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041108085729.xml File not created by asset agent
Hewlett-Packard [ Error ] 5/2/2011 7:57:49 PM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = en-US Object reference not set to an instance of an object. Configurator    at Configurator.ConfiguratorClass.loadXML()     at Configurator.ConfiguratorClass..ctor(Boolean loadxml)     at HPSFConfigReader.ConfigHelper..ctor()     at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) 
Hewlett-Packard [ Error ] 5/2/2011 7:58:04 PM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051102065801.xml File not created by asset agent
Hewlett-Packard [ Error ] 6/2/2011 3:09:46 PM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061102020942.xml File not created by asset agent
Hewlett-Packard [ Error ] 6/14/2011 10:59:45 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = en-US Object reference not set to an instance of an object. Configurator    at Configurator.ConfiguratorClass.loadXML()     at Configurator.ConfiguratorClass..ctor(Boolean loadxml)     at HPSFConfigReader.ConfigHelper..ctor()     at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) 
Hewlett-Packard [ Error ] 6/14/2011 10:59:47 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = en-US Object reference not set to an instance of an object. Configurator    at Configurator.ConfiguratorClass.loadXML()     at Configurator.ConfiguratorClass..ctor(Boolean loadxml)     at HPSFConfigReader.ConfigHelper..ctor()     at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) 
Hewlett-Packard [ Error ] 6/14/2011 10:59:47 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = en-US Object reference not set to an instance of an object. Configurator    at Configurator.ConfiguratorClass.loadXML()     at Configurator.ConfiguratorClass..ctor(Boolean loadxml)     at HPSFConfigReader.ConfigHelper..ctor()     at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) 
Hewlett-Packard [ Error ] 6/14/2011 11:00:39 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061114100007.xml File not created by asset agent
Hewlett-Packard [ Error ] 6/14/2011 11:01:11 AM Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0 -> Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061114100039.xml File not created by asset agent
HP Wireless Assistant [ Error ] 6/20/2011 7:59:16 PM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args)
HP Wireless Assistant [ Error ] 6/20/2011 7:59:23 PM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = MainWindow.ShowImpl; not initialized, closing application...
HP Wireless Assistant [ Error ] 6/21/2011 8:59:58 AM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args)
HP Wireless Assistant [ Error ] 6/21/2011 9:00:00 AM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = MainWindow.ShowImpl; not initialized, closing application...
HP Wireless Assistant [ Error ] 6/21/2011 9:00:52 AM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args)
HP Wireless Assistant [ Error ] 6/21/2011 9:00:52 AM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = MainWindow.ShowImpl; not initialized, closing application...
HP Wireless Assistant [ Error ] 6/21/2011 12:57:09 PM Computer Name = Owner-HP | Source = HP WA Mobility Center Tile Link | ID = 0 -> Description = HardwareAccess.UnableToConnectException App.ApplicationStartup; a problem was encountered while starting the app and needs to terminate Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HPWA_MobilityCenterTileLink.App.ApplicationStartup(Object sender, StartupEventArgs args)
HP Wireless Assistant [ Error ] 6/21/2011 12:57:09 PM Computer Name = Owner-HP | Source = HP WA Mobility Center Tile Link | ID = 0 -> Description = System.NullReferenceException App.UpdateTileData; an unexpected error occured however the application will continue running Object reference not set to an instance of an object.    at HPWA_MobilityCenterTileLink.App.UpdateTileData(Boolean error)
HP Wireless Assistant [ Error ] 6/21/2011 12:57:35 PM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout)     at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args)
HP Wireless Assistant [ Error ] 6/21/2011 12:57:36 PM Computer Name = Owner-HP | Source = HP WA Application | ID = 0 -> Description = MainWindow.ShowImpl; not initialized, closing application...
Media Center [ Error ] 6/6/2011 8:40:47 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 7:40:46 AM - Error connecting to the internet.  7:40:47 AM -     Unable to contact server..  
Media Center [ Error ] 6/9/2011 10:19:21 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 9:19:21 AM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)  
Media Center [ Error ] 6/9/2011 11:20:34 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:20:34 AM - Failed to retrieve Directory (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)  
Media Center [ Error ] 6/9/2011 11:21:29 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:21:17 AM - Failed to retrieve NetTV (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)  
Media Center [ Error ] 6/9/2011 11:21:40 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:21:40 AM - Failed to retrieve MCEClientUX (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)  
Media Center [ Error ] 6/9/2011 11:21:40 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:21:40 AM - Failed to retrieve SportsSchedule (Error: The request was aborted: Could not create SSL/TLS secure channel.)  
Media Center [ Error ] 6/9/2011 11:21:40 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:21:40 AM - Failed to retrieve SportsV2 (Error: The request was aborted: Could not create SSL/TLS secure channel.)  
Media Center [ Error ] 6/16/2011 7:03:16 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 6:03:01 AM - Error connecting to the internet.  6:03:01 AM -     Unable to contact server..  
Media Center [ Error ] 6/17/2011 11:35:13 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 10:35:07 AM - Error connecting to the internet.  10:35:07 AM -     Unable to contact server..  
Media Center [ Error ] 6/26/2011 9:34:09 AM Computer Name = Owner-HP | Source = MCUpdate | ID = 0 -> Description = 8:34:01 AM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)  
System [ Error ] 5/19/2011 10:27:55 AM Computer Name = Owner-HP | Source = DCOM | ID = 10016 -> Description = 
System [ Error ] 5/19/2011 11:52:10 AM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 10:46:44 AM on ?5/?19/?2011 was unexpected.
System [ Error ] 5/19/2011 11:58:52 AM Computer Name = Owner-HP | Source = Service Control Manager | ID = 7022 -> Description = The Windows Update service hung on starting.
System [ Error ] 5/20/2011 12:24:31 PM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 11:20:23 AM on ?5/?20/?2011 was unexpected.
System [ Error ] 5/20/2011 4:27:43 PM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 3:18:17 PM on ?5/?20/?2011 was unexpected.
System [ Error ] 5/22/2011 8:52:15 AM Computer Name = Owner-HP | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 5/23/2011 9:34:28 AM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 8:27:40 AM on ?5/?23/?2011 was unexpected.
System [ Error ] 5/23/2011 10:51:03 AM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 9:49:36 AM on ?5/?23/?2011 was unexpected.
System [ Error ] 5/23/2011 4:05:51 PM Computer Name = Owner-HP | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 2:51:08 PM on ?5/?23/?2011 was unexpected.
System [ Error ] 5/23/2011 4:14:31 PM Computer Name = Owner-HP | Source = DCOM | ID = 10010 -> Description = 
 
[Files/Folders - Created Within 30 Days]
 New folder -> C:\Users\Owner\Desktop\New folder -> [2011/07/07 14:12:37 | 000,000,000 | ---D | C]
 Microsoft Easy Assist -> C:\Program Files (x86)\Microsoft Easy Assist -> [2011/07/07 12:05:59 | 000,000,000 | ---D | C]
 Applications -> C:\ProgramData\Applications -> [2011/07/07 12:05:13 | 000,000,000 | ---D | C]
 Java -> C:\Program Files (x86)\Common Files\Java -> [2011/07/04 11:12:54 | 000,000,000 | ---D | C]
 javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2011/07/04 11:11:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2011/07/04 11:11:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysWow64\java.exe -> [2011/07/04 11:11:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 {E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> [2011/07/04 09:07:47 | 000,000,000 | ---D | C]
 iolo -> C:\Users\Owner\AppData\Roaming\iolo -> [2011/07/03 23:43:15 | 000,000,000 | ---D | C]
 iolo -> C:\ProgramData\iolo -> [2011/07/03 23:43:15 | 000,000,000 | ---D | C]
 iolo -> C:\Program Files (x86)\iolo -> [2011/07/03 23:43:15 | 000,000,000 | ---D | C]
 WinMaximizer -> C:\ProgramData\WinMaximizer -> [2011/07/03 23:38:22 | 000,000,000 | ---D | C]
 Virus Removal Tool -> C:\Users\Owner\Desktop\Virus Removal Tool -> [2011/06/30 12:07:20 | 000,000,000 | ---D | C]
 MSXML 4.0 -> C:\Program Files (x86)\MSXML 4.0 -> [2011/06/30 10:31:15 | 000,000,000 | ---D | C]
 drvinst.exe -> C:\Windows\SysWow64\drvinst.exe -> [2011/06/30 09:39:17 | 000,252,928 | ---- | C] (Microsoft Corporation)
 devrtl.dll -> C:\Windows\SysWow64\devrtl.dll -> [2011/06/30 09:39:17 | 000,044,544 | ---- | C] (Microsoft Corporation)
 tquery.dll -> C:\Windows\SysNative\tquery.dll -> [2011/06/30 09:39:14 | 002,315,776 | ---- | C] (Microsoft Corporation)
 mssrch.dll -> C:\Windows\SysNative\mssrch.dll -> [2011/06/30 09:39:14 | 002,223,616 | ---- | C] (Microsoft Corporation)
 mssrch.dll -> C:\Windows\SysWow64\mssrch.dll -> [2011/06/30 09:39:14 | 001,401,344 | ---- | C] (Microsoft Corporation)
 tquery.dll -> C:\Windows\SysWow64\tquery.dll -> [2011/06/30 09:39:13 | 001,549,312 | ---- | C] (Microsoft Corporation)
 mssvp.dll -> C:\Windows\SysNative\mssvp.dll -> [2011/06/30 09:39:13 | 000,778,752 | ---- | C] (Microsoft Corporation)
 mssph.dll -> C:\Windows\SysNative\mssph.dll -> [2011/06/30 09:39:13 | 000,491,520 | ---- | C] (Microsoft Corporation)
 mssph.dll -> C:\Windows\SysWow64\mssph.dll -> [2011/06/30 09:39:13 | 000,337,408 | ---- | C] (Microsoft Corporation)
 SearchProtocolHost.exe -> C:\Windows\SysNative\SearchProtocolHost.exe -> [2011/06/30 09:39:13 | 000,249,856 | ---- | C] (Microsoft Corporation)
 SearchFilterHost.exe -> C:\Windows\SysNative\SearchFilterHost.exe -> [2011/06/30 09:39:13 | 000,113,664 | ---- | C] (Microsoft Corporation)
 mssvp.dll -> C:\Windows\SysWow64\mssvp.dll -> [2011/06/30 09:39:12 | 000,666,624 | ---- | C] (Microsoft Corporation)
 mssphtb.dll -> C:\Windows\SysNative\mssphtb.dll -> [2011/06/30 09:39:12 | 000,288,256 | ---- | C] (Microsoft Corporation)
 mssphtb.dll -> C:\Windows\SysWow64\mssphtb.dll -> [2011/06/30 09:39:12 | 000,197,120 | ---- | C] (Microsoft Corporation)
 msscntrs.dll -> C:\Windows\SysNative\msscntrs.dll -> [2011/06/30 09:39:12 | 000,075,264 | ---- | C] (Microsoft Corporation)
 msscntrs.dll -> C:\Windows\SysWow64\msscntrs.dll -> [2011/06/30 09:39:12 | 000,059,392 | ---- | C] (Microsoft Corporation)
 pss -> C:\Windows\pss -> [2011/06/27 10:54:47 | 000,000,000 | ---D | C]
 RegCure -> C:\ProgramData\RegCure -> [2011/06/27 10:20:42 | 000,000,000 | ---D | C]
 RegCure -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCure -> [2011/06/27 10:20:42 | 000,000,000 | ---D | C]
 RegCure -> C:\Program Files (x86)\RegCure -> [2011/06/27 10:20:41 | 000,000,000 | ---D | C]
 Adobe -> C:\Program Files (x86)\Common Files\Adobe -> [2011/06/23 16:04:40 | 000,000,000 | ---D | C]
 My Google Gadgets -> C:\Users\Owner\Documents\My Google Gadgets -> [2011/06/23 14:37:37 | 000,000,000 | ---D | C]
 New folder (2) -> C:\Users\Owner\Documents\New folder (2) -> [2011/06/22 19:18:41 | 000,000,000 | ---D | C]
 New folder -> C:\Users\Owner\Documents\New folder -> [2011/06/22 19:18:11 | 000,000,000 | ---D | C]
 Kaspersky Anti-Virus 2011 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011 -> [2011/06/17 13:30:25 | 000,000,000 | ---D | C]
 Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2011/06/17 13:25:34 | 000,000,000 | ---D | C]
 Kaspersky Lab Setup Files -> C:\ProgramData\Kaspersky Lab Setup Files -> [2011/06/17 13:23:47 | 000,000,000 | ---D | C]
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2011/06/17 12:32:51 | 000,096,256 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2011/06/17 12:32:51 | 000,072,704 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2011/06/17 12:32:50 | 000,176,640 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2011/06/17 12:32:49 | 002,303,488 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysWow64\jscript9.dll -> [2011/06/17 12:32:49 | 001,797,632 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2011/06/17 12:32:49 | 000,248,320 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2011/06/17 12:32:48 | 000,818,176 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2011/06/17 12:32:48 | 000,716,800 | ---- | C] (Microsoft Corporation)
 oleaut32.dll -> C:\Windows\SysNative\oleaut32.dll -> [2011/06/17 12:24:11 | 000,861,696 | ---- | C] (Microsoft Corporation)
 Kaspersky Lab ZAO -> C:\ProgramData\Kaspersky Lab ZAO -> [2011/06/16 08:03:17 | 000,000,000 | ---D | C]
 Last.fm -> C:\ProgramData\Last.fm -> [2011/06/15 10:43:25 | 000,000,000 | ---D | C]
 Last.fm -> C:\Users\Owner\AppData\Local\Last.fm -> [2011/06/15 10:41:53 | 000,000,000 | ---D | C]
 Last.fm -> C:\Program Files (x86)\Last.fm -> [2011/06/15 10:41:36 | 000,000,000 | ---D | C]
 cookie -> C:\Users\Owner\cookie -> [2011/06/14 21:26:36 | 000,000,000 | ---D | C]
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2011/06/14 12:24:26 | 000,060,416 | ---- | C] (NirSoft)
 Uniblue -> C:\Users\Owner\AppData\Roaming\Uniblue -> [2011/06/14 11:08:37 | 000,000,000 | ---D | C]
 {AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} -> C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} -> [2011/06/14 11:08:34 | 000,000,000 | -H-D | C]
 Uniblue -> C:\Program Files (x86)\Uniblue -> [2011/06/14 11:08:34 | 000,000,000 | ---D | C]
 javaws.exe -> C:\Windows\SysNative\javaws.exe -> [2011/06/13 15:07:34 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysNative\javaw.exe -> [2011/06/13 15:07:34 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysNative\java.exe -> [2011/06/13 15:07:34 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.)
 DriverPerformer -> C:\Users\Owner\Documents\DriverPerformer -> [2011/06/13 13:00:48 | 000,000,000 | ---D | C]
 Superfish -> C:\Program Files (x86)\Superfish -> [2011/06/13 12:58:54 | 000,000,000 | ---D | C]
 StartNow Toolbar -> C:\Program Files (x86)\StartNow Toolbar -> [2011/06/13 12:58:35 | 000,000,000 | ---D | C]
 RegZooka -> C:\Program Files (x86)\RegZooka -> [2011/06/11 12:21:26 | 000,000,000 | ---D | C]
 Passwords Database -> C:\Users\Owner\Documents\Passwords Database -> [2011/06/10 18:27:10 | 000,000,000 | --SD | C]
 ConsumerSoft -> C:\Users\Owner\AppData\Roaming\ConsumerSoft -> [2011/06/10 18:00:17 | 000,000,000 | ---D | C]
 ConsumerSoft -> C:\Program Files (x86)\ConsumerSoft -> [2011/06/10 18:00:05 | 000,000,000 | ---D | C]
 My Widgets -> C:\Users\Owner\Documents\My Widgets -> [2011/06/09 12:16:15 | 000,000,000 | ---D | C]
 1 C:\*.tmp files -> C:\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe - Shortcut (2).lnk -> C:\Users\Owner\Desktop\OTS.exe - Shortcut (2).lnk -> [2011/07/07 14:39:08 | 000,003,290 | ---- | M] ()
 OTS.exe - Shortcut.lnk -> C:\Users\Owner\Desktop\OTS.exe - Shortcut.lnk -> [2011/07/07 14:16:26 | 000,001,053 | ---- | M] ()
 104.1 WIKY.url -> C:\Users\Owner\Desktop\104.1 WIKY.url -> [2011/07/07 13:29:09 | 000,000,109 | ---- | M] ()
 Claimant Self Service Logon.url -> C:\Users\Owner\Desktop\Claimant Self Service Logon.url -> [2011/07/07 12:46:44 | 000,000,128 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/07 10:47:30 | 000,023,248 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/07 10:47:30 | 000,023,248 | -H-- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/07/07 10:43:16 | 000,726,316 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/07/07 10:43:16 | 000,624,178 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/07/07 10:43:16 | 000,106,522 | ---- | M] ()
 hosts.ics -> C:\Windows\SysNative\drivers\etc\hosts.ics -> [2011/07/07 10:38:13 | 000,000,433 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/07/07 10:38:07 | 000,067,584 | --S- | M] ()
 WinMaximizer-Owner-Startup.job -> C:\Windows\tasks\WinMaximizer-Owner-Startup.job -> [2011/07/07 08:40:02 | 000,000,332 | ---- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/07/07 08:38:49 | 2210,582,528 | -HS- | M] ()
 deployJava1.dll -> C:\Windows\SysWow64\deployJava1.dll -> [2011/07/04 11:11:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.)
 javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2011/07/04 11:11:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2011/07/04 11:11:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysWow64\java.exe -> [2011/07/04 11:11:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 System Checkup.lnk -> C:\Users\Owner\Documents\System Checkup.lnk -> [2011/07/03 23:43:21 | 000,001,131 | ---- | M] ()
 iGoogle.url -> C:\Users\Owner\Desktop\iGoogle.url -> [2011/07/03 09:38:54 | 000,000,170 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/06/30 16:22:34 | 000,425,368 | ---- | M] ()
 Basics Portable - Shortcut.lnk -> C:\Users\Owner\Desktop\Basics Portable - Shortcut.lnk -> [2011/06/29 20:02:54 | 000,001,079 | ---- | M] ()
 klin.dat -> C:\Windows\SysNative\drivers\klin.dat -> [2011/06/24 12:12:44 | 000,152,233 | ---- | M] ()
 klick.dat -> C:\Windows\SysNative\drivers\klick.dat -> [2011/06/24 12:12:44 | 000,107,075 | ---- | M] ()
 Adobe Reader X.lnk -> C:\Users\Public\Desktop\Adobe Reader X.lnk -> [2011/06/23 16:04:55 | 000,001,979 | ---- | M] ()
 Speed up your PC - Explore Windows - Microsoft Windows.url -> C:\Users\Owner\Desktop\Speed up your PC - Explore Windows - Microsoft Windows.url -> [2011/06/23 14:02:09 | 000,000,220 | ---- | M] ()
 epplauncher.mif -> C:\Windows\epplauncher.mif -> [2011/06/23 12:11:39 | 000,002,052 | ---- | M] ()
 C.A. Jones Management Group LLC.url -> C:\Users\Owner\Desktop\C.A. Jones Management Group LLC.url -> [2011/06/21 08:29:32 | 000,000,130 | ---- | M] ()
 Kapersky2customscripts.zip -> C:\Users\Owner\Documents\Kapersky2customscripts.zip -> [2011/06/20 19:39:56 | 000,000,142 | ---- | M] ()
 Kapersky2customscripts6-30-11 -> C:\Users\Owner\Documents\Kapersky2customscripts6-30-11 -> [2011/06/20 19:07:22 | 000,000,000 | ---- | M] ()
 Kapersky2customscripts -> C:\Users\Owner\Documents\Kapersky2customscripts -> [2011/06/20 19:07:22 | 000,000,000 | ---- | M] ()
 GetSystemInfo_OWNER-HP_Owner_2011_06_20_18_56_28.zip -> C:\Users\Owner\Desktop\GetSystemInfo_OWNER-HP_Owner_2011_06_20_18_56_28.zip -> [2011/06/20 18:57:43 | 000,114,624 | ---- | M] ()
 Capital One Online Banking  Accounts Summary.url -> C:\Users\Owner\Desktop\Capital One Online Banking  Accounts Summary.url -> [2011/06/20 10:12:07 | 000,000,184 | ---- | M] ()
 Vulnerability Scan.lnk -> C:\Users\Owner\Desktop\Vulnerability Scan.lnk -> [2011/06/18 08:08:25 | 000,001,976 | ---- | M] ()
 Full Scan.lnk -> C:\Users\Owner\Desktop\Full Scan.lnk -> [2011/06/18 08:08:20 | 000,001,968 | ---- | M] ()
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2011/06/17 14:19:30 | 000,404,640 | ---- | M] (Adobe Systems Incorporated)
 microsoft.url -> C:\Users\Owner\Desktop\microsoft.url -> [2011/06/15 12:44:28 | 000,000,213 | ---- | M] ()
 GhostObjGAFix.xml -> C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml -> [2011/06/14 10:01:09 | 000,001,854 | ---- | M] ()
 deployJava1.dll -> C:\Windows\SysNative\deployJava1.dll -> [2011/06/13 15:07:21 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.)
 javaws.exe -> C:\Windows\SysNative\javaws.exe -> [2011/06/13 15:07:21 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysNative\javaw.exe -> [2011/06/13 15:07:21 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysNative\java.exe -> [2011/06/13 15:07:21 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.)
 1 C:\*.tmp files -> C:\*.tmp -> 
 
[Files - No Company Name]
 OTS.exe - Shortcut.lnk -> C:\Users\Owner\Desktop\OTS.exe - Shortcut.lnk -> [2011/07/07 14:16:26 | 000,001,053 | ---- | C] ()
 System Checkup.lnk -> C:\Users\Owner\Documents\System Checkup.lnk -> [2011/07/07 13:31:39 | 000,001,131 | ---- | C] ()
 104.1 WIKY.url -> C:\Users\Owner\Desktop\104.1 WIKY.url -> [2011/07/07 13:29:09 | 000,000,109 | ---- | C] ()
 Claimant Self Service Logon.url -> C:\Users\Owner\Desktop\Claimant Self Service Logon.url -> [2011/07/07 12:46:44 | 000,000,128 | ---- | C] ()
 WinMaximizer-Owner-Startup.job -> C:\Windows\tasks\WinMaximizer-Owner-Startup.job -> [2011/07/03 23:38:26 | 000,000,332 | ---- | C] ()
 iGoogle.url -> C:\Users\Owner\Desktop\iGoogle.url -> [2011/07/03 09:38:54 | 000,000,170 | ---- | C] ()
 Kapersky2customscripts6-30-11 -> C:\Users\Owner\Documents\Kapersky2customscripts6-30-11 -> [2011/06/30 17:57:28 | 000,000,000 | ---- | C] ()
 Basics Portable - Shortcut.lnk -> C:\Users\Owner\Desktop\Basics Portable - Shortcut.lnk -> [2011/06/29 20:02:54 | 000,001,079 | ---- | C] ()
 Adobe Reader X.lnk -> C:\Users\Public\Desktop\Adobe Reader X.lnk -> [2011/06/23 16:04:55 | 000,001,979 | ---- | C] ()
 Adobe Reader X.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> [2011/06/23 16:04:54 | 000,002,441 | ---- | C] ()
 Speed up your PC - Explore Windows - Microsoft Windows.url -> C:\Users\Owner\Desktop\Speed up your PC - Explore Windows - Microsoft Windows.url -> [2011/06/23 14:02:09 | 000,000,220 | ---- | C] ()
 epplauncher.mif -> C:\Windows\epplauncher.mif -> [2011/06/23 12:11:39 | 000,002,052 | ---- | C] ()
 C.A. Jones Management Group LLC.url -> C:\Users\Owner\Desktop\C.A. Jones Management Group LLC.url -> [2011/06/21 08:29:32 | 000,000,130 | ---- | C] ()
 Kapersky2customscripts.zip -> C:\Users\Owner\Documents\Kapersky2customscripts.zip -> [2011/06/20 19:39:55 | 000,000,142 | ---- | C] ()
 Kapersky2customscripts -> C:\Users\Owner\Documents\Kapersky2customscripts -> [2011/06/20 19:37:39 | 000,000,000 | ---- | C] ()
 GetSystemInfo_OWNER-HP_Owner_2011_06_20_18_56_28.zip -> C:\Users\Owner\Desktop\GetSystemInfo_OWNER-HP_Owner_2011_06_20_18_56_28.zip -> [2011/06/20 18:56:51 | 000,114,624 | ---- | C] ()
 Capital One Online Banking  Accounts Summary.url -> C:\Users\Owner\Desktop\Capital One Online Banking  Accounts Summary.url -> [2011/06/20 10:12:07 | 000,000,184 | ---- | C] ()
 Vulnerability Scan.lnk -> C:\Users\Owner\Desktop\Vulnerability Scan.lnk -> [2011/06/18 08:08:25 | 000,001,976 | ---- | C] ()
 Full Scan.lnk -> C:\Users\Owner\Desktop\Full Scan.lnk -> [2011/06/18 08:08:20 | 000,001,968 | ---- | C] ()
 klin.dat -> C:\Windows\SysNative\drivers\klin.dat -> [2011/06/17 13:27:10 | 000,152,233 | ---- | C] ()
 klick.dat -> C:\Windows\SysNative\drivers\klick.dat -> [2011/06/17 13:27:10 | 000,107,075 | ---- | C] ()
 microsoft.url -> C:\Users\Owner\Desktop\microsoft.url -> [2011/06/15 12:44:28 | 000,000,213 | ---- | C] ()
 reimage.ini -> C:\Windows\reimage.ini -> [2011/06/02 18:17:53 | 000,000,286 | ---- | C] ()
 resmon.resmoncfg -> C:\Users\Owner\AppData\Local\resmon.resmoncfg -> [2011/05/25 11:06:39 | 000,000,017 | ---- | C] ()
 GhostObjGAFix.xml -> C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml -> [2011/03/28 08:21:18 | 000,001,854 | ---- | C] ()
 ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2010/11/20 03:49:18 | 000,000,000 | ---- | C] ()
 RStoneLog2.ini -> C:\Windows\SysWow64\RStoneLog2.ini -> [2010/11/20 03:40:34 | 000,000,268 | ---- | C] ()
 RStoneLog.ini -> C:\Windows\SysWow64\RStoneLog.ini -> [2010/11/20 03:40:34 | 000,000,209 | ---- | C] ()
 HPWA.ini -> C:\Windows\SysWow64\HPWA.ini -> [2010/07/14 12:32:50 | 000,000,188 | ---- | C] ()
 HP Documentation.ini -> C:\Windows\SysWow64\HP Documentation.ini -> [2010/07/14 11:30:39 | 000,000,186 | ---- | C] ()
 atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2010/06/15 22:28:54 | 000,002,857 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 00:38:36 | 000,067,584 | --S- | C] ()
 NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 21:35:51 | 000,000,741 | ---- | C] ()
 dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 21:34:42 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2009/07/13 19:10:29 | 000,043,131 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] ()
 igkrng400.bin -> C:\Windows\SysWow64\igkrng400.bin -> [2009/07/13 16:59:36 | 001,498,564 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] ()
 mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 16:26:10 | 000,673,088 | ---- | C] ()
< End of report >
```


----------



## Cookiegal (Aug 27, 2003)

You seem to have installed several registry cleaners, optimizer programs since we started working together. Please don't install such programs as a properly maintained system doesn't need them and they could cause more harm than good.

Please uninstall the following:

RegCure
RegZooka
StartNow Toolbar 2.0
UniBlue
WinMaximizer

Then reboot the computer to ensure complete uninstallation.

Then do the following:

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with two new HijackThis logs please (the regular scan and a new uninstall list).

```
[Kill All Processes]
[Unregister Dlls]
[Processes - Safe List]
YY -> toolbarupdaterservice.exe -> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
[Win32 Services - Safe List]
YY -> (Toolbar Updater Service) Toolbar Updater Service [Auto | Running] -> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {6E13D095-45C3-4271-9475-F3B48227DD9F} [HKLM] -> C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll [StartNow Toolbar Helper]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{5911488E-9D1E-40ec-8CBB-06B231CC153F}" [HKLM] -> C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll [StartNow Toolbar]
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll -> 
YN -> C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll -> 
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
[Files/Folders - Created Within 30 Days]
NY ->  RegCure -> C:\ProgramData\RegCure
NY ->  RegCure -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCure
NY ->  RegCure -> C:\Program Files (x86)\RegCure
NY ->  StartNow Toolbar -> C:\Program Files (x86)\StartNow Toolbar
NY ->  RegZooka -> C:\Program Files (x86)\RegZooka
NY ->  1 C:\*.tmp files -> C:\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  1 C:\*.tmp files -> C:\*.tmp
[Files - No Company Name]
NY ->  WinMaximizer-Owner-Startup.job -> C:\Windows\tasks\WinMaximizer-Owner-Startup.job
[Empty Temp Folders]
[EmptyFlash]
[Start Explorer]
[Reboot]
```


----------



## mmddevansville (May 30, 2011)

All Processes Killed
[Processes - Safe List]
No active process named toolbarupdaterservice.exe was found!
File C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe not found.
[Win32 Services - Safe List]
Error: No service named Toolbar Updater Service was found to stop!
Service\Driver key Toolbar Updater Service not found.
File C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe not found.
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ not found.
File C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ not found.
File C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll not found.
[Files/Folders - Created Within 30 Days]
C:\ProgramData\RegCure folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCure folder moved successfully.
C:\Program Files (x86)\RegCure\Logs folder moved successfully.
C:\Program Files (x86)\RegCure folder moved successfully.
File C:\Program Files (x86)\StartNow Toolbar not found!
C:\Program Files (x86)\RegZooka\Logs folder moved successfully.
C:\Program Files (x86)\RegZooka folder moved successfully.
C:\kleaner.tmp\kln3BE8.tmp deleted successfully.
C:\kleaner.tmp folder deleted successfully.
[Files/Folders - Modified Within 30 Days]
[Files - No Company Name]
C:\Windows\tasks\WinMaximizer-Owner-Startup.job moved successfully.
[Empty Temp Folders]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: michael
->Temp folder emptied: 37880 bytes
->Temporary Internet Files folder emptied: 1948893 bytes
->Flash cache emptied: 42076 bytes

User: Owner
->Temp folder emptied: 49219987 bytes
->Temporary Internet Files folder emptied: 1167702338 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 207342806 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1183 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64046550 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 20051766 bytes

Total Files Cleaned = 1,440.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: michael
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 07082011_112422
Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\12G91JPP\999854-adobe-unexpected-things-15[1].htm moved successfully.
This is the run fix file

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\klsC77.tmp not found!
Registry entries deleted on Reboot...


----------



## mmddevansville (May 30, 2011)

I think I was supposed to do this first and misunderstood...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:32:21 AM, on 7/8/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Users\Owner\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Multiply AutoUploader.lnk = C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~3\mzvkbd3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10368 bytes


----------



## mmddevansville (May 30, 2011)

ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
AMD USB Filter Driver
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Catalyst Control Center - Branding
CinemaNow Media Manager
CyberLink DVD Suite
CyberLink DVD Suite
CyberLink MediaShow
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink PowerDVD 9
CyberLink YouCam
CyberLink YouCam
Definition update for Microsoft Office 2010 (KB982726)
Energy Star Digital Logo
ESU for Microsoft Windows 7
HP Customer Experience Enhancements
HP Documentation
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
InstallIQ Updater
Java(TM) 6 Update 26
Junk Mail filter update
Kaspersky Anti-Virus 2011
Kaspersky Anti-Virus 2011
LabelPrint
LabelPrint
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Easy Assist v2
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
MSXML 4.0 SP3 Parser
Multiply AutoUploader
Multiply AutoUploader
NetAssistant
PhotoNow!
PhotoNow!
Power2Go
Power2Go
PowerDirector
PowerDirector
Radio365 2.1
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Secunia CSI (4.1.0.2007)
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2494150)
Window Shopper
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Uninstall List I found it...thank goodness


----------



## Cookiegal (Aug 27, 2003)

Very good. 

Weren't you supposed to uninstall Kaspersky Anti-Virus and keep Kaspersky Internet Security?


----------



## mmddevansville (May 30, 2011)

Thank you...couldn't have done it without your instructions, I kept anti-virus since its the one that was on here when I got the computer March 5th...I don't know how much time until I go to the errand I have to do, but I am still here.


----------



## Cookiegal (Aug 27, 2003)

Adobe Reader is showing as installed now so everything looks fine.

What problems remain, if any?


----------



## mmddevansville (May 30, 2011)

None that I am aware of thank goodness....You have really done so much I appreciate this more than I can say, and you know I wouldn't be using this thing by now if someone had not helped me, and took the time to be patient. diane What do i do with all of the files we have made that are here? Keep them or well whatever you say to do with them I will.


----------



## Cookiegal (Aug 27, 2003)

You're welcome. 

You can uninstall the following by dragging them to the Recycle Bin:

HijackThis 
OTS
DDS

Here are some final instructions for you.

*Follow these steps to uninstall ComboFix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the run box and click *OK*. Note the *space* between the *x* and the *u*, it needs to be there. The screenshot says "ComboFix /u" but this has been changed so please type the command as indicated above.









Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

Follow the instructions in the link below to turn off system protection. This will delete all existing system restore points to flush them out. Then be sure to turn it back on again:

http://www.sevenforums.com/tutorials/330-system-protection-turn-off.html

Then follow the instructions in the link below to create a new restore point:

http://www.sevenforums.com/tutorials/697-system-restore-point-create.html


----------



## mmddevansville (May 30, 2011)

Good Morning Cookie, I am having no success with getting combofix to appear so I can get it off here. I tried off and on since I got your instructions. thanks, diane


----------



## Cookiegal (Aug 27, 2003)

What do you mean by "getting it to appear"? Did you enter the command?


----------



## mmddevansville (May 30, 2011)

Yes and I have searched through everything to find it documents, downloads...I just meant combofix is not found when I enter the command. I will keep trying.Cookie... Under Qoobox Combofix 2 and Combofix Quarantined files; I found combofix file under local documents and have it ready to paste, but no combofix / u to uninstall yet. These are June 14 and June 15 that you had me do when we were working on all of it. I will keep trying to find the combofix to be uninstalled. diane


----------



## Cookiegal (Aug 27, 2003)

You'rre not running the proper command, it should be *ComboFix /uninstall *(not ComboFix /u).


----------



## mmddevansville (May 30, 2011)

The only command that comes up when I type this in the run bar is combofix.txt


----------



## Cookiegal (Aug 27, 2003)

Exactly what is the command you are typing please?


----------



## mmddevansville (May 30, 2011)

Combofix /uninstall I wish I could find it anywhere in the computer...



Thursday 7-14-
Good Morning, I am still trying to find the Combofix to uninstall .....I just tried to open documents using acrobat reader as the computer asked and it took me offline until I closed the place on my toolbar with windows symbol with pernmission to open etc....I am really baffled by this but am hoping its nothing....Hope you are having a good day so far. diane


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> Combofix /uninstall I wish I could find it anywhere in the computer...
> 
> Thursday 7-14-
> Good Morning, I am still trying to find the Combofix to uninstall .....*I just tried to open documents using acrobat reader as the computer asked and it took me offline until I closed the place on my toolbar with windows symbol with pernmission to open etc.*...I am really baffled by this but am hoping its nothing....Hope you are having a good day so far. diane


I don't understand the bolded part.

Are these pdf documents?

Can you post a screenshot of what you're seeing?

As for ComboFix, you were running it from the Temporary Intenret Files so it's probably been deleted by now.

You can delete this folder if it still exists:

C:\*Qoobox*.


----------



## mmddevansville (May 30, 2011)

The bold type is where I edited the message I wrote yesterday to tell you what is going on, I was going through the documents and tried to open one of them, don't remember which, anyway it asked to use Acrobat Reader, when I clicked ok, well, there it went right into safe mode like it did, I guess it was a couple of weeks ago, remember when I thought the computer was torn up because it wouldn't start up normally? I know exactly where Q..... is and I am going to delete it asap .....Anything else....you need me to do I will, and I will edit onto this message to save room like you asked me to once. I am glad you are sure combofix/uninstall must be gone, I have looked all over this laptop for it. thank you again Cookie....diane




Adding to todays post here.....
Everything in Quoobox deleted except for a folder named BackEnv which needs permissions, I will figure it out surely...




Reply to post below...No cookie it doesn't even re-boot, it just goes directly into it and if I can check out of everthing I might have going at the time, then it comes back to normal mode...the first time it stayed there 4 or 5 days because I didn't know to go into internet options and reset everything....the man at insight on the phone told me what to do to fix it, but I still hate to say it I am afraid its some kind of malfunction....I will do this but if I can't get back to you you'll know I am in a fix here!! diane



I am trying to find on the iGoogle options where to check to go offline, I am sure I am just missing it, Also Shouldn't active X be checked in the tools options??? I just don't know how that could have happened to get unchecked unless I did it....I will shut computer off re-boot it in safe mode to get this Backenv off. diane


****** Cookie, 
I didn't fully answer your question about this safe mode problem.... yes it did re-boot in safe mode when I re-booted trying to get it back to normal, all it would do was boot-up into safe and would not go back....no matter what I tried.
But that hasn't happened in about two weeks, and it has also done the other that I described above, just today..and one or two other times, since the episode where it stayed in safe mode for a few days before I found out about reset. I hope this isn't too confusing the way I explained it. diane


----------



## Cookiegal (Aug 27, 2003)

When you say it takes you to safe mode do you mean the computer reboots to safe mode?

Try deleting the BackEnv folder in safe mode.


----------



## mmddevansville (May 30, 2011)

Adobe reader is definitly the problem, when I went to find information on a medicine web-site, musinex..adobe asked permission to do something, I clicked yes then it immediately took my pc into off-line mode...I was able to check out of there and get back to on-line mode...it is so weird...I will be gone for a while, please help me get this straightened out so I can use the computer and printer ok? I will be back later for instructions.....


----------



## Cookiegal (Aug 27, 2003)

Please give me the exact message you got from Adobe asking permission "to do something" as that is too vague. And which page of the site were you on?


----------



## mmddevansville (May 30, 2011)

I was at My Computer Local Disc C and working on trying to change permissions for the Quoobox and BackEnv one more time this morning....Then whenever I read your post I tried at the Freeze.com inbox.com which are all under freeze.com, when I tried opening this, the message at the new window on my screen said that Windows could not display the web-page.


----------



## Cookiegal (Aug 27, 2003)

I'm afraid you've lost me. I have no idea what this all has to do with Freeze.com or Adobe Reader.


----------



## mmddevansville (May 30, 2011)

That is when the computer has switched from normal to the safe mode or whatever its called. It goes right off into the other way of viewing everything on the screen, mainly I notice that the screen is magnified about 5x as big in type and all ....I don't understand it at all either. Good news... I did get the printer fully installed today which I am really glad of. thanks for helping me and I will be back on Monday, hopefully!


----------



## Cookiegal (Aug 27, 2003)

But does it reboot and then start that way (in safe mode) or does the display just suddenly change for larger icons, etc.?


----------



## mmddevansville (May 30, 2011)

It does it suddently, just like if we clicked on it to make it load up.


----------



## Cookiegal (Aug 27, 2003)

This happens when you try to open Adobe from the icon on your desktop?

It makes the machine reboot?

Please answer the specific questions.


----------



## mmddevansville (May 30, 2011)

No, when I am at a site where Adobe asks if I want to use the program to view the item from a page I am on.
I have to try and get it out of the safe mode by exiting the page, until it goes back into the normal view....But the time it stayed there for 4 days I had to reset in Internet explorer options like they told me to on the phone..that was a technicsal support person from our cable/internet company, who wanted to be sure I didn't go where I got the computer and have to spend alot to fix it. When I was in safe mode or whatever for a few days I kept re booting trying to see if the machine would go back into normal start up and work the way it had before. I don't have adobe icon on the desktop though, its just in my programs list. 
I hope I have explained this so you'll know what happens.


----------



## Cookiegal (Aug 27, 2003)

Please go to a site where this will happen and copy or type the entire message Adobe gives you exactly as you see it (upload a screenshot of the page showing the web page as well).


----------



## mmddevansville (May 30, 2011)

How do I upload a screenshot Cookie? I don't know how to do that part.

Here is what the message says 
I am at D drive folders....
Folder nameiane Tax after clicking here it goes to...
Program
AcroRd32.exe
Verified Publisher-Adobe Systems Incorporated
File Origin-Hard Drive on this Computer
Do you want this program to make changes to this computer? Yes/No

This is all I have unless I check yes and then thats when it goes to the big print and all that I told you about yesterday.. diane


----------



## Cookiegal (Aug 27, 2003)

To upload a screenshot:

When you have the page displayed that you want to take a screenshot of just hit the Print Screen key on your keyboard (on some keyboards it may only be shown as Prt Scrn or somethign like that and should be located in the upper row to the right of the F keys). By pressing that key, it copies the screenshot to the clipboard but you won't actually see anything happening.

Now, you need to open MS Paint so click on Start - All Programs - Accessories - and select Paint. Now right-click in the white space and select "paste" from the right-click menu and the image should appear. Now save the image and then upload it here.


----------



## mmddevansville (May 30, 2011)

I still am unable to get a screenshot of what you need....I got one of Secunia when I was trying to make sure I know how to do this, this morning, but it won't even paste to the message box to go to you. I am just not knowing what to do again....I have the adobe reader on each file it trys to open, to show up on the page, there is a dark background around it, I am sure you know what this looks like, anyway I am going to try and paste the secunia so you can see I at least got something.

When I got that message USER ACCOUNT CONTROL 
Do you want this program to make changes to your computer?

The computer went to safe or whatever it is, again this morning, but as I have done before I x'ed out of it and the computer went right back to normal ...I will try to attach the screenshot for you and hope you get something. diane


----------



## Cookiegal (Aug 27, 2003)

You can't just paste it into the reply windows, you have to scroll down below the reply box to where it says Manage Attachments and then click on "Browse" to locate the file on your computer. Then click on "Open" and then on "Upload" and finally submit the reply.


----------



## mmddevansville (May 30, 2011)

The same message just came up when I went to Go Advanced to browse for a file to send you, Cookie This is the message I told you about today and before too. I will try to go to the advanced below and see if this happens again...it also makes a ping noise, a soft sound. I think Reader has got my computer under control or something... I will try to send the one screenshot and make these replies in one message box...just will add to this after the screenshot try.


----------



## mmddevansville (May 30, 2011)

It looks a bit like a puzzle but this is the only thing I have managed to get a picture of for you. I tried sending another doc that reader requests permission for but Reader came in and stopped me from going any further just like when I try to open programs. 


**********New answer for post below...saving space*********

The very same thing, Thats what I went to documents to try and send to you the first time, a few minutes ago, and the same thing happened that always does when Reader is involved in opening a program. I just knew that since secunia had given my programs 100% just a few days ago, maybe a week ...whatever, that it meant everything was ok, until I tried opening up things. I just know no one else is as confused as I am Cookie. Do you think I should send you something else?


I did a bit of research into this, this is what the user account control message looks like, but this isn't my screenshot, since it still won't take on the page....It's this kind.... I will be back on probably tomorrow. Thanks Cookie


----------



## Cookiegal (Aug 27, 2003)

That doesn't show me the error message you're referring to.

You have a pdf document there on your desktop for your Canon printer. What happens when you double-click on that to open it?


----------



## mmddevansville (May 30, 2011)

Cookie, Adobe A Reader asked permission for me to open HP User Guide just now. I was trying to find a way to make the screen shot of the page, and an e-mail address of a business came up when I tried to paste into the Paint white screen. I will do this again and see if I can get this message to paste into paint and hopefully send it to you today.


----------



## Cookiegal (Aug 27, 2003)

In your screenshot of the UAC message, please click on More Details and show me what it says there.


----------



## mmddevansville (May 30, 2011)

I have been trying to get the screenshot of user control ....I am just not having any luck, I can't even paste out of paint now since I have been trying to get all of the others out that I started working on the other day. The shot of the user control I sent you was a copy of a page with this already attached to it I happened to find while working on this. I will try again if you want, I have even gone all over helps on my computer to try and find a way to do this....I think thats a transparent screen that the uac pop
2nd part*****I can't, it was a picture on windows web-site, even though I am sure you knew what I was talking about, I sent it so you would see what I was trying to do the screen shot of...I have a copy of it in my pictures file, but we can't really use it except for an example. I just know there has to be a way to get a pic of this adobe thing, I have even tried ins prt sc alt...everything. I just have to find a way to do it, because this could happen in the future or to someone else reading all this and it might help them to fix their problem too. I will keep trying.
s onto when I open without adobe reader....I will check back in a few minutes to see if you have written back....Thanks diane


----------



## Cookiegal (Aug 27, 2003)

You were able to post screenshots in post 252 so I don't understand why you can't do it now.


----------



## mmddevansville (May 30, 2011)

Because the UAC message always shows up on that transparent screen, with no toolbars accessible from it, I am just not able to get anything to paste onto Paint. I wish I could. I have noticed one message when trying to open Shockwave, gives me Adobe Reader 32 instead of the Adobe 10 I also get....maybe its nothing, just don't know. Hope your Monday is going well. If I need to try something else, please let me know. diane

**** I did compressed zip folder a few minutes ago of the pictures and they will not even individually or in the zip file attach. I am very upset and just can't understand why on earth they won't Will write later today. dw


----------



## Cookiegal (Aug 27, 2003)

I see you deleted your post. Where are these screenshots located on your computer and what format are they in?


----------



## mmddevansville (May 30, 2011)

Libraries==Documents....I am amazed that other things in the file of pictures would attach but they wouldn't.


----------



## Cookiegal (Aug 27, 2003)

I'm afraid I'm not familiar with Windows 7 enough to help with that since I don't have one to use unfortunately.


----------



## mmddevansville (May 30, 2011)

I am pretty sure its the same as the previous version, and I first go to my documents the way I described above, or directly thru the start menu to my account and to the documents I have stored there....I have been out , sorry it took so long to reply...dw 

****Thursday Cookie, Is there any other way I can send this to you besides the advanced message center?


----------



## mmddevansville (May 30, 2011)

Cookie I got a screenshot; when I least expected Adobe to pop up...went to Paint and I have 2...the one with no numbers is from last week.
Reader had just left msg that I had to use it to read a page from Work One. I can't believe this... i am also not believing the pic of the screen I took uploaded...must be my lucky day!! Will write in a few...have some more work to get finished....diane

The one I did just now is all I could get to upload, I took off the one that I got from Windows UAC info web-page last week..thanks

REPLY TO BELOW
********Great I will get right to this...


----------



## Cookiegal (Aug 27, 2003)

OK, that is helpful. It seems the default program to open PDF documents is still Adobe Acrobat which is no longer installed so you have to change the program used to open PDFs to Adobe Reader. Follow the instructions in this link to do that and be sure to check the box that says "always use the selected program to open this kind of file".

http://www.sevenforums.com/tutorials/12196-open-change-default-program.html


----------



## mmddevansville (May 30, 2011)

****1. This is what is happening, when I go to the program and right click, there is an Open option, but no other Open option is there. Am I starting from the wrong place? I read the tutorial and am trying to do exactly what you said to do, and what it instructs too.


****2.Cookie, I found it, but don't know what to choose to open it with.

****3. I chose Internet Explorer, and am now going to work on seeing if it opens in the normal way! You really did it great this time, I just knew something no one could fix was wrong here!! TGIF

Looks like I still have work to do on the Windows material, I did something wrong, It still takes me someplace with the large print....TGIF anyway...will be back when I get it fixed...I have 2 hours left til..... plans for weekend......


----------



## mmddevansville (May 30, 2011)

I tried the instructions again and the same thing happened again thats been going on. I am going back to the instructions from the link you sent and trying the whole process again. I am going now to look and see what the properties are of Adobe, and see what opens it now, since this happened twice.

********Adding to post The note where the tutorial instructs to click on open and choose the selected program to open Acrobat...is where I am having trouble, I do this click "open" and go straight to the message....I must be doing something wrong again, Cookie.


----------



## mmddevansville (May 30, 2011)

I must get busy on some things for the weekend, and will be here for about an hour or so. I just knew we had it, that message I tried so hard to screenshot last week keeps coming on and bypassing the step that the instructions are giving in the link you sent..Have a great weekend. I will be on the computer some this weekend. Thanks for all your help. Diane


----------



## Cookiegal (Aug 27, 2003)

The program you have to choose for it to "open with" is Adobe Reader not Internet Explorer.


----------



## Cookiegal (Aug 27, 2003)

Let's try a different approach.

Right-click a pdf file and select "Properties" and then on the General Tab, where it says "opens with" click on the button that says "Change" and select Adobe Reader there from the list and click OK.


----------



## mmddevansville (May 30, 2011)

Cookie, I did it, was I supposed to notice a change on the screen, message, etc??

I think I made a mistake, I tried to see if I could change the Canon PDF file to internet explorer to open it instead of Adobe reader, Now I have no option there to change the program that opens it back to Adobe Reader.


----------



## Cookiegal (Aug 27, 2003)

You shouldn't be getting that message now. Are you still getting it?


----------



## mmddevansville (May 30, 2011)

No, Is everything ok now, do you think?

Cookie, We ,are getting somwhere, I got a screenshot of what just happened better you to look than me trying to explain it...I am so happy!!!!!!!!!!!!!!!!!!!!!!!!! My mouse isn't working, forgive the errors please.


----------



## Cookiegal (Aug 27, 2003)

So that indicates that you're still getting the error message. I guess that method doesn't change the default but rather it's a one-time thing. I'll have to do more searching on how to fix that.


----------



## Cookiegal (Aug 27, 2003)

Click on *Start *and select *Default Programs* and then click on *Associate a file type or protocol with a program*. Scroll down the list and highlight .pdf and tell me what it says at the top (or to the far right of the file extension) for the default program currently set to open these files.


----------



## mmddevansville (May 30, 2011)

"Change Program" in highlighted box, and it says in upper right corner-- "no extension or protocol selected"

It's ok, I didn't check it thats what it says...sorry I wasn't clear, I am so excited knowing that we are getting to the heart of this!!


----------



## Cookiegal (Aug 27, 2003)

I didn't say to click on Change Program yet. Please follow the instructions carefully. You have to scroll down to highlight a file type first (pdf).


----------



## mmddevansville (May 30, 2011)

I am still working on the Shockwave screenshot that I haven't gotten yet, I noticed while my music was playing that it stopped whenever I was doing the work on the screen to get the shot..that is pressing the in sprn scr key, which I did find a bit odd, I don't usually play music while doing something else on the computer which could lead it into the place it goes at opening an adobe reader message or anything like a scan. Just thought you might want to know, again as always it could be nothing at all.


----------



## mmddevansville (May 30, 2011)

Cookie

I got a screenshot of the page I tried sending you, I guess it was a couple weeks ago of the adobe reader UAC message that I took a picture of to send you,The secondf is of the page I tried to open when I was trying to get an untitled Paint document that I had been working on off and on all day, the third is of a message I got about 15 minutes ago when trying to open the tax file that wouldn't open a few weeks back, somehow I am able to get these...----not sure if I am doing anything different now, but am glad they are copying onto Paint now. I just know we are getting to the problem, more than we ever have yet. Here it is....dw thanks!!


----------



## Cookiegal (Aug 27, 2003)

Let's try and fix one problem at a time.

Were you able to see what program is set as the default program to open pdf documents?


----------



## mmddevansville (May 30, 2011)

Yes.... good idea....Internet Explorer


----------



## Cookiegal (Aug 27, 2003)

Go back there and click on "change Program" and select "Adobe Reader" then click OK.

Then see if you still get that error message when opening a pdf document.


----------



## mmddevansville (May 30, 2011)

I find in the list.....xdp Adobe Acrobat XML Data Package File...and others similar but not Adobe Reader by name. I know I'm at the right place...

ADDIONAL INFORMATION>>>>>******************I found it as I double-checked the list and it is now checked, Cookie...WOW


----------



## Cookiegal (Aug 27, 2003)

So are you able to open a pdf document now without an error message?


----------



## mmddevansville (May 30, 2011)

No I have been trying to get a scree.nshot of Adobe message for an hour will be back tomorrow, I tried...


----------



## Cookiegal (Aug 27, 2003)

You're still getting the same message or a new one?


----------



## mmddevansville (May 30, 2011)

The message that I get when trying to open Adobe Reader, I am trying to do a screenshot of this, but the previous image keeps pasting into Paint when I try to finish it. There has to be a way to get this off my mouse and a new image there, but I've tried everything, even deleting old screenshots from my library of png's.

*****A different area, but, possibly related? I am adding some screenshots of what just happened when I went to Kapersky to check Status, hoping to clear the Paint files from the program so I could get Adobe Reader......

I am still trying to get a screenshot of the Adobe Reader Message I am still getting, which is the same as before, Adobe Reader X...etc....


----------



## Cookiegal (Aug 27, 2003)

Please go back and do these steps:

Click on *Start *and select *Default Programs* and then click on *Associate a file type or protocol with a program*. Scroll down the list and highlight .pdf and tell me what it says at the top (or to the far right of the file extension) for the default program currently set to open these files. I want to see if you made the change correctly or not.

Please don't edit your posts to add new information as then I don't get notified of it.


----------



## mmddevansville (May 30, 2011)

To the right, third column it says Internet Explorer, I am sending screenshot of this, still working on the other one, I sure hope this helps, Cookie


----------



## Cookiegal (Aug 27, 2003)

You not showing what it says for pdf files in your screenshot. You have to scroll down that list to .pdf and then see what it says for the default program it opens with.


----------



## mmddevansville (May 30, 2011)

I hope this explains it to you better than I can...still working on screenshot of Reader


----------



## Cookiegal (Aug 27, 2003)

OK so you have to click on "Change Program" on the upper right hand side and select "Adobe Reader" from the list as I instructed previously. There will be a list of "Recommended Programs" and if it's not there then go down to the list of "Other Programs" and find it there. Select Adobe Reader and go down to the bottom left side and put a check mark in the box that says "always use the selected program to open this kind of file" and then click OK.


----------



## mmddevansville (May 30, 2011)

Is this what's needed...I was a bit confusedc but Adobe Reader did show up at the top as the selected program...screen may help....


----------



## mmddevansville (May 30, 2011)

Here it is Cookie, sure hope it helps...dw


----------



## Cookiegal (Aug 27, 2003)

That's for pdfxml files. It's the one above it that you have to change from Internet Explorer to Adobe Reader.


----------



## mmddevansville (May 30, 2011)

This is it, I hope!!!!


----------



## mmddevansville (May 30, 2011)

Cookie, I just went to utube to watch something while doing dinner, guess what I have a message on the screen with no place to click saying I should download adobe player in order to watch it...I can't believe it...Always something I guess...Hope you are having a good afternoon. I will write again whenever you reply about the most recent post I did. thanks dw

Wait, Cookie it says "upgrade" Oh no!!!! Better that you see this, it could be something you could help another person with in case all of us are getting this on utube...


----------



## Cookiegal (Aug 27, 2003)

Please open a pdf document now and see if you still get that error.


----------



## mmddevansville (May 30, 2011)

I get the message still, it won't screenshot for me, and Adobe Reader and Adobe Reader X are the two options that are on the drop-down menu of programs to open doc's with, on the Documents list in my Computer Files. This is strange, Cookie, Isn't it? I'll have the screenshot for trying to open pdf with both as soon as I am lucky enough to get it.


----------



## Cookiegal (Aug 27, 2003)

Did you put a check mark in the box that says "always use the selected program to open this kind of file" and then click OK when you changed the program for pdf files?


----------



## mmddevansville (May 30, 2011)

I am pretty sure I did, will go back and check to see if those are checked asap It is checked and looks permanent or something??? Do I need to take Internet Explorer out so it won't be side by side with AReader?



************I double-clicked on Reader and then explorer left the screen area at top next to reader


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> I am pretty sure I did, will go back and check to see if those are checked asap It is checked and looks permanent or something??? Do I need to take Internet Explorer out so it won't be side by side with AReader?
> 
> ************I double-clicked on Reader and then explorer left the screen area at top next to reader


I have no idea what any of this means unfortunately


----------



## mmddevansville (May 30, 2011)

Do I need to take Internet Explorer out so it won't be side by side with AReader?



************I double-clicked on Reader and then explorer left the screen area at top next to reader


----------



## Cookiegal (Aug 27, 2003)

You can't have two programs set as the default program to open specific file types so I don't understand how you're seeing Internet Explorer side by side with Adobe Reader.


----------



## mmddevansville (May 30, 2011)

I just checked and my pc is set for custom, in program access and computer defaults section


----------



## Cookiegal (Aug 27, 2003)

Please give me two or three screenshots.

1) showing the top part of the screen where the Change Program button is located.

2) showing the pdf file and the program it opens with

3) the very bottom of that screen where you were supposed to put the check mark so the setting sticks.


----------



## mmddevansville (May 30, 2011)

Good Morning, I got them, Cookie..


----------



## Cookiegal (Aug 27, 2003)

I still need to see the very bottom of that last screen to see if you checked that box.


----------



## mmddevansville (May 30, 2011)

in orde:up:r to see it, if this is not good, I'll do another. 

***********I will do another I checked, and the spot isn't visible


----------



## Cookiegal (Aug 27, 2003)

I'm sorry, you had it right in the previous screenshot but I didn't notice it. 

So the problem should be solved with Adobe Reader now. Can you click on that pdf file on your desktop to open it please and see if you still get an error message?


----------



## mmddevansville (May 30, 2011)

Here it is and at 80% so you can see it hopefully


----------



## mmddevansville (May 30, 2011)

I won't make any promises I will try once more to see if it will work, I tried lots of times yesterday and today


----------



## mmddevansville (May 30, 2011)

I couldn't get it this time either, the paste option is not highlighted, I have 8 screenshots on the list there, and I just don't know what to do, I want to get this shot so bad because you need it and I want to know I could do this. I'm sorry.


----------



## mmddevansville (May 30, 2011)

I turned off Pop up Blocker, as paint suggested in the help section but it did not one bit of good, so I will wait to see what you need....This was the ? in upper right corner of paint screen. Guess I will turn the blocker back on.


----------



## Cookiegal (Aug 27, 2003)

Try emptying the clipboard.


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> I turned off Pop up Blocker, as paint suggested in the help section but it did not one bit of good, so I will wait to see what you need....This was the ? in upper right corner of paint screen. Guess I will turn the blocker back on.


A ? usually indicates a help file.


----------



## mmddevansville (May 30, 2011)

yeah, and I could find no way to clear the paint memory, or whatevver so the paste will highlight, I just know I could get the image you want if I could..I am frustrated...


----------



## Cookiegal (Aug 27, 2003)

It wouldn't be in Paint but in the MS Office program you're using. If you have Word, (depending on what version, mine is 2003) open it and click on "Edit" and then select "Office Clipboard" and you should be able to clear it from there.


----------



## mmddevansville (May 30, 2011)

Would this be a new document? The page is a new document from the beginning no header for edit, but for a clipboard its very simple to find, i went there but clipbard had no edit there....... I am not finding anything that's edit to start from but have a help section I am searching from on the very same page, I have 2010 version, perhaps I might work on this some more tonight? Does that sound ok to you?


----------



## Cookiegal (Aug 27, 2003)

Here are the instructions for Office 2007 (it's not Edit in that version):

http://www.ehow.com/how_6397300_clear-clipboard-ms-office-2007.html

You have to open one of the programs, such as Word first.


----------



## Cookiegal (Aug 27, 2003)

Sorry, my eyes are playing tricks on me. I thought I saw 2007 but you said 2010 so here are the instructions for 2010:

http://www2.lse.ac.uk/intranet/LSES...ice-2010-Clipboard.aspx#generated-subheading5


----------



## mmddevansville (May 30, 2011)

This is great!! This may be the answer to obtaining the screenshot we need.....will work on it tonite and will be back online tomorrow afternoon!


----------



## Cookiegal (Aug 27, 2003)

That's fine.


----------



## mmddevansville (May 30, 2011)

I just got this shot right after trying to open a pdf on a web-site I needed help from, The Paint Program is definit;y clear now, I also checked to see once I got this for you.


----------



## Cookiegal (Aug 27, 2003)

OK, open Adobe Reader by clicking on the shortcut on your desktop.

In the toolbar click on *Edit *and then scroll down to the bottom and click on *Preferences*.

Under *Categories *on the left side, click on *Internet*.

On the right side, is there a check mark in the box that says "Display PDF in browser"?

What does it say on the next line below that box? It will be the path to the file used to open PDF documents.


----------



## mmddevansville (May 30, 2011)

Yes the background is checked you asked,,,Allow speculative downloading in the background It went to lg print thing again


----------



## Cookiegal (Aug 27, 2003)

That's not what I asked. I guess we'd better go with a screenshot please.


----------



## mmddevansville (May 30, 2011)

This is what I just got when trying to open AReader...at least I am not going to the big print thing like earlier today... When I opened the attachment I am sending its much wmaller to the right of the screen, when I open in paint or in my Library its full screen??????


----------



## mmddevansville (May 30, 2011)

with the sizes I tried again to get the picture and I have never had a ascreenshot turn out like this....so small no one could read this without a magnifying glass!!! What is it Cookie??


I am getting the first UAC when trying to open AReader now, and am working on screenshots of it, hope I get it so we will know why its doing this. New screenshots I do and try to find in pictures library are not showing up there... be back in a few...dw


----------



## mmddevansville (May 30, 2011)

here it is I have tried everything to get this full screen for you I am sending both so you will see how much difference there is between the two...I have done 5 of them and resized to 95% which I have never done when sending these..dw


----------



## Cookiegal (Aug 27, 2003)

It looks like you're trying to run the installer again, not open the program. You should have an icon (shortcut) for Adobe Reader on your desktop to click on to open it.


----------



## mmddevansville (May 30, 2011)

Good Morning...I have the icon on the start menu but not on the desktop. I have tried off and on to get the screenshot of Adobe R and still no luck. I had a problem yesterday and Saturday night I will tell you about later and have screenshots to help you see what was going on.dw


----------



## mmddevansville (May 30, 2011)

Hope you had a good day yesterday, I am back and about to install something Windows has for my phone but will be back in a few. thanks dw


----------



## mmddevansville (May 30, 2011)

Cookie I just did troubleshooting with Windows, My Adobe Reader is for Windows XP Service Pack 2??? I had the same thing come up on the screen when it opened...windows was testing for compatability, I came up on this while looking for the new cell phone program. I will go back and try to get a shot of it if you need it.


----------



## mmddevansville (May 30, 2011)

I can't believe I stumbled upon this I have 5 for you this time to view... I think if you right click and open with paint this might be visible for you. That worked for me.


----------



## Cookiegal (Aug 27, 2003)

It appears that you didn't install the correct version when you installed Adobe Reader.

Uninstall it via the Control Panel - Add or Remove Programs and then reboot the machine. Then go to this link:

http://get.adobe.com/reader/otherversions/

and select the correct operating system (Windows 7).

Then select the first version:

Reader X (10.1) English for Windows


----------



## mmddevansville (May 30, 2011)

When uninstalling, but not through the whole process, I got a message asking if I wanted Adobe Reader to update software on my comp. Is this correct? "Or shall I keep going?" is more clearly what I need to be sure of.


----------



## mmddevansville (May 30, 2011)

It uninstalled the second time, I am amazed at these programs, I got no message this time...


----------



## mmddevansville (May 30, 2011)

Does the Reader have a connection with the Flash Player? Google and YouTube both say I have no Flash Player, but we can see by the screenshot I am sending I do!! I am confused, a week ago I could hear music and see videos on here. What do you think it means Cookie?


----------



## Cookiegal (Aug 27, 2003)

I think you're probably having problems with UAC and are not sure what you should and shouldn't allow.

Have you reinstalled the new Adobe Reader?


----------



## mmddevansville (May 30, 2011)

No not yet


----------



## mmddevansville (May 30, 2011)

I have decided not to put Reader back on until I have to, since computr is running faster right now..is that a good idea?


----------



## Cookiegal (Aug 27, 2003)

That depends. You won't be able to open any pdf documents but there are other readers you can try like Foxit which you can get at the following link. I have no first-hand experience with it but I've seen others recommend it.

http://www.foxitsoftware.com/Secure_PDF_Reader/


----------



## mmddevansville (May 30, 2011)

Thank you Cookie, is it pretty safe to download these right off the web-site since they aren't big programs...Hope you are having a greaat day, will write tomorrow or Friday dw


----------



## Cookiegal (Aug 27, 2003)

Well you have to download it off the web site and I haven't heard of any problems with that site. Just opt out of any toolbars it may want to install along with it.


----------



## mmddevansville (May 30, 2011)

Cookie I got Foxit on just now and I just don't know why everyone doesn't use this program, it is great!!! Thank you so much for telling me about this yesterday...will try to write later if I can. dw...Oh and have a great day..


----------



## Cookiegal (Aug 27, 2003)

I'm glad you like it. You have a good day too.


----------



## mmddevansville (May 30, 2011)

This is The torture I went Through for 4 days in screenshot form...a man from a tech compant got me back so we can kill that armadillo I found while offline 2 days ago, Cookie I am so happy to be online and am scanning full scan Kap. right now....happy monday!!!!!!!!!!!!!!!



I just added some files and if you want more I can easily send them to you. Thanks Cookie! you are so good to help.....I think I need to do mal-waryes and am not sure if I still have it but if I do I will run it as soon as you say so. dw


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> a man from a tech compant got me back so we can kill that armadillo I found while offline 2 days ago...


A man from what tech company? If you're paying someone to do things you might as well have them fix everything at the same time.

But I think it's mostly just that you're misinterpreting findings. The last item regarding AU_.exe is an uninstaller and it's legitimate.

In the first screenshots, I'd have to know what the application or file is that's responsible for the suspicious activity. It may or may not be legitimate but it depends on what's involved.


----------



## mmddevansville (May 30, 2011)

No the man wanted me to sign up with some tech thing..I paid nothing..and won't. for sure...These are the screenshots I got I will send them all so you see what I am trying to explain..the installer went out right before the big gang hit, and if my Explorer were messed up, something about the registry, the man said, well I know enough that I wouldn't be able to write you even. thank goodness I got back to you who knows so much about all of these things or I would be still so upset not knowing what to do...that is for sure...take a look at these from 3 days ago.dw 
Some will be on next msg since AI am having a bit of a problem getting one of these to upload....


----------



## mmddevansville (May 30, 2011)

Here are more and one of todays Kapersky scan at 16%


----------



## mmddevansville (May 30, 2011)

Ok Cookie, I just updated malyware and I just have to know why my command prompt tries to load in when the windows creen is loading, this is crazy..The man said the registry was messed up, which he knows little about the pc, and the company was spc.scan I think he didn't leavve much behind


----------



## mmddevansville (May 30, 2011)

This is the one I have been trying to find all afternoon..these are so small that its hard to tell in my documents...Hope you are doing ok...


----------



## Cookiegal (Aug 27, 2003)

Kaspersky database is corrupted. That can happen if you did a system restore back to an earlier date. You should perform a manual update. If it doesn't work, reboot and try again.


----------



## mmddevansville (May 30, 2011)

ok...do i need to do anything else i can't find armadillo in kapersky...maybe i need to stop worrying and be glad i am able to use it


----------



## mmddevansville (May 30, 2011)

Every picture tells a story...just checked to see if I still had a 100, well its 99 and I did what I am supposed to and these are the result, Cookie, I don't know but am just glad its running..maybe I should check and see if I have firefox, just kidding...its been so crazy I have to joke a bit...have a good nite...dw

*I had to try and open adobe flash player the uac message shot is attached too


----------



## mmddevansville (May 30, 2011)

tOO MANY THINGS, i JUST DON'T KNOW WHAT TO THINK..SORRY ABOUT THE CAPS...SOMEBODY WILL HAVE TO EXPLAIN IT, i AM STUMPTED COOKIE


----------



## Cookiegal (Aug 27, 2003)

What is this armadillo you keep referring to?


----------



## mmddevansville (May 30, 2011)

The thing I saw in the Kapersky screen twice whenever the computer was in safe mode. If the firewall hadn't been off I wouldve still been concerned. Do you think it was a virus? and do I need to keep looking in quarantine files for it, I thought kapersky was off, it said files were corrupt but you explained that. Is Armadillo a threat? in essence. for any one?


----------



## mmddevansville (May 30, 2011)

I am running malwarebytes out of sheer despeeration and spybot that I used for a long time, but quit before I got the new computer in March. Look what I have found, I must have been tired and misread what I saw over the weekend when it went south....Cookie I wouldn't have done all this but I was waiting and afraid to keep waiting in case this is a severe threat. I want you if you can ever remember seeing this to tell me what to do and I will stop the scan if you say so.Here it is as of 3 minutes or so ago.


----------



## Cookiegal (Aug 27, 2003)

I really don't know what you're asking with those screenshots. It looks like you clicked to uninstall coupon printer for Windows and there was an error with that and what about Spybot? DId you let it fix what it found?

The screenshots are so big that I'm having trouble loading the pages. You should resize them in MS Paint before uploading them.

But just give me a summary of what problems you're experiencing (in words only) please.


----------



## mmddevansville (May 30, 2011)

ok, These were viewing in one-fourth of page and I had no idea they were too big....any suggestions from all I've told you so far?


----------



## Cookiegal (Aug 27, 2003)

I see you tried to run the Flash Installer but other than than I'm don't understand what the problems are. I don't see any mention of armadillo in this entire so don't have a clue what that is or where you saw it. Please explain in detail exactly what it is that you need help with and then we'll address them one at a time.


----------



## mmddevansville (May 30, 2011)

OK first now I am scared the wireless icon on right bottom of screen... looks different and with a red x just since i wrote, i feel like crying I put spybot and then malware byte thing on hoping to get this off, the screensaver i made you dissappeared from paint and no one understands what i am talking about please tell me what to do cookie, I trust you you alwys helped figure it out well you know about these things and i am still learning..i am just scared this comp will be gone if its not fixed...i have great wireless it shouldn't have a red x on it...oh...


----------



## mmddevansville (May 30, 2011)

promise..please tell me how to make this view connected and no more screenshots til you ask for them


----------



## mmddevansville (May 30, 2011)

Cookie I have a screenshot of the Spybot report, I finally got it staightened out...its a trojan...Do you want the shot in case its some new threat?


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> Cookie I have a screenshot of the Spybot report, I finally got it staightened out...its a trojan...Do you want the shot in case its some new threat?


Yes please.


----------



## mmddevansville (May 30, 2011)

Here it is...I think it got all thee off!!!!!!!!!!!!!yippee for both of us!! These should give you the story...I have about 8 more though.... Thanks Cookie for viewing this...you're a dream!!


----------



## mmddevansville (May 30, 2011)

Cookie the only thing I am concerned with before 10 tonite is getting that coupon.com program off that may have caused it all that spybot found...any hints????Have a good nite ok??


----------



## Cookiegal (Aug 27, 2003)

Just let Spybot remove them.


----------



## mmddevansville (May 30, 2011)

So its doing it as soon as I scan, I thought I had to immunize..I don't know much Cookie


----------



## Cookiegal (Aug 27, 2003)

The items are all checked so you just have to click on the *Fix Selected Problems* button.


----------



## mmddevansville (May 30, 2011)

Thank you, I have been trying to find out what to do all day..I guess you laugh when you read the posts...I might get it a little today and tomorrow, I will be trying to figure it out again.


----------



## mmddevansville (May 30, 2011)

Good Morning Cookie....spybot is doing a scan i didn't ask for for virtualmonde ....which i don't know what it is and hope its not in the system...hope your morning is going well...

.Here's the answer!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


----------



## Cookiegal (Aug 27, 2003)

That's good. All's clear. :up:


----------



## mmddevansville (May 30, 2011)

Todays thing is Please Please tell me if there is a place in windows where I can check to see if Spybot is running as administrator and what other progrms or apps are running that way also.Do Windows updates need to be installled every day at 3 a.m. like They are on my page.....of updates...sceduling I guess I am learning more than I thought, big maybe.....Hope the day is going well for you, too...tgif Cookie


----------



## mmddevansville (May 30, 2011)

45000 filesare not protected and mabe kapersky is the problem i sure do not know....cookie


----------



## mmddevansville (May 30, 2011)

If this page means wHat it looks like I know why Iyou and I have been thru this for a week...Kapersky is not doing its job....Not believing it and I was doing helps to see if kapersky admin rights were messing up the spybot.....help cookie


----------



## Cookiegal (Aug 27, 2003)

You should just uninstall SpyBot. I don't see anything wrong with the Kaspersky screenshot. What is the problem you're seeing?


----------



## mmddevansville (May 30, 2011)

Since Spybot got 38 spyware malware and Kapersky keeps showing me no threats detected I am maybe uneducated guess, thinking that Kapersky is either not finding them or no showing them up in the suspiscious objects section...I am just trying to get a decent scan from Kapersky with a not so good internet connection, ie other message I sent yesterday. I just have to get the info on the weekly thing I do on Sundays in the morning without a rollover from Kapersky in the morning....I will write later...take care dw


----------



## Cookiegal (Aug 27, 2003)

Since it's only considered adware or a PUP (Potentially Unwanted Program) Kaspersky probably doesn't see it as a serious threat so didn't include it in their definitions.


----------



## mmddevansville (May 30, 2011)

Good Morning Cookie, Coupon Bar is now uninstalled permanetly from my pc and foxit is back on, I did a system restore when it went down 2 weeks ago or whenever, most recent, and foxit came off or something,,,,Its running well now...will write later


----------



## mmddevansville (May 30, 2011)

Hope have had a good week! I wanted to see if you need the issue list from when the things were removed from the computer. Just checking and hope you have a great weekend...


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> HI wanted to see if you need the issue list from when the things were removed from the computer.


I don't know what you mean by that. Please elaborate.


----------



## mmddevansville (May 30, 2011)

Split screen loading today as usual something is awry....Hope your day goes well, any hints will help. Will write when you reply...thanx


----------



## Cookiegal (Aug 27, 2003)

I think my involvement here is pretty much finished. In your PM you just told me that your computer was restored back to factory settings. So if a new problem has already cropped up, I can't help you with that as I don't have a Windows 7 machine to fiddle around with. I suggest that you start a new thread in the Windows 7 forum for assistance.


----------



## mmddevansville (May 30, 2011)

Its ok, Cookie, I had a 2 hour session with hp got new syanptics driver and some other thing, was up all night writing, with allergies driving me nuts. I appreciate all your help and you got me thru the spyware stuff, and endured the screenshots that I endlessly sent you. Write sometime if you'd like I have to sleep, going on 2 hours sleep last evening..jeeezzzzz Anyway I will go personal next time, wired from all the coffee this morning and gonna sleep shortly I do hope...You and all the techs on this site are helping so many people its great....i am tired cookie!!!!!!!!!!!


----------



## Cookiegal (Aug 27, 2003)

mmddevansville said:


> Its ok, Cookie, I had a 2 hour session with hp got new syanptics driver and some other thing, was up all night writing, with allergies driving me nuts. I appreciate all your help and you got me thru the spyware stuff, and endured the screenshots that I endlessly sent you. Write sometime if you'd like I have to sleep, going on 2 hours sleep last evening..jeeezzzzz Anyway I will go personal next time, wired from all the coffee this morning and gonna sleep shortly I do hope...You and all the techs on this site are helping so many people its great....*i am tired cookie!!!!!!!!!!!*


Thanks. So am I.


----------

