# Trojan: TROJ_GEN.R47E1H6



## jpiarull (Aug 23, 2010)

Hey guys, its been a while since I posted on here, had an old username, no longer use it. Had AVG 9.0, recently switched to Trendmicro I.S., more efficient and more secure. Uncovered trojan that AVG missed. Posting txt file from TM I exported, along wit HJT, DDS, and GMER.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:04:19 PM, on 8/16/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\user\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: Shell=
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TotalMedia BackUp & Recorder Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Update Service (gupdate1c98d543546c753) (gupdate1c98d543546c753) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10982 bytes

DDS (Ver_09-09-29.01) - NTFSx86 
Run by user at 2:59:20.89 on Mon 08/23/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3070.1802 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\NServiceEntry.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\java.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Users\user\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\user\Downloads\ve96ve02.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Downloads\dds(2).com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Aim6] 
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [<NO NAME>] 
mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon
mRun: [UDC Integration] 
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia extreme\backup & recorder\uBBMonitor.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\uk0mt48y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-8-1 127744]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-8-16 146448]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\NServiceEntry.exe [2010-5-27 87336]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-7-1 91456]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-8-16 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-8-16 283152]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-8-18 1529728]
R2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-8-16 50704]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-8-16 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-8-16 689416]
R3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [2008-9-6 251264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c98d543546c753;Google Update Service (gupdate1c98d543546c753);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-26 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-3 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GS In-Game Service;GS In-Game Service;c:\program files\gametracker\GSInGameService.exe [2008-12-25 2329440]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

=============== Created Last 30 ================

2010-08-16 17:04 1,322,680 a------- c:\windows\system32\drivers\vsapint.sys
2010-08-16 17:04 230,928 a------- c:\windows\system32\drivers\tmxpflt.sys
2010-08-16 17:04 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2010-08-16 16:53 283,152 a------- c:\windows\system32\drivers\tmwfp.sys
2010-08-16 16:53 158,224 a------- c:\windows\system32\drivers\tmcomm.sys
2010-08-16 16:53 146,448 a------- c:\windows\system32\drivers\tmlwf.sys
2010-08-16 16:53 89,872 a------- c:\windows\system32\drivers\tmtdi.sys
2010-08-16 16:53 59,920 a------- c:\windows\system32\drivers\tmactmon.sys
2010-08-16 16:53 50,704 a------- c:\windows\system32\drivers\tmevtmgr.sys
2010-08-11 17:08 3,600,768 a------- c:\windows\system32\ntkrnlpa.exe
2010-08-11 17:08 3,548,040 a------- c:\windows\system32\ntoskrnl.exe
2010-08-11 17:08 1,248,768 a------- c:\windows\system32\msxml3.dll
2010-08-11 17:08 302,080 a------- c:\windows\system32\drivers\srv.sys
2010-08-11 17:08 144,896 a------- c:\windows\system32\drivers\srv2.sys
2010-08-11 17:08 905,088 a------- c:\windows\system32\drivers\tcpip.sys
2010-08-10 05:15 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 05:15 69,632 a------- c:\windows\system32\QuickTime.qts
2010-08-09 14:34 --d----- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2010-08-09 14:33 --d----- c:\programdata\NVIDIA Corporation
2010-08-09 14:33 --d----- c:\progra~2\NVIDIA Corporation
2010-08-09 14:32 11,008,040 a------- c:\windows\system32\drivers\nvlddmkm.sys
2010-08-09 14:32 5,107,816 a------- c:\windows\system32\nvwgf2um.dll
2010-08-09 14:32 56,936 a------- c:\windows\system32\OpenCL.dll
2010-08-09 14:32 10,920 a------- c:\windows\system32\drivers\nvBridge.kmd
2010-08-09 14:32 14,092,904 a------- c:\windows\system32\nvoglv32.dll
2010-08-09 14:32 2,892,904 a------- c:\windows\system32\nvcuvid.dll
2010-08-09 14:32 2,506,344 a------- c:\windows\system32\nvcuvenc.dll
2010-08-09 14:32 4,553,832 a------- c:\windows\system32\nvcuda.dll
2010-08-09 14:32 10,267,240 a------- c:\windows\system32\nvcompiler.dll
2010-08-09 14:32 236,136 a------- c:\windows\system32\nvcod1922.dll
2010-08-09 14:32 236,136 a------- c:\windows\system32\nvcod.dll
2010-08-01 19:51 --d----- c:\programdata\LightScribe
2010-08-01 19:51 --d----- c:\progra~2\LightScribe
2010-08-01 19:41 127,744 a------- c:\windows\system32\drivers\ArcHlp.sys
2010-08-01 19:41 11,776 a------- c:\windows\system32\drivers\afc.sys
2010-08-01 19:40 --d----- c:\programdata\ArcSoft
2010-08-01 19:40 --d----- c:\progra~2\ArcSoft
2010-08-01 19:40 69,632 a------- c:\windows\system32\MMCEDT.exe
2010-08-01 19:40 400,128 a------- c:\windows\system32\MSLUP60.dll
2010-08-01 19:40 256,768 a------- c:\windows\system32\MSLURT.dll
2010-08-01 19:40 245,408 a------- c:\windows\system32\unicows.dll
2010-07-25 17:07 --d----- c:\program files\iPod
2010-07-25 17:07 --d----- c:\program files\iTunes
2010-07-25 17:02 629 a------- c:\windows\system32\mapisvc.inf

==================== Find3M ====================

2010-08-16 17:00 143,360 a------- c:\windows\inf\infstrng.dat
2010-08-16 17:00 86,016 a------- c:\windows\inf\infpub.dat
2010-08-16 17:00 143,360 a------- c:\windows\inf\infstor.dat
2010-07-09 18:37 9,818,728 a------- c:\windows\system32\nvd3dum.dll
2010-07-09 18:37 1,625,192 a------- c:\windows\system32\nvapi.dll
2010-07-09 18:37 604,776 a------- c:\windows\system32\nvudisp.exe
2010-07-09 16:37 13,939,816 a------- c:\windows\system32\nvcpl.dll
2010-07-09 16:37 1,469,544 a------- c:\windows\system32\nvsvc.dll
2010-07-09 16:37 129,640 a------- c:\windows\system32\nvvsvc.exe
2010-07-09 16:37 110,696 a------- c:\windows\system32\nvmctray.dll
2010-07-07 13:46 604,776 a------- c:\windows\system32\nvuninst.exe
2010-06-26 02:05 916,480 a------- c:\windows\system32\wininet.dll
2010-06-26 02:02 109,056 a------- c:\windows\system32\iesysprep.dll
2010-06-26 02:02 71,680 a------- c:\windows\system32\iesetup.dll
2010-06-26 00:25 133,632 a------- c:\windows\system32\ieUnatt.exe
2010-06-21 09:37 2,037,760 a------- c:\windows\system32\win32k.sys
2010-06-18 13:31 36,864 a------- c:\windows\system32\rtutils.dll
2010-06-11 12:16 274,944 a------- c:\windows\system32\schannel.dll
2010-05-27 16:08 81,920 a------- c:\windows\system32\iccvid.dll
2010-05-26 13:06 34,304 a------- c:\windows\system32\atmlib.dll
2010-05-26 10:47 289,792 a------- c:\windows\system32\atmfd.dll
2010-04-23 21:12 34,805 a------- c:\programdata\nvModes.dat
2010-04-23 21:12 34,805 a------- c:\progra~2\nvModes.dat
2009-10-28 16:02 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-25 17:26 22,328 a------- c:\users\user\appdata\roaming\PnkBstrK.sys
2008-04-26 21:21 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 3:00:02.92 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-23 10:32:11
Windows 6.0.6002 Service Pack 2
Running: ve96ve02.exe; Driver: C:\Users\user\AppData\Local\Temp\kwldapob.sys

---- System - GMER 1.0.15 ----

SSDT A0EE80A0 ZwCreateKey
SSDT A0EE93E0 ZwCreateMutant
SSDT A0EE72E0 ZwCreateProcess
SSDT A0EE75A0 ZwCreateProcessEx
SSDT A0EE8F00 ZwCreateThread
SSDT A0EE8620 ZwDeleteKey
SSDT A0EE88E0 ZwDeleteValueKey
SSDT A0EE9240 ZwLoadDriver
SSDT A0EE7B20 ZwOpenProcess
SSDT A0EE9580 ZwSetSystemInformation
SSDT A0EE8360 ZwSetValueKey
SSDT A0EE7DE0 ZwTerminateProcess
SSDT A0EE8D60 ZwWriteVirtualMemory
SSDT A0EE90A0 ZwCreateThreadEx
SSDT A0EE7860 ZwCreateUserProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1EA 826AD94D 3 Bytes [80, EE, A0] {SUB DH, 0xa0}
.text ntkrnlpa.exe!KeSetEvent + 1F5 826AD958 4 Bytes [E0, 93, EE, A0]
.text ntkrnlpa.exe!KeSetEvent + 209 826AD96C 8 Bytes [E0, 72, EE, A0, A0, 75, EE, ...] {LOOPNZ 0x74; OUT DX, AL ; MOV AL, [0xa0ee75a0]}
.text ntkrnlpa.exe!KeSetEvent + 221 826AD984 4 Bytes [00, 8F, EE, A0]
.text ntkrnlpa.exe!KeSetEvent + 2D5 826ADA38 4 Bytes [20, 86, EE, A0]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----


----------



## jpiarull (Aug 23, 2010)

Bump. I generally assume people are looking into it and it takes some time due to the length of the logs.


----------



## jpiarull (Aug 23, 2010)

Still waiting for a response. Trying to be patient and impartial.


----------



## jpiarull (Aug 23, 2010)

Any updates or is this unsolvable?


----------



## jpiarull (Aug 23, 2010)

Bump


----------



## jpiarull (Aug 23, 2010)

Is my computer that bad of a mess? Man, I thought I knew everything, apparently not...


----------



## jpiarull (Aug 23, 2010)

Bump


----------



## jpiarull (Aug 23, 2010)

Bump, I replaced Trend Micro with Kaspersky Internet Security 2010 since TM was running out of trial and I had 1 full license left on Kaspersky


----------



## Cookiegal (Aug 27, 2003)

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## jpiarull (Aug 23, 2010)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4631

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/16/2010 4:13:03 PM
mbam-log-2010-09-16 (16-13-03).txt

Scan type: Quick scan
Objects scanned: 143040
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

No malicious items reported, where does that leave me now?


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## jpiarull (Aug 23, 2010)

Here's the logfiles.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:46:57 PM, on 9/17/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\user\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TotalMedia BackUp & Recorder Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Update Service (gupdate1c98d543546c753) (gupdate1c98d543546c753) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10246 bytes

ComboFix 10-09-16.07 - user 09/17/2010 16:29:13.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3070.1709 [GMT -4:00]
Running from: c:\users\user\Downloads\puppy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\Installer\$PatchCache$\Managed\6B07CD9D31EBDD140935E916E7270D58\1.2.800\pst.ini
c:\windows\system32\system
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-16 20:04 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-16 20:04 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-16 20:04 . 2010-09-16 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-16 18:03 . 2010-09-16 18:03 850448 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\updater.dll
2010-09-16 18:03 . 2010-09-16 18:03 850520 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\updater.dll
2010-09-15 20:42 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 20:42 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 20:42 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 20:42 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-13 16:23 . 2010-09-13 16:23 -------- d-----w- c:\programdata\WindowsSearch
2010-09-13 00:34 . 2010-09-13 00:34 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-09-13 00:34 . 2010-09-13 00:34 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-09-13 00:34 . 2010-09-13 00:34 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-09-13 00:34 . 2010-09-13 00:34 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-09-13 00:34 . 2010-09-13 00:34 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-09-13 00:33 . 2010-09-13 00:33 170584 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-09-13 00:33 . 2010-09-13 00:33 340520 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-09-13 00:33 . 2010-09-13 00:33 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-09-13 00:33 . 2010-09-13 00:33 133720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-09-13 00:14 . 2010-09-13 00:33 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-09-13 00:14 . 2010-09-13 00:33 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-09-13 00:12 . 2010-09-17 20:19 -------- d-----w- c:\programdata\Kaspersky Lab
2010-09-13 00:12 . 2010-09-13 00:12 -------- d-----w- c:\program files\Kaspersky Lab
2010-09-13 00:01 . 2010-09-13 00:01 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-09-04 02:11 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-09-04 02:08 . 2010-09-04 02:08 -------- d-----w- c:\program files\Telltale Games
2010-09-03 21:44 . 2010-09-03 21:44 -------- d-----w- c:\program files\iPod
2010-09-03 21:44 . 2010-09-03 21:45 -------- d-----w- c:\program files\iTunes
2010-09-03 21:35 . 2010-09-03 21:35 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-25 00:25 . 2010-08-25 00:25 -------- d-----w- c:\program files\Motorola
2010-08-25 00:15 . 2010-08-25 00:16 6036128 ----a-w- c:\programdata\motorola\motorola device Driver\Update\Download\Motorola Device Driver\4.07.1.0\setup\Motorola_Driver_Installation4_7_1.exe
2010-08-25 00:14 . 2010-08-25 00:15 37299713 ----a-w- c:\programdata\motorola\motorola media link\UpDate\Download\Motorola Media Link\1.02.1400.0\patch\patch.exe
2010-08-23 21:01 . 2010-09-13 15:12 -------- d-----w- c:\users\user\AppData\Roaming\Uniblue
2010-08-23 21:00 . 2010-09-13 15:12 -------- d-----w- c:\program files\Uniblue
2010-08-23 21:00 . 2010-08-23 21:01 -------- d-----w- c:\users\user\AppData\Local\OpenCandy
2010-08-23 21:00 . 2010-08-23 21:00 331304 ----a-w- c:\users\user\AppData\Roaming\OpenCandy\OpenCandy_0113BC5798594BD88554EE76EBF8E97D\DLMgr_3_1.6.44.exe
2010-08-23 21:00 . 2010-08-23 21:00 -------- d-----w- c:\users\user\AppData\Roaming\OpenCandy
2010-08-23 21:00 . 2010-08-23 21:00 -------- d-----w- c:\program files\Winamp Detect
2010-08-22 18:09 . 2010-08-22 18:10 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 20:17 . 2010-08-01 23:43 2702 ----a-w- c:\programdata\ArcSoft\MediaConverter 2.5\acforall.dll
2010-09-17 20:17 . 2010-07-01 17:08 -------- d-----w- c:\program files\Motorola Media Link
2010-09-17 20:13 . 2008-06-22 23:57 -------- d-----w- c:\programdata\Google Updater
2010-09-15 21:29 . 2007-04-25 19:15 -------- d-----w- c:\programdata\Microsoft Help
2010-09-15 20:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-13 00:08 . 2007-09-06 21:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-13 00:08 . 2010-03-16 02:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-12 23:59 . 2008-09-19 19:34 -------- d-----w- c:\program files\Trend Micro
2010-09-12 23:57 . 2008-04-26 03:05 -------- d-----w- c:\programdata\Trend Micro
2010-09-07 17:07 . 2008-02-10 03:10 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 02:12 . 2010-09-04 02:12 -------- d--h--r- c:\users\user\AppData\Roaming\SecuROM
2010-09-03 21:44 . 2007-08-22 03:20 -------- d-----w- c:\program files\Common Files\Apple
2010-08-25 00:20 . 2010-07-01 16:58 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-08-25 00:15 . 2010-07-01 17:13 -------- d-----w- c:\programdata\motorola
2010-08-23 21:02 . 2008-10-07 01:53 -------- d-----w- c:\users\user\AppData\Roaming\Winamp
2010-08-23 21:01 . 2008-10-07 01:53 -------- d-----w- c:\program files\Winamp
2010-08-19 06:07 . 2007-04-25 19:24 -------- d-----w- c:\program files\Yahoo!
2010-08-19 04:31 . 2007-08-22 03:16 -------- d-----w- c:\programdata\Yahoo!
2010-08-19 04:07 . 2007-08-22 03:18 -------- d-----w- c:\users\user\AppData\Roaming\Yahoo!
2010-08-16 20:48 . 2009-11-02 15:28 -------- d-----w- c:\programdata\avg9
2010-08-16 20:40 . 2010-08-16 20:40 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 15:50 . 2010-08-12 15:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-12 15:50 . 2010-08-12 15:50 53632 ----a-w- c:\users\user\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-09 18:47 . 2010-03-16 02:43 117760 ----a-w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-09 18:35 . 2010-02-01 17:33 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-09 18:33 . 2010-08-09 18:33 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-09 18:33 . 2007-10-15 19:55 -------- d-----w- c:\programdata\NVIDIA
2010-08-01 23:51 . 2007-04-25 18:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-01 23:51 . 2010-08-01 23:51 -------- d-----w- c:\programdata\LightScribe
2010-08-01 23:50 . 2010-08-01 23:46 -------- d-----w- c:\users\user\AppData\Roaming\ArcSoft
2010-08-01 23:50 . 2010-08-01 23:50 5311698 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-08-01 23:50 . 2010-08-01 23:40 -------- d-----w- c:\programdata\ArcSoft
2010-08-01 23:44 . 2007-04-25 19:09 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-08-01 23:41 . 2010-08-01 23:40 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-01 23:40 . 2007-08-18 22:20 -------- d-----w- c:\program files\ArcSoft
2010-07-29 22:04 . 2008-01-17 02:11 -------- d-----w- c:\program files\PokerStars.NET
2010-07-09 20:37 . 2010-07-09 20:37 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 20:37 . 2010-07-09 20:37 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:37 . 2010-07-09 20:37 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 20:37 . 2010-07-09 20:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-07 17:46 . 2007-09-12 09:28 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-06-26 06:05 . 2010-08-11 21:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 21:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 21:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 21:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 21:09 2037760 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-09-13 340520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-13 805392]
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2010-8-1 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 03:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-31 10:46 135664 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 14:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 19:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2009-02-05 20:48 364544 ----a-w- c:\windows\System32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c98d543546c753;Google Update Service (gupdate1c98d543546c753);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R3 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2008-12-11 2329440]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-02-19 127744]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2010-05-27 87336]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\DRIVERS\V0500Vid.sys [2007-11-01 251264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-03-17 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-25 15:28]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 20:55]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 20:55]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2882603163-3867760204-3722990054-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-03 10:46]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2882603163-3867760204-3722990054-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-03 10:46]

2010-09-17 c:\windows\Tasks\User_Feed_Synchronization-{F93FA5A8-3ACC-482F-AE8C-6BB187D18A2A}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uk0mt48y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://lumserve.raritanval.edu/cp/home/displaylogin
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-UDC Integration - (no file)
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-17 16:41
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2882603163-3867760204-3722990054-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*F*E*A*R*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2882603163-3867760204-3722990054-1000\Software\SecuROM\License information*]
"datasecu"=hex:55,eb,d2,d1,ec,21,f7,1f,40,fa,2c,88,46,2a,af,93,bd,8e,8d,28,e8,
0e,3c,f4,28,81,e0,8d,18,c0,f1,90,d6,7b,43,32,39,b7,61,2e,af,62,65,b3,72,c4,\
"rkeysecu"=hex:e9,3b,42,23,ce,53,e2,d0,67,eb,37,bd,1c,95,18,b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&3b1740d6&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&3b1740d6&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2a5ce121&0&12345678&02&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2a5ce121&0&12345678&02&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2a5ce121&0&UID512\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2a5ce121&0&UID512\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2647\4&3b1740d6&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2647\4&3b1740d6&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\4&3b1740d6&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\4&3b1740d6&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\4&3b1740d6&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A7\5&2a5ce121&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A7\5&2a5ce121&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A7\5&2a5ce121&0&UID33554704\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A7\5&2a5ce121&0&UID33554704\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2010-09-17 16:45:58
ComboFix-quarantined-files.txt 2010-09-17 20:45

Pre-Run: 30,185,369,600 bytes free
Post-Run: 36,123,332,608 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A02DA91034ECADAFD2DCB76188BD81B4


----------



## jpiarull (Aug 23, 2010)

I think Combofix may have disable adobe flash and certain online plugins, at least you did warn me about that before running the program. Consequently uninstalling and reinstalling the program yielded nothing, so I assume I'll have to wait until the problem is fixed with the trojan before fixing the internet settings for firefox.


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## jpiarull (Aug 23, 2010)

50 FREE MP3s +1 Free Audiobook!
Aarons Advanced Cliker Version 3.05
AC3Filter (remove only)
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
AGEIA PhysX v7.09.13
AIM 6
AIMTunes
Ambush Pack 1.00 for Pocket Tanks Deluxe
APC PowerChute Personal Edition
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ArcSoft TotalMedia Extreme
AXE Screen Saver - Random 1.0
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
Bonus Pack v1.1 for Super DX-Ball Deluxe
Call of Duty(R) 4 - Modern Warfare(TM)
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
CardRd81
CCScore
CDDRV_Installer
Chaos Pack 1.00 for Pocket Tanks Deluxe
CR2
DC++ 0.7091
Derive 6 Trial Edition
DivX Codec
DivX Converter
DivX Player
DivX Plus Web Player
Dynex 1.3MP Webcam Driver (1.00.03.0000)
Dynex Webcam User's Guide
Enhanced Multimedia Keyboard Solution
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
ffdshow [rev 1589] [2007-10-31]
Flamethrower Pack 1.00 for Pocket Tanks Deluxe
Foxit PDF Creator
Foxit PDF Editor
Foxit Reader
Fuzz Pack v1.0 for Pocket Tanks Deluxe
GameTracker Lite
Google Earth
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Gravity Pack v1.1 for Pocket Tanks Deluxe
Hardware Diagnostic Tools
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP My Display
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Picasso Media Center Add-In
HP Update
iCopyBot for iPod & iPhone 5.0.0
iTunes
Java(TM) 6 Update 18
Junk Mail filter update
Kaspersky Internet Security 2010
Kaspersky Internet Security 2010
kgcbase
KhalInstallWrapper
Kodak EasyShare software
KSU
LightScribe System Software
Linksys EasyLink Advisor
Linksys EasyLink Advisor
Live! Cam Center
Logitech SetPoint
Logitech Updater
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v. 1.3.1249.0
Meteor Pack 1.00 for Pocket Tanks Deluxe
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
mIRC
MotoConnect 1.1.31
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 4.7.1
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Nano Pack v1.0 for Pocket Tanks Deluxe
Neon Wars v1.11a
netbrdg
Notifier
Nuke Pack 1.00 for Pocket Tanks Deluxe
NVIDIA Display Control Panel
NVIDIA Drivers
OfotoXMI
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
Picasa 3
Pocket Tanks
Pocket Tanks Deluxe 1.00a
PokerStars.net
Polar Golfer
Power Pack 1.00 for Pocket Tanks Deluxe
PVSonyDll
Python 2.4.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
ScanSoft OmniPage SE 4.0
SDK
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SFR
SHASTA
skin0001
SKINXSDK
Snapfish Media Detector
Snood for Windows version 2.4.5-W
Snowball Pack v1.1 for Pocket Tanks Deluxe
Soft Data Fax Modem with SmartCP
Spelling Dictionaries Support For Adobe Reader 9
staticcr
Strong Bad - Strong Bad Episode 5 - 8-Bit Is Enough
Super DX-Ball v1.1
Super Pack v1.00 for Pocket Tanks Deluxe
TI Connect 1.6
tooltips
Treasure Pack v1.1 for Super DX-Ball Deluxe
Uniblue RegistryBooster 2010
Uniblue SystemTweaker
Universal Document Converter
Unreal Tournament 2004
Unreal Tournament 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UT2004 Editor's Choice Edition Mod Installer
VC80CRTRedist - 8.0.50727.4053
Verizon Download Manager
VPRINTOL
WD Diagnostics
WDCSAM Driver
WebEx Support Manager for Internet Explorer
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
WIRELESS


----------



## Cookiegal (Aug 27, 2003)

Please run the *F-Secure Online Scanner*

Note: *You must use Internet Explorer for this scan!*


Accept the License Agreement. 
Once the ActiveX installs click *Full System Scan* 
Once the download completes, the scan will begin automatically. 
The scan will take some time to finish, so please be patient. 
When the scan completes, click the *Automatic cleaning (recommended)* button. 
Click the *Show Report* button and copy and paste the entire report in your next reply.

What is your K drive please?


----------



## jpiarull (Aug 23, 2010)

I've been running the online scanner for several hours now and it's still stuck on "Online Scanner will start shortly. Please wait". Has the program not started at all or can it take up to a day or two?


----------



## jpiarull (Aug 23, 2010)

The scanner still says the message I specified before, what do you think? It's been over 2 full days, should it have finished by now?


----------



## Cookiegal (Aug 27, 2003)

It shouldn't take that long. Let's try another.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## jpiarull (Aug 23, 2010)

The 1st scan I ran, it did not have a separate window with the log file. However, it did display the file that was identified as the infected file.
C:\ProgramData\AOL Downloads\trition_suite_install\6.1.41.2\setup.exe.
That's the file that's supposively causing the problem. I looked at the log.txt file in the program's folder and this is what it said.
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
I don't know if that's the right one. You want me to post a print screen of the postscan screen of the scanner? I also saw the folder in program data where the infected file is, and I can manually delete it, would that help me in this case?


----------



## Cookiegal (Aug 27, 2003)

Delete this file manually:

C:\ProgramData\AOL Downloads\trition_suite_install\6.1.41.2\setup.exe

Please post a new HijackThis log.


----------



## jpiarull (Aug 23, 2010)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:03:43 PM, on 9/26/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\user\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -update plugin
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: TotalMedia BackUp & Recorder Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Update Service (gupdate1c98d543546c753) (gupdate1c98d543546c753) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11420 bytes


----------



## jpiarull (Aug 23, 2010)

Any updates? I still have Adobe Flash enabled, yet certain websites I cannot view multimedia content, related to the problem I have?


----------



## Cookiegal (Aug 27, 2003)

I'm sorry but I never received notification of your reply.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## jpiarull (Aug 23, 2010)

```
OTS logfile created on: 10/4/2010 4:13:09 PM - Run 1
OTS by OldTimer - Version 3.1.38.1     Folder = C:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.82 Gb Total Space | 33.40 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.97 Gb Free Space | 11.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.51 Gb Total Space | 468.01 Gb Free Space | 50.24% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\user\Downloads\OTS.exe -> [2010/10/04 16:11:57 | 000,641,536 | ---- | M] (OldTimer Tools)
avp.exe -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -> [2010/09/12 20:33:34 | 000,340,520 | ---- | M] (Kaspersky Lab)
rbmonitor.exe -> C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe -> [2010/08/30 08:25:04 | 000,025,976 | ---- | M] (Uniblue Systems Limited)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.)
tgsrvc.exe -> C:\Program Files\VERIZONDM\bin\tgsrvc.exe -> [2010/07/20 01:29:20 | 000,185,640 | ---- | M] (SupportSoft, Inc.)
sprtsvc.exe -> C:\Program Files\VERIZONDM\bin\sprtsvc.exe -> [2010/07/20 01:29:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.)
sprtcmd.exe -> C:\Program Files\VERIZONDM\bin\sprtcmd.exe -> [2010/07/20 01:29:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.)
setpoint.exe -> C:\Program Files\Logitech\SetPointP\SetPoint.exe -> [2010/06/25 20:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.)
motoconnectservice.exe -> C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -> [2010/06/24 15:34:52 | 000,091,456 | ---- | M] ()
motoconnect.exe -> C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe -> [2010/06/24 15:34:50 | 000,279,360 | ---- | M] (Motorola)
khalmnpr.exe -> C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe -> [2010/06/22 15:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.)
googlecrashhandler.exe -> C:\Users\user\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe -> [2010/06/16 00:00:09 | 000,134,808 | ---- | M] (Google Inc.)
nserviceentry.exe -> C:\Program Files\Motorola Media Link\NServiceEntry.exe -> [2010/05/27 11:40:30 | 000,087,336 | ---- | M] (Nero AG)
wpffontcache_v0400.exe -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -> [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation)
acdaemon.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.)
acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
java.exe -> C:\Windows\System32\java.exe -> [2010/03/15 22:39:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
wlidsvc.exe -> C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -> [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation)
wlidsvcm.exe -> C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE -> [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
linksys easylink advisor.exe -> C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe -> [2008/05/01 07:38:00 | 000,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems)
linksysupdater.exe -> C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -> [2008/04/18 05:30:43 | 000,204,800 | ---- | M] ()
osd.exe -> C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe -> [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro)
 
[Modules - Safe List]
ots.exe -> C:\Users\user\Downloads\OTS.exe -> [2010/10/04 16:11:57 | 000,641,536 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\Windows\System32\msscript.ocx -> [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(AVP) Kaspersky Internet Security [Auto | Running] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -> [2010/09/12 20:33:34 | 000,340,520 | ---- | M] (Kaspersky Lab)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.)
(tgsrvc_verizondm) SupportSoft Repair Service (verizondm) [Auto | Running] -> C:\Program Files\VERIZONDM\bin\tgsrvc.exe -> [2010/07/20 01:29:20 | 000,185,640 | ---- | M] (SupportSoft, Inc.)
(sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm) [Auto | Running] -> C:\Program Files\VERIZONDM\bin\sprtsvc.exe -> [2010/07/20 01:29:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.)
(MotoConnect Service) MotoConnect Service [Auto | Running] -> C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -> [2010/06/24 15:34:52 | 000,091,456 | ---- | M] ()
(DeviceMonitorService) DeviceMonitorService [Auto | Running] -> C:\Program Files\Motorola Media Link\NServiceEntry.exe -> [2010/05/27 11:40:30 | 000,087,336 | ---- | M] (Nero AG)
(LBTServ) Logitech Bluetooth Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -> [2010/05/06 05:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.)
(WPFFontCache_v0400) Windows Presentation Foundation Font Cache 4.0.0.0 [Auto | Running] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -> [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
(FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation)
(wlidsvc) Windows Live ID Sign-in Assistant [Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation)
(fsssvc) Windows Live Family Safety Service [On_Demand | Stopped] -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
(GS In-Game Service) GS In-Game Service [On_Demand | Stopped] -> C:\Program Files\GameTracker\GSInGameService.exe -> [2008/12/11 14:20:04 | 002,329,440 | ---- | M] (ClanServers Hosting LLC)
(LinksysUpdater) Linksys Updater [Auto | Running] -> C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -> [2008/04/18 05:30:43 | 000,204,800 | ---- | M] ()
(nmservice) Pure Networks Platform Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -> [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.)
(WinDefend) Windows Defender [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2007/11/08 21:34:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)
(DTSRVC) Portrait Displays Display Tune Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -> [2007/04/25 12:34:44 | 000,073,728 | ---- | M] ()
(APC UPS Service) APC UPS Service [On_Demand | Stopped] -> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -> [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation)
 
[Driver Services - Safe List]
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\nwlnkfwd.sys -> File not found
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\nwlnkflt.sys -> File not found
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ipinip.sys -> File not found
(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> C:\Windows\System32\drivers\blbdrive.sys -> File not found
(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\System32\drivers\klif.sys -> [2010/09/12 20:11:50 | 000,311,312 | ---- | M] (Kaspersky Lab)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation)
(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\LMouFilt.Sys -> [2010/03/18 05:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.)
(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\LHidFilt.Sys -> [2010/03/18 05:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.)
(KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\Windows\System32\drivers\klim6.sys -> [2009/11/03 16:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab)
(klbg) Kaspersky Lab Boot Guard Driver [Kernel | Boot | Running] -> C:\Windows\system32\drivers\klbg.sys -> [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab)
(klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\klmouflt.sys -> [2009/10/02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab)
(kl1) kl1 [Kernel | System | Running] -> C:\Windows\System32\drivers\kl1.sys -> [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab)
(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\fssfltr.sys -> [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\USBAUDIO.sys -> [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation)
(RTSTOR) Realtek USB 2.0 Card Reader [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTSTOR.sys -> [2009/04/08 03:53:12 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.)
(archlp) archlp [Kernel | System | Running] -> C:\Windows\System32\drivers\ArcHlp.sys -> [2009/02/19 14:22:52 | 000,127,744 | ---- | M] ()
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2009/02/11 12:38:14 | 002,324,512 | ---- | M] (Realtek Semiconductor Corp.)
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSXHWBS2.sys -> [2008/09/10 04:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_CNXT.sys -> [2008/09/10 04:47:18 | 000,661,504 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_DP.sys -> [2008/09/10 04:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.)
(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\drivers\XAudio.sys -> [2008/09/04 03:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.)
(NVENETFD) NVIDIA nForce 10/100 Mbps Ethernet  [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvmfdx32.sys -> [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation)
(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\wdcsam.sys -> [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies)
(pnarp) Pure Networks Device Discovery Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\pnarp.sys -> [2008/04/09 01:14:02 | 000,024,888 | ---- | M] (Pure Networks, Inc.)
(purendis) Pure Networks Wireless Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\purendis.sys -> [2008/04/09 01:14:00 | 000,026,424 | ---- | M] (Pure Networks, Inc.)
(V0500Dev) Dynex 1.3MP Webcam Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\V0500Vid.sys -> [2007/10/31 21:00:00 | 000,251,264 | ---- | M] (Creative Technology Ltd.)
(nvstor32) nvstor32 [Kernel | Boot | Running] -> C:\Windows\system32\drivers\nvstor32.sys -> [2007/10/26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation)
(HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\hidbatt.sys -> [2007/10/20 20:53:03 | 000,021,504 | ---- | M] (Microsoft Corporation)
(PdiPorts) Portrait Displays low level device driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\PdiPorts.sys -> [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation)
(TIEHDUSB) TIEHDUSB [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tiehdusb.sys -> [2006/02/03 12:37:33 | 000,049,536 | ---- | M] (Texas Instruments Incorporated)
(Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\PS2.sys -> [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company)
(Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\afc.sys -> [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.)
(ICAM5USB) Intel(r) PC Camera CS110 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\Icam5USB.sys -> [2001/08/17 21:06:20 | 000,100,992 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 80 35 67 8B AA D2 C9 01  [binary data] -> 
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> 
HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\uk0mt48y.default\prefs.js -> 
browser.search.defaultenginename -> "Yahoo! Search" ->
browser.search.defaulturl -> "http://search.yahoo.com/search?fr=ffsp1&p=" ->
browser.search.selectedEngine -> "Google" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "https://lumserve.raritanval.edu/cp/home/displaylogin" ->
extensions.enabledItems -> {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.9 ->
extensions.enabledItems -> [email protected]:1.6.1 ->
extensions.enabledItems -> {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 ->
extensions.enabledItems -> {9fb8c270-7124-11dd-ad8b-0800200c9a66}:1.7.2 ->
extensions.enabledItems -> {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 ->
extensions.enabledItems -> {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5 ->
extensions.enabledItems -> [email protected]:9.0.0.736 ->
extensions.enabledItems -> DeviceDetec[email protected]:1.20.0.66 ->
keyword.URL -> "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=" ->
network.proxy.type -> 4 ->
< FireFox Settings [User.js] > -> C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\uk0mt48y.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/09/24 18:21:01 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/09/24 18:21:01 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2010\THBEXT] -> [2010/09/12 20:13:40 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\user\AppData\Roaming\mozilla\Extensions -> [2008/06/18 10:34:17 | 000,000,000 | ---D | M]
  -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uk0mt48y.default\extensions -> [2010/10/03 19:31:54 | 000,000,000 | ---D | M]
Flagfox   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uk0mt48y.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} -> [2010/09/22 09:54:01 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uk0mt48y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/08/09 14:18:15 | 000,000,000 | ---D | M]
ImTranslator   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uk0mt48y.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} -> [2010/09/23 19:05:46 | 000,000,000 | ---D | M]
Download status   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uk0mt48y.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66} -> [2010/08/09 14:19:43 | 000,000,000 | ---D | M]
No name found   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uk0mt48y.default\extensions\{dc572301-7619-498c-a57d-39143191b318} -> [2010/08/09 14:19:07 | 000,000,000 | ---D | M]
   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uk0mt48y.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}(688) -> [2008/03/19 21:46:18 | 000,000,000 | ---D | M]
FoxTab   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uk0mt48y.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} -> [2010/08/17 19:39:44 | 000,000,000 | ---D | M]
  -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uk0mt48y.default\extensions\[email protected] -> [2010/09/23 19:05:47 | 000,000,000 | ---D | M]
  -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uk0mt48y.default\extensions\[email protected] -> [2008/06/19 19:04:31 | 000,000,000 | ---D | M]
  -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\uk0mt48y.default\extensions\[email protected] -> [2010/09/12 20:22:01 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 live-search.xml -> C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\uk0mt48y.default\searchplugins\live-search.xml -> [2009/03/31 08:41:10 | 000,001,632 | ---- | M] ()
 weathercom.xml -> C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\uk0mt48y.default\searchplugins\weathercom.xml -> [2008/07/03 10:24:07 | 000,001,632 | ---- | M] ()
 winamp-search.xml -> C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\uk0mt48y.default\searchplugins\winamp-search.xml -> [2009/07/28 14:58:30 | 000,001,201 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/09/23 19:08:08 | 000,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2010/09/12 20:14:17 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/02/08 22:42:33 | 000,378,641 | ---- | M] - 13092 lines) -> C:\Windows\System32\drivers\etc\Hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
::1             localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    123topsearch.com
127.0.0.1    www.123topsearch.com
127.0.0.1    132.com
127.0.0.1    www.132.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Value error. [AVG Safe Search] -> File not found
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [IEVkbdBHO Class] -> [2009/10/20 19:34:50 | 000,068,112 | ---- | M] (Kaspersky Lab)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2008/02/22 21:16:28 | 002,403,392 | R--- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/03/24 11:28:05 | 000,668,656 | ---- | M] (Google Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [FilterBHO Class] -> [2009/10/20 19:34:56 | 000,268,816 | ---- | M] (Kaspersky Lab)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [&Google] -> [2008/02/22 21:16:28 | 002,403,392 | R--- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [&Google] -> [2008/02/22 21:16:28 | 002,403,392 | R--- | M] (Google Inc.)
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe] -> [2010/09/22 00:28:52 | 000,047,904 | ---- | M] (Apple Inc.)
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.)
"AVP" -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe ["C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"] -> [2010/09/12 20:33:34 | 000,340,520 | ---- | M] (Kaspersky Lab)
"CanonMyPrinter" -> C:\Program Files\Canon\MyPrinter\BJMyPrt.exe ["C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon] -> [2006/10/16 21:40:00 | 001,197,648 | ---- | M] (CANON INC.)
"EvtMgr6" -> C:\Program Files\Logitech\SetPointP\SetPoint.exe [C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming] -> [2010/06/25 20:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.)
"KBD" -> C:\hp\KBD\KbdStub.exe [C:\HP\KBD\KbdStub.EXE] -> [2006/12/08 12:16:56 | 000,065,536 | ---- | M] ()
"LELA" -> C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe ["C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized] -> [2008/05/01 07:38:00 | 000,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems)
"OsdMaestro" -> C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe ["C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"] -> [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro)
"VERIZONDM" -> C:\Program Files\VERIZONDM\bin\sprtcmd.exe ["C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM] -> [2010/07/20 01:29:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"Launcher" -> C:\Windows\SMINST\Launcher.exe [%WINDIR%\SMINST\launcher.exe] -> [2007/03/07 14:09:52 | 000,044,168 | ---- | M] (soft thinks)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"AllowLegacyWebView" ->  [1] -> File not found
\\"AllowUnhashedWebView" ->  [1] -> File not found
\\"NoDriveTypeAutoRun" ->  [60] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [0] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Anti-Banner -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm] -> [2009/10/20 19:22:54 | 000,001,452 | ---- | M] ()
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2009/05/01 14:30:36 | 003,366,912 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> [2010/04/24 08:25:04 | 018,352,488 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [Button: &Virtual keyboard] -> [2009/10/20 19:34:56 | 000,268,816 | ---- | M] (Kaspersky Lab)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [Button: URLs c&heck] -> [2009/10/20 19:34:56 | 000,268,816 | ---- | M] (Kaspersky Lab)
{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}:Exec [HKLM] -> C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe [Button: PokerStars.net] -> [2009/04/20 20:29:21 | 000,562,968 | ---- | M] (PokerStars)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] ->  [Reg Error: Value error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 167.206.245.130 167.206.245.129 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4129B5DC-99F9-495A-8760-E0646DEAD679}\\DhcpNameServer -> 167.206.245.130 167.206.245.129   (NVIDIA nForce 10/100 Mbps Ethernet ) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll -> [2009/11/06 23:04:36 | 000,109,072 | ---- | M] (Kaspersky Lab)
C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll -> [2009/11/06 23:04:24 | 000,017,936 | ---- | M] (Kaspersky Lab)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
klogon -> C:\Windows\System32\klogon.dll -> [2009/10/20 19:34:56 | 000,219,664 | ---- | M] (Kaspersky Lab)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> [2006/08/30 07:35:12 | 000,952,088 | ---- | M] (EarthLink, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/04/25 15:12:32 | 000,000,074 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe -> [2005/12/12 16:05:30 | 000,221,247 | ---- | M] (American Power Conversion Corporation)
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk -> C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe -> [2009/11/19 23:29:10 | 001,807,704 | ---- | M] (Research In Motion Limited)
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk -> C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> [2004/02/13 14:12:08 | 000,016,423 | ---- | M] ()
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe -> [2007/03/02 17:55:02 | 001,441,792 | ---- | M] ()
C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE -> [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2010/06/09 04:06:33 | 000,976,832 | ---- | M] (Adobe Systems Incorporated)
Adobe Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated)
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe -> [2010/06/19 22:04:47 | 000,035,760 | ---- | M] (Adobe Systems Incorporated)
BlackBerryAutoUpdate hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe -> [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited)
Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe -> [2009/10/31 06:46:07 | 000,135,664 | ---- | M] (Google Inc.)
HP Software Update hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe -> [2005/02/17 02:11:42 | 000,049,152 | ---- | M] (Hewlett-Packard Co.)
ISUSPM hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> [2007/08/30 10:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation)
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2010/09/24 02:10:52 | 000,421,160 | ---- | M] (Apple Inc.)
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\QTTask.exe -> [2010/09/08 11:17:42 | 000,421,888 | ---- | M] (Apple Inc.)
SnapfishMediaDetector hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe -> [2007/03/02 17:55:02 | 001,441,792 | ---- | M] ()
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.)
WD Button Manager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
WinampAgent hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Winamp\winampa.exe -> [2010/07/12 12:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"startup" -> 2 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 10/2/2007 10:45:45 PM Computer Name = user-PC | Source = Application Hang | ID = 1002 -> Description = The program SpybotSD.exe version 1.5.1.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 13a4  Start Time: 01c80566f0f106f0  Termination Time: 39
Application [ Error ] 10/3/2007 8:11:44 PM Computer Name = user-PC | Source = Application Hang | ID = 1002 -> Description = The program SpybotSD.exe version 1.5.1.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 1724  Start Time: 01c8060f852bdea0  Termination Time: 58
Application [ Error ] 10/6/2007 3:23:45 PM Computer Name = user-PC | Source = Application Hang | ID = 1002 -> Description = The program SpybotSD.exe version 1.5.1.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: f38  Start Time: 01c8084dbabf6ab0  Termination Time: 60000
Application [ Error ] 10/6/2007 5:44:09 PM Computer Name = user-PC | Source = Application Hang | ID = 1002 -> Description = The program SpybotSD.exe version 1.5.1.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: f38  Start Time: 01c8084dbabf6ab0  Termination Time: 0
Application [ Error ] 10/7/2007 7:11:36 PM Computer Name = user-PC | Source = Application Hang | ID = 1002 -> Description = The program SpybotSD.exe version 1.5.1.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 1390  Start Time: 01c80937053d835d  Termination Time: 108
Application [ Error ] 10/7/2007 8:56:20 PM Computer Name = user-PC | Source = Application Hang | ID = 1002 -> Description = The program SpybotSD.exe version 1.5.1.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 17b4  Start Time: 01c80936fcd9888d  Termination Time: 19
Application [ Error ] 10/7/2007 9:58:04 PM Computer Name = user-PC | Source = Application Hang | ID = 1002 -> Description = The program SpybotSD.exe version 1.5.1.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 12b8  Start Time: 01c80946124bf59d  Termination Time: 226
Application [ Error ] 10/11/2007 4:11:14 PM Computer Name = user-PC | Source = Application Hang | ID = 1002 -> Description = The program SpybotSD.exe version 1.5.1.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 414  Start Time: 01c80c429fd1876b  Termination Time: 34
Application [ Error ] 10/11/2007 4:16:21 PM Computer Name = user-PC | Source = Application Hang | ID = 1002 -> Description = The program SpybotSD.exe version 1.5.1.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 1150  Start Time: 01c80c42ed94c16b  Termination Time: 122
Media Center [ Error ] 6/2/2008 8:35:05 PM Computer Name = user-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Media Center [ Error ] 6/3/2008 9:20:30 PM Computer Name = user-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Media Center [ Error ] 8/28/2008 9:39:01 AM Computer Name = user-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 2/20/2009 4:36:58 PM Computer Name = user-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 2/20/2009 6:35:31 PM Computer Name = user-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 2/26/2009 4:34:44 AM Computer Name = user-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
OSession [ Error ] 11/7/2007 11:17:20 AM Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1072 seconds with 900 seconds of active time.  This session ended with a crash.
OSession [ Error ] 2/27/2009 8:43:13 PM Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 81442 seconds with 60 seconds of active time.  This session ended with a crash.
System [ Error ] 9/27/2010 7:14:21 PM Computer Name = user-PC | Source = Service Control Manager | ID = 7026 -> Description = 
System [ Error ] 9/30/2010 1:25:58 AM Computer Name = user-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.100 for the Network Card with network address 001BB9828E61 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 10/1/2010 10:07:50 AM Computer Name = user-PC | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 10/1/2010 3:38:21 PM Computer Name = user-PC | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 10/1/2010 3:38:21 PM Computer Name = user-PC | Source = Service Control Manager | ID = 7026 -> Description = 
System [ Error ] 10/1/2010 4:27:13 PM Computer Name = user-PC | Source = Service Control Manager | ID = 7031 -> Description = 
System [ Error ] 10/3/2010 11:47:58 AM Computer Name = user-PC | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 10/3/2010 11:47:58 AM Computer Name = user-PC | Source = Service Control Manager | ID = 7026 -> Description = 
System [ Error ] 10/4/2010 4:01:02 PM Computer Name = user-PC | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 10/4/2010 4:01:02 PM Computer Name = user-PC | Source = Service Control Manager | ID = 7026 -> Description = 
 
[Files/Folders - Created Within 30 Days]
 iPod -> C:\Program Files\iPod -> [2010/10/01 16:29:47 | 000,000,000 | ---D | C]
 iTunes -> C:\Program Files\iTunes -> [2010/10/01 16:29:45 | 000,000,000 | ---D | C]
 Bonjour -> C:\Program Files\Bonjour -> [2010/10/01 16:27:04 | 000,000,000 | ---D | C]
 Config.Msi -> C:\Config.Msi -> [2010/10/01 16:27:00 | 000,000,000 | -HSD | C]
 tzres.dll -> C:\Windows\System32\tzres.dll -> [2010/09/29 04:54:43 | 000,002,048 | ---- | C] (Microsoft Corporation)
 QuickTime -> C:\Program Files\QuickTime -> [2010/09/24 18:20:39 | 000,000,000 | ---D | C]
 ESET -> C:\Program Files\ESET -> [2010/09/24 14:05:23 | 000,000,000 | ---D | C]
 RTCOM -> C:\Windows\System32\RTCOM -> [2010/09/20 09:38:51 | 000,000,000 | ---D | C]
 Logishrd -> C:\Users\user\AppData\Local\Logishrd -> [2010/09/19 23:21:37 | 000,000,000 | ---D | C]
 LNonPnP.sys -> C:\Windows\System32\drivers\LNonPnP.sys -> [2010/09/19 23:21:13 | 000,016,400 | ---- | C] (Logitech, Inc.)
 CanonBJ -> C:\ProgramData\CanonBJ -> [2010/09/19 23:12:05 | 000,000,000 | -H-D | C]
 CanonIJ Uninstaller Information -> C:\Windows\System32\CanonIJ Uninstaller Information -> [2010/09/19 23:11:51 | 000,000,000 | -H-D | C]
 LogiShrd -> C:\Users\Public\Documents\LogiShrd -> [2010/09/19 23:08:03 | 000,000,000 | ---D | C]
 Logishrd -> C:\ProgramData\Logishrd -> [2010/09/19 23:07:29 | 000,000,000 | ---D | C]
 Logitech -> C:\Program Files\Logitech -> [2010/09/19 23:07:24 | 000,000,000 | ---D | C]
 cnco160.dll -> C:\Windows\System32\cnco160.dll -> [2010/09/19 23:05:39 | 000,106,496 | ---- | C] (Canon Inc.)
 CNCC160.DLL -> C:\Windows\System32\CNCC160.DLL -> [2010/09/19 23:05:38 | 001,302,528 | ---- | C] (CANON INC.)
 CNCL160.DLL -> C:\Windows\System32\CNCL160.DLL -> [2010/09/19 23:05:38 | 000,135,168 | ---- | C] (Canon Inc.)
 CNCI160.DLL -> C:\Windows\System32\CNCI160.DLL -> [2010/09/19 23:05:38 | 000,069,632 | ---- | C] (CANON INC.)
 CanonBJ -> C:\Program Files\CanonBJ -> [2010/09/19 23:05:33 | 000,000,000 | -H-D | C]
 Logishrd -> C:\Users\user\AppData\Roaming\Logishrd -> [2010/09/19 22:49:28 | 000,000,000 | ---D | C]
 Temp -> C:\Program Files\Temp -> [2010/09/19 22:36:33 | 000,000,000 | -H-D | C]
 Uniblue -> C:\ProgramData\Uniblue -> [2010/09/19 22:20:50 | 000,000,000 | ---D | C]
 SupportSoft -> C:\Users\user\AppData\Local\SupportSoft -> [2010/09/18 17:15:33 | 000,000,000 | ---D | C]
 VERIZONDM -> C:\Program Files\VERIZONDM -> [2010/09/18 17:15:03 | 000,000,000 | ---D | C]
 SupportSoft -> C:\ProgramData\SupportSoft -> [2010/09/18 17:15:03 | 000,000,000 | ---D | C]
 SupportSoft -> C:\Program Files\Common Files\SupportSoft -> [2010/09/18 17:14:27 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010/09/17 16:46:09 | 000,000,000 | -HSD | C]
 temp -> C:\Windows\temp -> [2010/09/17 16:46:02 | 000,000,000 | ---D | C]
 temp -> C:\Users\user\AppData\Local\temp -> [2010/09/17 16:46:02 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2010/09/17 16:22:48 | 000,161,792 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2010/09/17 16:22:48 | 000,136,704 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/09/17 16:22:48 | 000,031,232 | ---- | C] (NirSoft)
 ERDNT -> C:\Windows\ERDNT -> [2010/09/17 16:22:35 | 000,000,000 | ---D | C]
 puppy -> C:\puppy -> [2010/09/17 16:22:32 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2010/09/17 16:22:14 | 000,000,000 | ---D | C]
 SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/09/17 16:21:50 | 000,212,480 | ---- | C] (SteelWerX)
 mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/09/16 16:04:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/09/16 16:04:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/09/16 16:04:09 | 000,000,000 | ---D | C]
 MP4SDECD.DLL -> C:\Windows\System32\MP4SDECD.DLL -> [2010/09/15 16:42:12 | 000,317,952 | ---- | C] (Microsoft Corporation)
 WindowsSearch -> C:\ProgramData\WindowsSearch -> [2010/09/13 12:23:37 | 000,000,000 | ---D | C]
 Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2010/09/12 20:12:30 | 000,000,000 | ---D | C]
 Kaspersky Lab -> C:\Program Files\Kaspersky Lab -> [2010/09/12 20:12:30 | 000,000,000 | ---D | C]
 klif.sys -> C:\Windows\System32\drivers\klif.sys -> [2010/09/12 20:11:50 | 000,311,312 | ---- | C] (Kaspersky Lab)
 Kaspersky Lab Setup Files -> C:\ProgramData\Kaspersky Lab Setup Files -> [2010/09/12 20:01:33 | 000,000,000 | ---D | C]
 QuickTimeVR.qtx -> C:\Windows\System32\QuickTimeVR.qtx -> [2010/09/08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.)
 QuickTime.qts -> C:\Windows\System32\QuickTime.qts -> [2010/09/08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.)
 3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 1 C:\*.tmp files -> C:\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 ntuser.dat -> C:\Users\user\ntuser.dat -> [2010/10/04 16:16:46 | 005,767,168 | ---- | M] ()
 User_Feed_Synchronization-{F93FA5A8-3ACC-482F-AE8C-6BB187D18A2A}.job -> C:\Windows\tasks\User_Feed_Synchronization-{F93FA5A8-3ACC-482F-AE8C-6BB187D18A2A}.job -> [2010/10/04 16:16:33 | 000,000,416 | -H-- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/10/04 16:07:00 | 000,000,886 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-2882603163-3867760204-3722990054-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2882603163-3867760204-3722990054-1000UA.job -> [2010/10/04 16:05:00 | 000,000,904 | ---- | M] ()
 Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2010/10/04 16:02:15 | 000,000,868 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/10/04 15:59:43 | 000,000,882 | ---- | M] ()
 RegistryBooster.job -> C:\Windows\tasks\RegistryBooster.job -> [2010/10/04 15:59:42 | 000,000,330 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/10/04 15:59:37 | 000,003,696 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/10/04 15:59:37 | 000,003,696 | -H-- | M] ()
 SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/10/04 15:59:35 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2010/10/04 15:59:33 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/10/04 15:59:22 | 3219,611,648 | -HS- | M] ()
 ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\user\ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TMContainer00000000000000000001.regtrans-ms -> [2010/10/04 12:45:43 | 000,524,288 | -HS- | M] ()
 ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TM.blf -> C:\Users\user\ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TM.blf -> [2010/10/04 12:45:43 | 000,065,536 | -HS- | M] ()
 IconCache.db -> C:\Users\user\AppData\Local\IconCache.db -> [2010/10/04 12:45:38 | 003,022,063 | -H-- | M] ()
 GoogleUpdateTaskUserS-1-5-21-2882603163-3867760204-3722990054-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2882603163-3867760204-3722990054-1000Core.job -> [2010/10/04 11:38:14 | 000,000,852 | ---- | M] ()
 iTunes.lnk -> C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk -> [2010/10/01 16:31:38 | 000,002,215 | ---- | M] ()
 iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/10/01 16:30:51 | 000,001,804 | ---- | M] ()
 mapisvc.inf -> C:\Windows\System32\mapisvc.inf -> [2010/10/01 16:22:51 | 000,000,629 | ---- | M] ()
 ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\user\ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TMContainer00000000000000000002.regtrans-ms -> [2010/09/27 19:10:55 | 000,524,288 | -HS- | M] ()
 HiJackThis.lnk -> C:\Users\user\Desktop\HiJackThis.lnk -> [2010/09/26 17:03:21 | 000,002,481 | ---- | M] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/09/25 10:03:43 | 000,604,264 | ---- | M] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/09/25 10:03:43 | 000,103,964 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/09/25 10:03:42 | 000,703,772 | ---- | M] ()
 Microsoft Office Word 2007.lnk -> C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk -> [2010/09/25 10:03:14 | 000,002,611 | ---- | M] ()
 Google Earth.lnk -> C:\Users\Public\Desktop\Google Earth.lnk -> [2010/09/25 00:10:51 | 000,002,035 | ---- | M] ()
 QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2010/09/24 18:20:53 | 000,001,688 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\user\Desktop\Google Chrome.lnk -> [2010/09/23 03:06:25 | 000,002,039 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2010/09/23 03:06:25 | 000,002,001 | ---- | M] ()
 Microsoft Office Word 2007.lnk -> C:\Users\user\Desktop\Microsoft Office Word 2007.lnk -> [2010/09/20 09:36:11 | 000,002,587 | ---- | M] ()
 ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\user\ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TMContainer00000000000000000001.regtrans-ms -> [2010/09/19 23:30:44 | 000,524,288 | -HS- | M] ()
 ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TM.blf -> C:\Users\user\ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TM.blf -> [2010/09/19 23:30:44 | 000,065,536 | -HS- | M] ()
 LNonPnP.sys -> C:\Windows\System32\drivers\LNonPnP.sys -> [2010/09/19 23:21:13 | 000,016,400 | ---- | M] (Logitech, Inc.)
 ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\user\ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TMContainer00000000000000000002.regtrans-ms -> [2010/09/19 22:37:18 | 000,524,288 | -HS- | M] ()
 DIFxAPI.dll -> C:\Windows\DIFxAPI.dll -> [2010/09/19 22:36:41 | 000,319,456 | ---- | M] (Microsoft Corporation)
 SpeedUpMyPC.lnk -> C:\Users\Public\Desktop\SpeedUpMyPC.lnk -> [2010/09/19 22:21:10 | 000,000,831 | ---- | M] ()
 DriverScanner.lnk -> C:\Users\Public\Desktop\DriverScanner.lnk -> [2010/09/19 22:20:41 | 000,000,841 | ---- | M] ()
 NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> [2010/09/19 22:08:57 | 000,524,288 | -HS- | M] ()
 NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> [2010/09/19 22:08:57 | 000,065,536 | -HS- | M] ()
 RegistryBooster.lnk -> C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk -> [2010/09/19 21:59:41 | 000,000,875 | ---- | M] ()
 RegistryBooster.lnk -> C:\Users\Public\Desktop\RegistryBooster.lnk -> [2010/09/19 21:59:41 | 000,000,851 | ---- | M] ()
 system.ini -> C:\Windows\system.ini -> [2010/09/17 16:41:45 | 000,000,215 | ---- | M] ()
 puppy.exe -> C:\Users\user\Desktop\puppy.exe -> [2010/09/17 16:20:43 | 003,846,509 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2010/09/16 16:04:13 | 000,000,804 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/09/16 16:04:13 | 000,000,780 | ---- | M] ()
 SystemTweaker.lnk -> C:\Users\Public\Desktop\SystemTweaker.lnk -> [2010/09/13 11:12:32 | 000,000,841 | ---- | M] ()
 Kaspersky Internet Security 2010.lnk -> C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Kaspersky Internet Security 2010.lnk -> [2010/09/13 11:12:24 | 000,001,085 | ---- | M] ()
 klin.dat -> C:\Windows\System32\drivers\klin.dat -> [2010/09/12 20:33:32 | 000,113,933 | ---- | M] ()
 klick.dat -> C:\Windows\System32\drivers\klick.dat -> [2010/09/12 20:33:32 | 000,097,549 | ---- | M] ()
 klif.sys -> C:\Windows\System32\drivers\klif.sys -> [2010/09/12 20:11:50 | 000,311,312 | ---- | M] (Kaspersky Lab)
 QuickTimeVR.qtx -> C:\Windows\System32\QuickTimeVR.qtx -> [2010/09/08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.)
 QuickTime.qts -> C:\Windows\System32\QuickTime.qts -> [2010/09/08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.)
 Decisions.doc -> C:\Users\user\Documents\Decisions.doc -> [2010/09/06 16:44:55 | 000,041,472 | ---- | M] ()
 No Whining Zone.doc -> C:\Users\user\Documents\No Whining Zone.doc -> [2010/09/06 16:15:25 | 000,026,624 | ---- | M] ()
 3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 1 C:\*.tmp files -> C:\*.tmp -> 
 
[Files - No Company Name]
 iTunes.lnk -> C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk -> [2010/10/01 16:31:37 | 000,002,215 | ---- | C] ()
 iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/10/01 16:30:51 | 000,001,804 | ---- | C] ()
 Google Earth.lnk -> C:\Users\Public\Desktop\Google Earth.lnk -> [2010/09/25 00:10:51 | 000,002,035 | ---- | C] ()
 QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2010/09/24 18:20:53 | 000,001,688 | ---- | C] ()
 ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\user\ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TMContainer00000000000000000002.regtrans-ms -> [2010/09/19 23:34:48 | 000,524,288 | -HS- | C] ()
 ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\user\ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TMContainer00000000000000000001.regtrans-ms -> [2010/09/19 23:34:47 | 000,524,288 | -HS- | C] ()
 ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TM.blf -> C:\Users\user\ntuser.dat{ed22227a-c462-11df-8403-001bb9828e61}.TM.blf -> [2010/09/19 23:34:47 | 000,065,536 | -HS- | C] ()
 SpeedUpMyPC.lnk -> C:\Users\Public\Desktop\SpeedUpMyPC.lnk -> [2010/09/19 22:21:10 | 000,000,831 | ---- | C] ()
 DriverScanner.lnk -> C:\Users\Public\Desktop\DriverScanner.lnk -> [2010/09/19 22:20:41 | 000,000,841 | ---- | C] ()
 ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\user\ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TMContainer00000000000000000002.regtrans-ms -> [2010/09/19 22:10:56 | 000,524,288 | -HS- | C] ()
 ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\user\ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TMContainer00000000000000000001.regtrans-ms -> [2010/09/19 22:10:56 | 000,524,288 | -HS- | C] ()
 ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TM.blf -> C:\Users\user\ntuser.dat{a72f12ab-c3fa-11df-bc81-001bb9828e61}.TM.blf -> [2010/09/19 22:10:56 | 000,065,536 | -HS- | C] ()
 RegistryBooster.job -> C:\Windows\tasks\RegistryBooster.job -> [2010/09/19 21:59:45 | 000,000,330 | ---- | C] ()
 VerizonDM.msi -> C:\Windows\VerizonDM.msi -> [2010/09/18 17:14:43 | 009,830,400 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2010/09/17 16:22:48 | 000,256,512 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2010/09/17 16:22:48 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2010/09/17 16:22:48 | 000,080,412 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2010/09/17 16:22:48 | 000,077,312 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2010/09/17 16:22:48 | 000,068,096 | ---- | C] ()
 puppy.exe -> C:\Users\user\Desktop\puppy.exe -> [2010/09/17 16:20:30 | 003,846,509 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2010/09/16 16:04:13 | 000,000,804 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/09/16 16:04:13 | 000,000,780 | ---- | C] ()
 SystemTweaker.lnk -> C:\Users\Public\Desktop\SystemTweaker.lnk -> [2010/09/13 11:12:32 | 000,000,841 | ---- | C] ()
 Kaspersky Internet Security 2010.lnk -> C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Kaspersky Internet Security 2010.lnk -> [2010/09/13 11:12:24 | 000,001,085 | ---- | C] ()
 klin.dat -> C:\Windows\System32\drivers\klin.dat -> [2010/09/12 20:14:08 | 000,113,933 | ---- | C] ()
 klick.dat -> C:\Windows\System32\drivers\klick.dat -> [2010/09/12 20:14:08 | 000,097,549 | ---- | C] ()
 Decisions.doc -> C:\Users\user\Documents\Decisions.doc -> [2010/09/06 16:44:54 | 000,041,472 | ---- | C] ()
 No Whining Zone.doc -> C:\Users\user\Documents\No Whining Zone.doc -> [2010/09/06 16:15:24 | 000,026,624 | ---- | C] ()
 ArcHlp.sys -> C:\Windows\System32\drivers\ArcHlp.sys -> [2010/08/01 19:41:59 | 000,127,744 | ---- | C] ()
 IconCache.db -> C:\Users\user\AppData\Local\IconCache.db -> [2010/05/05 21:16:56 | 003,022,063 | -H-- | C] ()
 setup.log -> C:\Users\user\AppData\Roaming\setup.log -> [2010/01/23 13:27:53 | 000,000,180 | ---- | C] ()
 setup_ldm.iss -> C:\Users\user\AppData\Roaming\setup_ldm.iss -> [2010/01/23 13:27:43 | 000,000,760 | ---- | C] ()
 nvModes.001 -> C:\ProgramData\nvModes.001 -> [2009/11/12 17:24:34 | 000,034,805 | ---- | C] ()
 nvModes.dat -> C:\ProgramData\nvModes.dat -> [2009/11/12 13:48:15 | 000,034,805 | ---- | C] ()
 OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 000,403,816 | ---- | C] ()
 desktop.ini -> C:\Users\user\AppData\Roaming\desktop.ini -> [2009/07/03 12:43:40 | 000,000,006 | -HS- | C] ()
 desktop.ini -> C:\Users\user\AppData\Local\desktop.ini -> [2009/07/03 12:43:39 | 000,000,006 | -HS- | C] ()
 mcs.rma -> C:\Users\user\AppData\Roaming\mcs.rma -> [2009/06/19 14:06:53 | 000,870,128 | ---- | C] ()
 DBC019 -> C:\Users\user\AppData\Roaming\DBC019 -> [2009/06/19 14:06:53 | 000,000,004 | ---- | C] ()
 EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/05/29 10:52:07 | 000,117,248 | ---- | C] ()
 qt-dx331.dll -> C:\Windows\System32\qt-dx331.dll -> [2008/09/19 17:57:34 | 003,596,288 | ---- | C] ()
 dtu100.dll.manifest -> C:\Windows\System32\dtu100.dll.manifest -> [2008/09/19 17:55:10 | 000,000,416 | ---- | C] ()
 dpl100.dll.manifest -> C:\Windows\System32\dpl100.dll.manifest -> [2008/09/19 17:55:10 | 000,000,416 | ---- | C] ()
 DivXWMPExtType.dll -> C:\Windows\System32\DivXWMPExtType.dll -> [2008/09/19 17:54:18 | 000,012,288 | ---- | C] ()
 d3d8caps.dat -> C:\Users\user\AppData\Local\d3d8caps.dat -> [2008/09/08 17:17:44 | 000,000,552 | ---- | C] ()
 PnkBstrK.sys -> C:\Windows\System32\drivers\PnkBstrK.sys -> [2008/05/25 17:26:03 | 000,022,328 | ---- | C] ()
 PnkBstrK.sys -> C:\Users\user\AppData\Roaming\PnkBstrK.sys -> [2008/05/25 17:26:02 | 000,022,328 | ---- | C] ()
 game.ini -> C:\Windows\game.ini -> [2008/05/25 17:25:24 | 000,000,319 | ---- | C] ()
 .googlewebacchosts -> C:\Users\user\AppData\Roaming\.googlewebacchosts -> [2008/05/25 14:19:55 | 000,000,000 | ---- | C] ()
 atid.ini -> C:\Windows\atid.ini -> [2008/05/21 22:37:44 | 000,000,021 | ---- | C] ()
 iplayer.INI -> C:\Windows\iplayer.INI -> [2007/12/28 22:52:38 | 000,000,000 | ---- | C] ()
 ff_vfw.dll -> C:\Windows\System32\ff_vfw.dll -> [2007/09/19 21:20:08 | 000,007,680 | ---- | C] ()
 ff_vfw.dll.manifest -> C:\Windows\System32\ff_vfw.dll.manifest -> [2007/09/19 21:20:08 | 000,000,547 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/09/02 00:15:35 | 000,220,160 | ---- | C] ()
 d3d9caps.dat -> C:\Users\user\AppData\Local\d3d9caps.dat -> [2007/09/01 23:53:19 | 000,001,356 | ---- | C] ()
 MAXLINK.INI -> C:\Windows\MAXLINK.INI -> [2007/08/18 18:27:10 | 000,000,416 | ---- | C] ()
 GDIPFONTCACHEV1.DAT -> C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT -> [2007/08/18 16:12:28 | 000,104,128 | ---- | C] ()
 AgCPanelTraditionalChinese.dll -> C:\Windows\System32\AgCPanelTraditionalChinese.dll -> [2007/07/23 09:03:32 | 000,053,248 | ---- | C] ()
 AgCPanelSwedish.dll -> C:\Windows\System32\AgCPanelSwedish.dll -> [2007/07/23 09:03:32 | 000,053,248 | ---- | C] ()
 AgCPanelSpanish.dll -> C:\Windows\System32\AgCPanelSpanish.dll -> [2007/07/23 09:03:32 | 000,053,248 | ---- | C] ()
 AgCPanelSimplifiedChinese.dll -> C:\Windows\System32\AgCPanelSimplifiedChinese.dll -> [2007/07/23 09:03:30 | 000,053,248 | ---- | C] ()
 AgCPanelPortugese.dll -> C:\Windows\System32\AgCPanelPortugese.dll -> [2007/07/23 09:03:30 | 000,053,248 | ---- | C] ()
 AgCPanelKorean.dll -> C:\Windows\System32\AgCPanelKorean.dll -> [2007/07/23 09:03:30 | 000,053,248 | ---- | C] ()
 AgCPanelJapanese.dll -> C:\Windows\System32\AgCPanelJapanese.dll -> [2007/07/23 09:03:30 | 000,053,248 | ---- | C] ()
 AgCPanelGerman.dll -> C:\Windows\System32\AgCPanelGerman.dll -> [2007/07/23 09:03:30 | 000,053,248 | ---- | C] ()
 AgCPanelFrench.dll -> C:\Windows\System32\AgCPanelFrench.dll -> [2007/07/23 09:03:30 | 000,053,248 | ---- | C] ()
 hpzinstall.log -> C:\ProgramData\hpzinstall.log -> [2007/04/25 15:01:05 | 000,000,311 | ---- | C] ()
 pythoncom24.dll -> C:\Windows\System32\pythoncom24.dll -> [2007/04/25 14:39:48 | 000,327,680 | ---- | C] ()
 pywintypes24.dll -> C:\Windows\System32\pywintypes24.dll -> [2007/04/25 14:39:48 | 000,102,400 | ---- | C] ()
 px.ini -> C:\Windows\System32\px.ini -> [2007/03/06 04:47:24 | 000,000,000 | ---- | C] ()
 CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2007/01/12 10:07:48 | 000,520,192 | ---- | C] ()
 CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2007/01/12 10:07:48 | 000,204,800 | ---- | C] ()
 desktop.ini -> C:\Program Files\desktop.ini -> [2006/11/02 08:50:50 | 000,000,174 | -HS- | C] ()
 GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 08:37:35 | 000,037,665 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 08:37:35 | 000,029,779 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 08:37:35 | 000,026,489 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 08:37:35 | 000,026,040 | ---- | C] ()
 sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 08:35:32 | 000,005,632 | ---- | C] ()
 pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 03:40:29 | 000,013,750 | ---- | C] ()
< End of report >
```


----------



## jpiarull (Aug 23, 2010)

Should we wait to fix the flash issue till the problem is ironed out? I'm sure the OTS takes forever to read because of its length and complexity.


----------



## Cookiegal (Aug 27, 2003)

Yes, let's wait and see.

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Value error. [AVG Safe Search]
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  3 C:\Windows\*.tmp files -> C:\Windows\*.tmp
NY ->  1 C:\*.tmp files -> C:\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  3 C:\Windows\*.tmp files -> C:\Windows\*.tmp
NY ->  1 C:\*.tmp files -> C:\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------



## jpiarull (Aug 23, 2010)

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}\ not found.
[Files/Folders - Created Within 30 Days]
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP folder deleted successfully.
C:\Windows\A8B9466986544126BD28D0D2412CDED6.TMP\WiseCustomCalla42.exe deleted successfully.
C:\Windows\A8B9466986544126BD28D0D2412CDED6.TMP folder deleted successfully.
C:\Windows\DUMP903d.tmp deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Web\ClientUtility\OFCESCVPack.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Web\ClientUtility\PccWins.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Web\ClientUtility\Pop3Pack.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Web\ClientUtility\SMOutLookPack.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Web\ClientUtility folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Web folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64\IA64\Ntrtscan.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64\IA64\OfcDog_64i.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64\IA64\OfcPIPC_64i.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64\IA64\OfcPlugInAPI_64i.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64\IA64\OfcPlugInMain_64i.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64\IA64\OfcPluginTray_64i.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64\IA64\PccNt.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64\IA64\Pwd_64i.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64\IA64\TimeString_64i.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64\IA64\tmdbg20_64i.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64\IA64 folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Win64 folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Drv\IA64\tmpreflt.sys deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Drv\IA64\TmXPFlt.sys deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Drv\IA64\vsapiNT.sys deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Drv\IA64 folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Drv\TmFilter.sys deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Drv\tmpreflt.sys deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Drv\TmXPFlt.sys deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Drv\TM_CFW.sys deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Drv\vsapiNT.sys deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Drv folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\DATA.TAG deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\data1.cab deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\install.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\lang.dat deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\layout.bin deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\ofcscan.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\os.dat deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\SETUP.BMP deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\SETUP.INI deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\setup.ins deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\SETUP.ISS deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\setup.lid deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\setup.pdf deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\_INST32I.EX_ deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\_ISDEL.EXE deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\_SETUP.DLL deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\_sys1.cab deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1\_user1.cab deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Disk1 folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\DWIoTrapNT.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\INETWH32.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\libTmCAV.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\loadhttp.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\NTRmv.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\OfcDog.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\OfcDog.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\OfcPfw.dat deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\OfcPfwCommon.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\OfcPfwSvc.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\OfcPIPC.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\OfcPlugInAPI.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\OfcPlugInMain.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\OfcPluginTray.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\OLEPRO32.DLL deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\OsceProt.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\PccNT.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\PccNTMon.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\PccNTUpd.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\PSAPI.DLL deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\Pwd.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\REGSVR32.EXE deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\TmdShell.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\TmListen.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\TmOPP.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\TmOpp.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\TmSock.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\UNINSTNT.INI deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\UpdGuide.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\Upgrade.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\WININET.DLL deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common\XPUpg.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Common folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\NTMonRes.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\ntreg.reg deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\NTRmvRC.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\NTRtScan.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\PCC-NT.cnt deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\PCC-NT.HLP deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\PccNTRes.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\Readme.txt deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT\SvcMgr.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCCNT folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\DATA.TAG deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\data1.cab deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\lang.dat deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\layout.bin deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\ofcscan.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\os.dat deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\SETUP.BMP deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\SETUP.EXE deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\SETUP.INI deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\setup.ins deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\SETUP.ISS deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\setup.lid deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\setup.pdf deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\_INST32I.EX_ deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\_ISDEL.EXE deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\_SETUP.DLL deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\_sys1.cab deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1\_user1.cab deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Disk1 folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\AU_Backup\2\2\backup.000 deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\AU_Backup\2\2\backup.001 deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\AU_Backup\2\2 folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\AU_Backup\2 folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\AU_Backup\AuBackup.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\AU_Backup folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\95Uninst.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\95Upd.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\Filter32.VXD deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\HWCheck.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\INETWH32.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\libTmCAV.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\OfcDog.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\OfcDog.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\OfcPlugInAPI.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\OfcPlugInMain.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\OfcPluginTray.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\ofc_loadhttp.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\OsceProt.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\PBDRVR9X.VXD deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\Pccwin97.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\PSAPI.DLL deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\Pwd.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\REGSVR32.EXE deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\TmdShell.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\TmOPP.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\TmOpp.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\VSAPI32.VXD deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common\WININET.DLL deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Common folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\95Uninst.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\95Upd.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\pccwin97.CNT deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Pccwin97.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\PCCWIN97.HLP deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95\Readme.txt deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\PCC95 folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Engine\IA64\Vsapi64.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Engine\IA64 folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Engine\BPM95.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Engine\BPMNT.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Engine\MEMBOOT.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Engine\tmCfwApi.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Engine\Vsapi32.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Engine\VScanWin32.Com deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Engine folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Download\OfcPfw.dat deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Download folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.cfg\Ap95.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.cfg\AP954W.INI deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.cfg\APDOS4W.INI deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.cfg\ApNT.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.cfg\APNT4W.INI deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.cfg\APNT_IA64.INI deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.cfg\APNT_X64.INI deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.cfg\AUTOPCC.INI deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.cfg\Component.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.cfg\Update.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.cfg folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\ActSup.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\ASupport.DLL deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\ASupport.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\ciussi32.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\Instreg.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\loadhttp.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\OSCETSCLog.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\PATCH.EXE deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\patchbld.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\patchw32.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\Psapi.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\Ptnutil.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\SpywareList.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\TimeString.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\tmadce.ptn deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\tmdbg20.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\tmun deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\tmuninst.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\tmuninst.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\tmuninst.ptn deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\TmUpdate.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\TSC.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\tsc.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\TSC.ptn deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\unzip.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN\ZLib.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ADMIN folder deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\alert.msg deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\alertcfw.msg deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopcc.MSG deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\Autopccp.exe deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\DelayRun.up deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\OfcPfwCommon.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\OfcScan.ini.orig deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ous.ini deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\tmaptn.511 deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\tmCfwApi.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\tmf10264.ptn deleted successfully.
C:\RAD7DBC.tmp\INST_LEG\ZLib.dll deleted successfully.
C:\RAD7DBC.tmp\INST_LEG folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\web_osce\Web\ClientUtility\OFCESCVPack.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\web_osce\Web\ClientUtility\SMOutLookPack.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\web_osce\Web\ClientUtility folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\web_osce\Web folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\web_osce folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Private\LogServer\LogServer.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Private\LogServer folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Private folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\Ntrtscan.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\OfcDog_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\OfcPfwCommon_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\OfcPIPC_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\OfcPlugInAPI_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\OfcPlugInMain_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\OfcPluginTray_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\OSCETSCLog_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\PccNt.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\Pwd_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\TimeString_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\tmdbg20_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\TmdShell_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\TmOPP_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\WerAgent_64x.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64\zlibwapi.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64\x64 folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Win64 folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\x64\ncfg.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\x64\tdiins.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\x64\tmfilter.cat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\x64\tmpreflt.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\x64\tmtdi.cat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\x64\tmtdi.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\x64\TmXPFlt.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\x64\TM_CFW.cat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\x64\TM_CFW.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\x64\vsapiNT.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\x64 folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\ncfg.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\tdiins.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\tmcomm.cat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\tmcomm.inf deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\tmcomm.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\tmfilter.cat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\TmFilter.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\tmpreflt.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\tmtdi.cat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\tmtdi.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\TmXPFlt.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\TM_CFW.cat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\TM_CFW.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv\vsapiNT.sys deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Drv folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\data1.cab deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\data1.hdr deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\data2.cab deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\install.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\ISSetup.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\layout.bin deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\OfcScan.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\setup.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\setup.inx deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\SETUP.ISS deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\setup.pdf deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1\_Setup.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Disk1 folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\AosUImanager.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\CNTAoSMgr.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\CNTAoSUnInstaller.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\DWIoTrapNT.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\HosFAlt.htm deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\HosFErr.htm deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\INETWH32.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\L10nTmpx.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\libNetCtrl.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\libTmCAV.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\loadhttp.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\LogServer.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\NTRmv.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OfcDog.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OfcDog.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OfcPfw2.dat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OfcPfwCommon.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OfcPfwSvc.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OfcPfwSvc.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OfcPIPC.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OfcPlugInAPI.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OfcPlugInMain.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OfcPluginTray.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OfcTmProxy.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\OsceProt.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\PccNT.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\PccNTMon.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\PccNTUpd.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\PccWFWMo.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\PDPAlt.htm deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\Pwd.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\SpywareResource.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\tmCfwApi.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\tmdbg.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmdShell.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\tmHash.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmListen.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmOPP.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmOpp.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmPac.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmpeUrlF.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmPfw.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmPfw.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmPfwApi.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmPfwLog.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmPfwRul.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmphHttp.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmProxy.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmProxy.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmProxy.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmProxy.reg deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmpxCfg.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmpxHelp.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmsmHttp.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\TmSock.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\tmtdi.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\tmufeng.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\ULicense.bin deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\UNINSTNT.INI deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\UpdGuide.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\Upgrade.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\URLAList.dat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\URLBList.dat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\URLCateg.dat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\URLfAlt.htm deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\UrlFDnsS.htm deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\UrlFErr.htm deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\UrlFPhis.htm deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\URLGroup.dat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\UServer.bin deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\UVid.bin deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\WerAgent.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common\XPUpg.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Common folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\AOSHTML.zip deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\ClientHelp.zip deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\NTMonRes.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\ntreg.reg deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\NTRmvRC.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\NTRtScan.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\NTSvcRes.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\PccNTRes.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\Readme.txt deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\SvcMgr.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\tmtdi.inf deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\TM_CFW.inf deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT\TM_CFWMP.inf deleted successfully.
C:\RAD7DBC.tmp\INSTALL\PCCNT folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\x64\ssapi64.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\x64\Tsc64.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\x64\Vsapi64.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\x64\vstlib64.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\x64 folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\BPMNT.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\MEMBOOT.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\ssapi32.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\tmCfwApi.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\TmEngDrv.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\tmHash.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\tmPfw.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\tmPfwApi.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\tmPfwLog.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\tmPfwRul.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\Vsapi32.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\VScanWin32.Com deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine\vstlib32.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Engine folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Download\OfcPfw2.dat deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Download folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopcc.cfg\Ap95.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopcc.cfg\AP954W.INI deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopcc.cfg\APDOS4W.INI deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopcc.cfg\ApNT.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopcc.cfg\APNT4W.INI deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopcc.cfg\ApNT_IA64.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopcc.cfg\ApNT_X64.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopcc.cfg\AUTOPCC.INI deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopcc.cfg\Update.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopcc.cfg folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\aucomp.xml deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\ciussi32.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\Instreg.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\loadhttp.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\OSCETSCLog.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\PATCH.EXE deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\patchbld.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\patchw32.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\TimeString.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\tmdbg20.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\tmun deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\tmuninst.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\tmuninst.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\tmuninst.ptn deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\tmuninst_as.ptn deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\tmun_as deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\TmUpdate.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\TSC.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\tsc.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\TSC.ptn deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\unzip.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN\ZLib.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ADMIN folder deleted successfully.
C:\RAD7DBC.tmp\INSTALL\alert.msg deleted successfully.
C:\RAD7DBC.tmp\INSTALL\alertAS.msg deleted successfully.
C:\RAD7DBC.tmp\INSTALL\alertcfw.msg deleted successfully.
C:\RAD7DBC.tmp\INSTALL\alertWSR.msg deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopcc.MSG deleted successfully.
C:\RAD7DBC.tmp\INSTALL\Autopccp.exe deleted successfully.
C:\RAD7DBC.tmp\INSTALL\DelayRun.up deleted successfully.
C:\RAD7DBC.tmp\INSTALL\OfcPfwCommon.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\OfcScan.ini.orig deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ous.ini deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ssapiptn.da5 deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ssaptn.527 deleted successfully.
C:\RAD7DBC.tmp\INSTALL\tmblack.106 deleted successfully.
C:\RAD7DBC.tmp\INSTALL\tmCfwApi.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\tmf10264.ptn deleted successfully.
C:\RAD7DBC.tmp\INSTALL\tmwhite.219 deleted successfully.
C:\RAD7DBC.tmp\INSTALL\VSAPI32.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL\ZLib.dll deleted successfully.
C:\RAD7DBC.tmp\INSTALL folder deleted successfully.
C:\RAD7DBC.tmp\InstRADS.exe deleted successfully.
C:\RAD7DBC.tmp\legacy.ini deleted successfully.
C:\RAD7DBC.tmp\lpt$vpn.615 deleted successfully.
C:\RAD7DBC.tmp\profiles.ini deleted successfully.
C:\RAD7DBC.tmp\SETUP.LOG deleted successfully.
C:\RAD7DBC.tmp\uninst.dll deleted successfully.
C:\RAD7DBC.tmp\UpdNow.dll deleted successfully.
C:\RAD7DBC.tmp folder deleted successfully.
[Files/Folders - Modified Within 30 Days]
[Empty Temp Folders]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 209382218 bytes
->Temporary Internet Files folder emptied: 17355414 bytes
->Java cache emptied: 42407503 bytes
->FireFox cache emptied: 75242664 bytes
->Google Chrome cache emptied: 63371360 bytes
->Flash cache emptied: 1224321 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95876901 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 23136620 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 24686852 bytes
RecycleBin emptied: 645461 bytes

Total Files Cleaned = 528.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.38.1 fix logfile created on 10092010_190027

Files\Folders moved on Reboot...
File\Folder C:\Windows\System32\config\systemprofile\Local Settings\Temp\hsperfdata_SYSTEM\2088 not found!

Registry entries deleted on Reboot...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:34 PM, on 3/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\V0500Mon.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\user\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
C:\Windows\System32\WDBtnMgr.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
F2 - REG:system.ini: Shell=
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] "C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [V0500Mon.exe] C:\Windows\V0500Mon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4" -"http://owl6.cengagelearning.com/owl-c/quiz_engine/exapp.cgi?ID=20976&SecureID=916167911&Server=owl-raritanvalleymoore2egenche&TsActn=1228427747&datasrc=OwlRaritanValleyMoore2eGenChem&CourseNumber=348&SectionNumber=586&Session=220&Module=65885&TsActn=12284277470"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Update Service (gupdate1c98d543546c753) (gupdate1c98d543546c753) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15147 bytes


----------



## Cookiegal (Aug 27, 2003)

Can you give me some samples of file names in the following folder? It's unusal to have a Temp folder in this location:

C:\Program Files\Temp


----------



## jpiarull (Aug 23, 2010)

It's empty, I just clicked it and opened it.


----------



## jpiarull (Aug 23, 2010)

I did do that previously, still showing up?


----------



## jpiarull (Aug 23, 2010)

Bump


----------



## Cookiegal (Aug 27, 2003)

Sorry, I never received a notification of your reply.

Are you still having problems? If so, please let me know what they are.


----------



## jpiarull (Aug 23, 2010)

Cookiegal said:


> Can you give me some samples of file names in the following folder? It's unusal to have a Temp folder in this location:
> 
> C:\Program Files\Temp


This folder was empty when you asked me what was in it, also you wanted me to delete the AOL downloads Triton Suite file manually, I had did that earlier in the thread.


----------



## Cookiegal (Aug 27, 2003)

Are you still having the problem with flash? Are you sure you have the latest version installed?

Go to the following link and tell me what version it says it is.

http://www.adobe.com/software/flash/about/


----------



## jpiarull (Aug 23, 2010)

Cookiegal said:


> Are you still having the problem with flash? Are you sure you have the latest version installed?
> 
> Go to the following link and tell me what version it says it is.
> 
> http://www.adobe.com/software/flash/about/


Says I have 10.1.85.3, can't get videos to load on sports websites primarily. Some websites like youtube and hulu work, not espn or nfl, what should I do?


----------



## Cookiegal (Aug 27, 2003)

Are you allowing the sites in question to store data on your machine? Some sites won't work if that's denied.


----------



## jpiarull (Aug 23, 2010)

Cookiegal said:


> Are you allowing the sites in question to store data on your machine? Some sites won't work if that's denied.


Usually I allow unlimited data for sites, and I know it's enabled for data storage for the sites in question.


----------



## Cookiegal (Aug 27, 2003)

What was the file that Trend identified as a trojan initially? Can you check the logs please?

Also, please post a new HijackThis log.


----------



## jpiarull (Aug 23, 2010)

Cookiegal said:


> What was the file that Trend identified as a trojan initially? Can you check the logs please?
> 
> Also, please post a new HijackThis log.


I don't know if I have the original logs because I deleted TMIS for Kaspersky since I had a paid license left on the cd for KIS2010. *"Trojan: TROJ_GEN.R47E1H6"*is what the program identified it, I of course cannot find the log with it. You're probably gonna yell at me for that and now we're back at square one, as Kaspersky picked a _new_ trojan, Trojan program Exploit.Linux.Lotoor.d. I did manage to save _that _log, as well well as a new HijackThis log. Adobe flash I'll worry about later on until this friggin' thing is fixed...


----------



## Cookiegal (Aug 27, 2003)

Please do not attach the logs unless requested to do so.

Please download *MBRCheck.exe* to your desktop.

Be sure to disable your security programs prior to running the tool. 
Double click on MBRCheck.exe to run it. Please allow any prompts popped by Windows in order to run the tool.
_(Vista and Windows 7 users will have to confirm the UAC prompt)_
A command window will pop open and run. If any unknown MBR Code is found, you will have further options prompted, at this time please press *N* then press *Enter*.
Press *Enter* again to exit the program.
If nothing unusual is found, you will be shown the machine MBR status. Just press *Enter* to exit.
A text file named *MBRCheck_mm.dd.yy_hh.mm.ss* should appear on your deskop. Please post the contents of that file.


----------



## jpiarull (Aug 23, 2010)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: 
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ECS
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: GC671AA-ABA a6130n
Logical Drives Mask: 0x0000041c

Kernel Drivers (total 161):
0x8260A000 \SystemRoot\system32\ntkrnlpa.exe
0x829C3000 \SystemRoot\system32\hal.dll
0x80600000 \SystemRoot\system32\kdcom.dll
0x80607000 \SystemRoot\system32\PSHED.dll
0x80618000 \SystemRoot\system32\BOOTVID.dll
0x80620000 \SystemRoot\system32\CLFS.SYS
0x80661000 \SystemRoot\system32\CI.dll
0x80741000 \SystemRoot\system32\drivers\klbg.sys
0x8074E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807CA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A407000 \SystemRoot\system32\drivers\acpi.sys
0x8A44D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8A456000 \SystemRoot\system32\drivers\msisadrv.sys
0x8A45E000 \SystemRoot\system32\drivers\pci.sys
0x8A485000 \SystemRoot\System32\drivers\partmgr.sys
0x8A494000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A497000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A4A1000 \SystemRoot\system32\drivers\volmgr.sys
0x8A4B0000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A4FA000 \SystemRoot\system32\drivers\pciide.sys
0x8A501000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A50F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A51F000 \SystemRoot\system32\drivers\atapi.sys
0x8A527000 \SystemRoot\system32\drivers\ataport.SYS
0x8A545000 \SystemRoot\system32\drivers\nvstor32.sys
0x8A562000 \SystemRoot\system32\drivers\storport.sys
0x8A5A3000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A5D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A5E5000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A607000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A678000 \SystemRoot\system32\drivers\ndis.sys
0x8A783000 \SystemRoot\system32\drivers\msrpc.sys
0x8A7AE000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A80B000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA01000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB11000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB4A000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB52000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8AB68000 \SystemRoot\System32\Drivers\mup.sys
0x8AB77000 \SystemRoot\System32\drivers\ecache.sys
0x8AB9E000 \SystemRoot\system32\drivers\disk.sys
0x8ABAF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABD0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABF0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A92D000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A936000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8A946000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A950000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A98E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A99D000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x8FE05000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FE2F000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0x8FF31000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FFE6000 \SystemRoot\system32\drivers\modem.sys
0x8A9E9000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8A7E9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x9020B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90298000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x90398000 \SystemRoot\system32\drivers\Afc.sys
0x903A0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x903B8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x90401000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90E7F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x90E81000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90F22000 \SystemRoot\System32\drivers\watchdog.sys
0x90F2E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90F5D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90F68000 \SystemRoot\System32\Drivers\RootMdm.sys
0x90F70000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90F87000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90F92000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90FB5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90FC4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90FD8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90FED000 \SystemRoot\System32\Drivers\PdiPorts.sys
0x90FF0000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x903BE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x903CE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x903D9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90FF7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x903E4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x903EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91202000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91237000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91402000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91639000 \SystemRoot\system32\drivers\portcls.sys
0x91666000 \SystemRoot\system32\drivers\drmk.sys
0x9168B000 \SystemRoot\system32\DRIVERS\klif.sys
0x916DC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x916E5000 \SystemRoot\System32\Drivers\Null.SYS
0x916EC000 \SystemRoot\System32\Drivers\Beep.SYS
0x9170F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91716000 \SystemRoot\System32\drivers\vga.sys
0x91722000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91743000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9174B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91753000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9175E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9176C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91775000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9178B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x917BD000 \SystemRoot\system32\DRIVERS\smb.sys
0x91802000 \SystemRoot\system32\DRIVERS\kl1.sys
0x91D22000 \SystemRoot\system32\drivers\afd.sys
0x91D6A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91D80000 \SystemRoot\system32\DRIVERS\klim6.sys
0x91D87000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91D95000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91DA8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91DE4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x917D1000 \SystemRoot\System32\Drivers\dfsc.sys
0x91248000 \SystemRoot\system32\drivers\archlp.sys
0x91DEE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x917E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91DF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x916F3000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x91266000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91273000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x9127D000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x9129A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91707000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x912B1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x917F8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x912BA000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x912C2000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x912CB000 \SystemRoot\system32\DRIVERS\V0500Vid.sys
0x91309000 \SystemRoot\system32\drivers\usbaudio.sys
0x9131B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9B400000 \SystemRoot\System32\win32k.sys
0x91330000 \SystemRoot\System32\drivers\Dxapi.sys
0x9133A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B620000 \SystemRoot\System32\TSDDD.dll
0x9B640000 \SystemRoot\System32\cdd.dll
0x91349000 \SystemRoot\system32\drivers\luafv.sys
0xA140B000 \SystemRoot\system32\drivers\spsys.sys
0xA14BB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA14CB000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xA14D5000 \SystemRoot\system32\DRIVERS\purendis.sys
0xA14DF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA14F2000 \SystemRoot\system32\drivers\HTTP.sys
0xA155F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA157C000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA1595000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA15AA000 \SystemRoot\system32\drivers\mrxdav.sys
0xA15CB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9136C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x913A5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x913BD000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2E0C000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2E5A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA2E5E000 \SystemRoot\system32\drivers\peauth.sys
0xA2F3C000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2F46000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2F52000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA2F5A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA2F70000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA2FBF000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA2FC8000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xA2FD5000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x77160000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
548 C:\Windows\System32\smss.exe
620 csrss.exe
672 C:\Windows\System32\wininit.exe
680 csrss.exe
716 C:\Windows\System32\services.exe
756 C:\Windows\System32\lsass.exe
768 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\winlogon.exe
940 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\audiodg.exe
1312 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\SLsvc.exe
1360 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\svchost.exe
1732 C:\Windows\System32\spoolsv.exe
1760 C:\Windows\System32\svchost.exe
1964 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1980 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2008 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
2020 C:\Program Files\Bonjour\mDNSResponder.exe
352 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1280 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1468 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
1432 C:\Windows\System32\svchost.exe
1832 C:\Program Files\VERIZONDM\bin\sprtsvc.exe
1612 C:\Windows\System32\svchost.exe
2056 C:\Program Files\VERIZONDM\bin\tgsrvc.exe
2468 C:\Windows\System32\svchost.exe
2552 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
2952 C:\Windows\System32\dwm.exe
3016 C:\Windows\explorer.exe
3028 C:\Windows\System32\taskeng.exe
3168 C:\Windows\System32\taskeng.exe
3456 C:\Windows\System32\java.exe
1296 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
2256 C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
2524 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3056 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
3952 C:\Program Files\VERIZONDM\bin\sprtcmd.exe
3948 C:\Program Files\Logitech\SetPointP\SetPoint.exe
2708 C:\Program Files\iTunes\iTunesHelper.exe
3792 C:\Windows\System32\svchost.exe
3588 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
3612 C:\Program Files\iPod\bin\iPodService.exe
4904 C:\hp\KBD\kbd.exe
2824 C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
4344 C:\Users\user\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2480 C:\Program Files\Motorola Media Link\NServiceEntry.exe
3324 C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
1616 C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
5728 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
5816 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
4676 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
5628 C:\Windows\System32\SearchIndexer.exe
5692 C:\Windows\System32\SearchProtocolHost.exe
4452 C:\Windows\System32\SearchFilterHost.exe
1804 dllhost.exe
5256 dllhost.exe
4020 C:\Users\user\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000005a`f4a40c00 (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3400820AS, Rev: 3.AH
PhysicalDrive1 Model Number: SeagateDesktop, Rev: 0130

Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: 161E5DF10EB9B6EAC4AA8DF99305EF77B11BEBD8
931 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: A16EF68870D2ED162DDA2E379D2960A80789C94E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!


----------



## Cookiegal (Aug 27, 2003)

Can you tell me what would normally appear as you K drive? Is that an external or flash drive?


----------



## jpiarull (Aug 23, 2010)

Yeah, I believe that's my external Seagate, 1 TB USB.


----------



## Cookiegal (Aug 27, 2003)

Please insert the external drive and then do the following:

I'm attaching a MountPoints Diagnostic.zip file to this post. Save it to your desktop. Unzjip it and double click the MountPoints Diagnostic.bat file and let it run. It will create a report in Notepad named Diagnostic.txt. Please upload the Diagnostic.txt file as an attachment.


----------



## jpiarull (Aug 23, 2010)

Here's what it has, nothing impressive to boot.


----------



## Cookiegal (Aug 27, 2003)

Please run OTS again as per the instructions in post no. 24 and upload the log as an attachment.


----------



## jpiarull (Aug 23, 2010)

Here's the OTS logfile.


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] -> [Reg Error: Value error.]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. []
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------



## jpiarull (Aug 23, 2010)

All Processes Killed
No active process named Explorer.EXE was found!
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
[Empty Temp Folders]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 103665799 bytes
->Temporary Internet Files folder emptied: 17820566 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 224583258 bytes
->Google Chrome cache emptied: 6997698 bytes
->Flash cache emptied: 7331 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 172341 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 337.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.38.1 fix logfile created on 10272010_182145

Files\Folders moved on Reboot...
File\Folder C:\Windows\System32\config\systemprofile\Local Settings\Temp\hsperfdata_SYSTEM\712 not found!

Registry entries deleted on Reboot...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:28:04 PM, on 10/27/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Users\user\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: TotalMedia BackUp & Recorder Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Update Service (gupdate1c98d543546c753) (gupdate1c98d543546c753) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11239 bytes


----------



## Cookiegal (Aug 27, 2003)

Are you still having problems?


----------



## jpiarull (Aug 23, 2010)

With flash yes, I've tried making the settings for data unlimited and video/audio does not work for certain websites (ESPN, MLB, NFL) to name a few...yet youtube, hulu, and other video sites do work, I've tried uninstalling and reinstalling flash, to no avail. Some other issue cannot be easily solved I guess?


----------



## Cookiegal (Aug 27, 2003)

Go to Start and in the Search box type *Event Viewer* and in the results that come up double-click *Event Viewer*.

Look under both Application and System and copy and paste any errors that appear in red for the past 24-48 hours please.

Double-click an error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Cookiegal (Aug 27, 2003)

jpiarull said:


> Some other issue cannot be easily solved I guess?


Which issue?


----------



## jpiarull (Aug 23, 2010)

Cookiegal said:


> Which issue?


I was referring to the flash problem as an issue maybe that's more serious that I thought. Here's what Event Viewer conjured up.

Log Name: Application
Source: Application Error
Date: 10/27/2010 8:32:12 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: user-PC
Description:
Faulting application plugin-container.exe, version 2.0.0.3909, time stamp 0x4c8fa6ca, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000005, fault offset 0x00048b02, process id 0x1708, application start time 0x01cb76350b231d4c.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-10-28T00:32:12.000Z" />
<EventRecordID>90250</EventRecordID>
<Channel>Application</Channel>
<Computer>user-PC</Computer>
<Security />
</System>
<EventData>
plugin-container.exe
2.0.0.3909
4c8fa6ca
ntdll.dll
6.0.6002.18005
49e03821
c0000005
00048b02
1708
01cb76350b231d4c
</EventData>
</Event>

Log Name: Application
Source: Application Error
Date: 10/27/2010 8:32:06 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: user-PC
Description:
Faulting application firefox.exe, version 2.0.0.3909, time stamp 0x4c8fa718, faulting module mozalloc.dll, version 2.0.0.3909, time stamp 0x4c8f9673, exception code 0x80000003, fault offset 0x00001a19, process id 0x1040, application start time 0x01cb76350276135c.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-10-28T00:32:06.000Z" />
<EventRecordID>90249</EventRecordID>
<Channel>Application</Channel>
<Computer>user-PC</Computer>
<Security />
</System>
<EventData>
firefox.exe
2.0.0.3909
4c8fa718
mozalloc.dll
2.0.0.3909
4c8f9673
80000003
00001a19
1040
01cb76350276135c
</EventData>
</Event>

Log Name: Application
Source: Application Error
Date: 10/24/2010 6:56:57 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: user-PC
Description:
Faulting application plugin-container.exe, version 2.0.0.3909, time stamp 0x4c8fa6ca, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000005, fault offset 0x00048b02, process id 0xde8, application start time 0x01cb72d824f92fe0.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-10-24T22:56:57.000Z" />
<EventRecordID>90169</EventRecordID>
<Channel>Application</Channel>
<Computer>user-PC</Computer>
<Security />
</System>
<EventData>
plugin-container.exe
2.0.0.3909
4c8fa6ca
ntdll.dll
6.0.6002.18005
49e03821
c0000005
00048b02
de8
01cb72d824f92fe0
</EventData>
</Event>


----------



## Cookiegal (Aug 27, 2003)

Do you have the flash problem only with Firefox? Have you tried IE?


----------



## jpiarull (Aug 23, 2010)

I tried IE and Chrome to no avail.


----------



## Cookiegal (Aug 27, 2003)

Which sites are you having problems with?


----------



## jpiarull (Aug 23, 2010)

ESPN.com, NFL.com, MLB.com, just those 3., no other sites.


----------



## Cookiegal (Aug 27, 2003)

Can you point me to some videos on those sites that you can't view?

What happens when you try to view them?


----------



## jpiarull (Aug 23, 2010)

On MLB, I click play button, video box goes blank, just a black rectangle, on NFL, player tries to load and says "video will start shortly", never plays when I wait or refresh page, on ESPN, same deal was mlb.com, click play button and blank, black box.


----------



## Cookiegal (Aug 27, 2003)

But where are the videos? Can you post links please?


----------



## jpiarull (Aug 23, 2010)

Cookiegal said:


> But where are the videos? Can you post links please?


On ESPN.com, this is the homepage and has autoplay on multimedia content defaults to Randy Moss being waived by Minnesota, http://espn.go.com/.
On MLB.com, on its homepage, I click the 1st video I see on world series matchup b/t San Francisco and Texas, click play button, box pops out, video does not play, http://mlb.mlb.com/index.jsp.
On NFL.com, I click 1st video I see on the homepage, does not play, blank, black box, http://www.nfl.com/.


----------



## jpiarull (Aug 23, 2010)

Bump


----------



## Cookiegal (Aug 27, 2003)

Please remove ComboFix by dragging it to the Recycle Bin and grab the latest version, run a new scan and post that log.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.


----------



## jpiarull (Aug 23, 2010)

Cookiegal said:


> Please remove ComboFix by dragging it to the Recycle Bin and grab the latest version, run a new scan and post that log.
> 
> Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.
> 
> ...


Here's the CombFix Log.

ComboFix 10-11-03.04 - user 11/04/2010 17:02:54.2.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3070.1028 [GMT -4:00]
Running from: c:\users\user\Desktop\Puppy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ST6UNST.000

.
((((((((((((((((((((((((( Files Created from 2010-10-04 to 2010-11-04 )))))))))))))))))))))))))))))))
.

2010-11-04 21:14 . 2010-11-04 21:14 -------- d-----w- c:\users\user\AppData\Local\temp
2010-11-04 21:14 . 2010-11-04 21:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-11-04 21:14 . 2010-11-04 21:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-11-04 21:14 . 2010-11-04 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-27 02:47 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 02:47 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 02:47 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-20 20:48 . 2010-10-20 20:48 -------- d-----w- c:\windows\en
2010-10-20 20:47 . 2010-09-23 04:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-20 20:43 . 2010-10-20 20:43 -------- d-----w- c:\program files\MSN Toolbar
2010-10-20 20:43 . 2010-10-20 20:43 -------- d-----w- c:\program files\Bing Bar Installer
2010-10-20 20:42 . 2010-10-20 20:42 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\4d7551d01cb70972c\InstallManager_WLE_WLE.exe
2010-10-20 20:42 . 2010-10-20 20:42 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\3f2a43101cb70971f\MeshBetaRemover.exe
2010-10-20 20:41 . 2010-10-20 20:41 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\317273a01cb709718\DSETUP.dll
2010-10-20 20:41 . 2010-10-20 20:41 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\317273a01cb709718\DXSETUP.exe
2010-10-20 20:41 . 2010-10-20 20:41 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\317273a01cb709718\dsetup32.dll
2010-10-20 20:41 . 2010-10-20 20:41 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2faa0fb01cb709717\DSETUP.dll
2010-10-20 20:41 . 2010-10-20 20:41 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2faa0fb01cb709717\DXSETUP.exe
2010-10-20 20:41 . 2010-10-20 20:41 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2faa0fb01cb709717\dsetup32.dll
2010-10-20 20:40 . 2010-10-20 20:40 -------- d-----w- c:\users\user\AppData\Local\Windows Live
2010-10-20 20:39 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-14 02:12 . 2010-10-14 02:18 -------- d-----w- c:\users\user\AppData\Roaming\GARMIN
2010-10-14 02:12 . 2010-10-14 02:12 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-10-14 02:12 . 2010-10-14 02:12 -------- d-----w- c:\program files\DIFX
2010-10-14 02:11 . 2010-10-14 02:11 -------- d-----w- c:\program files\Garmin
2010-10-13 13:15 . 2010-09-08 06:02 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-10-09 23:00 . 2010-10-09 23:00 -------- d-----w- C:\_OTS
2010-10-09 15:05 . 2010-10-09 15:05 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 04:32 . 2010-09-23 04:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-20 03:21 . 2010-09-20 03:21 53248 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-09-20 03:21 . 2010-09-20 03:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-09-20 02:36 . 2007-04-25 18:52 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-26 16:33 . 2010-10-27 02:47 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 02:47 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 02:47 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 02:47 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 20:42 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 20:40 . 2010-08-16 20:40 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-09-13 340520]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-07-20 206120]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2010-8-1 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 03:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-31 10:46 135664 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 14:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 19:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2009-02-05 20:48  364544 ----a-w- c:\windows\System32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c98d543546c753;Google Update Service (gupdate1c98d543546c753);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R3 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2008-12-11 2329440]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-02-19 127744]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2010-05-27 87336]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2010-09-03 202048]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2010-07-20 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2010-07-20 185640]
S2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\DRIVERS\V0500Vid.sys [2007-11-01 251264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-03-17 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-25 15:28]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 20:55]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 20:55]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2882603163-3867760204-3722990054-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-03 10:46]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2882603163-3867760204-3722990054-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-03 10:46]

2010-10-30 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-09-20 12:25]

2010-11-04 c:\windows\Tasks\User_Feed_Synchronization-{F93FA5A8-3ACC-482F-AE8C-6BB187D18A2A}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uk0mt48y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxps://lumserve.raritanval.edu/cp/home/displaylogin
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uk0mt48y.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\user\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-04 17:14
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2882603163-3867760204-3722990054-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*F*E*A*R*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2882603163-3867760204-3722990054-1000\Software\SecuROM\License information*]
"datasecu"=hex:55,eb,d2,d1,ec,21,f7,1f,40,fa,2c,88,46,2a,af,93,bd,8e,8d,28,e8,
0e,3c,f4,28,81,e0,8d,18,c0,f1,90,d6,7b,43,32,39,b7,61,2e,af,62,65,b3,72,c4,\
"rkeysecu"=hex:e9,3b,42,23,ce,53,e2,d0,67,eb,37,bd,1c,95,18,b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&3b1740d6&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&3b1740d6&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2a5ce121&0&12345678&02&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2a5ce121&0&12345678&02&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2a5ce121&0&UID512\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2a5ce121&0&UID512\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2647\4&3b1740d6&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP2647\4&3b1740d6&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\4&3b1740d6&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\4&3b1740d6&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\4&3b1740d6&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A7\5&2a5ce121&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A7\5&2a5ce121&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A7\5&2a5ce121&0&UID33554704\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A7\5&2a5ce121&0&UID33554704\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2010-11-04 17:17:35
ComboFix-quarantined-files.txt 2010-11-04 21:17
ComboFix2.txt 2010-09-17 20:46

Pre-Run: 40,767,291,392 bytes free
Post-Run: 40,706,502,656 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - 5CA48D21FB83DD550981EA47283E78CF

Here's HiJackThis Log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:31:28 PM, on 11/4/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\user\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: TotalMedia BackUp & Recorder Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Update Service (gupdate1c98d543546c753) (gupdate1c98d543546c753) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11173 bytes


----------



## Cookiegal (Aug 27, 2003)

There's a new version of Adobe Flash Player just released so lets try the following.

First, uninstall the version you have using this uninstaller:

http://kb2.adobe.com/cps/141/tn_14157.html

Be sure to close all other windows before running it.

Then install the latest version:

http://get.adobe.com/flashplayer/

Reboot and let me know if there's any difference.


----------



## jpiarull (Aug 23, 2010)

No effect, made sure it allowed storage of websites, allowed all setting to no end. Would modifying any of the application settings for firefox in certain multimedia apps help in this case?


----------



## Cookiegal (Aug 27, 2003)

I doubt it if you're having the same problem with other browsers as well. That is still the case?


----------



## jpiarull (Aug 23, 2010)

That continues to be the case, should I just forget it and don't bother with it?


----------



## Cookiegal (Aug 27, 2003)

jpiarull said:


> That continues to be the case, should I just forget it and don't bother with it?


If you were able to watch these videos before then you should still be able to. Are there other user accounts on this computer? If so, try logging into one of them and see if they have the same problem. If not, perhaps create a new one and see if the problem persists.


----------



## jpiarull (Aug 23, 2010)

Tried that, did not work, I just don't understand why it would be affected for those 3 sites, yet everything else works...


----------



## Cookiegal (Aug 27, 2003)

All I can think of at this point is that one of your security programs, add-ons or plugins is blocking them.


----------

