I Want My Computer Back


Recommended Posts

Hi. I've been away from the whole best techie thing for quite sometime. I was hoping that someone would be able to help me in my endeavors. I have windows vista. I've ran through things here before but i never got to finish the whole thing. So I'm going to copy my previous reports and my virus log as well.

Symptoms-

1. Whenever I go to certain websites the windows will turn white like it won't respond and then my internet explorer will restart itself. Megaupload.com is where I have the problem.

2. I can't seem to install the sevice pack 1 update either. ( Strange )

3. Overall slow performance after I ran Kapersky (Even Stranger )

Heres is the logs for my previous run through this.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:27:23 AM, on 12/19/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\NETGEAR\WPN111\wpn111.exe

C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe

C:\Windows\System32\rundll32.exe

C:\hp\kbd\kbd.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: TBSB02751 - {25875464-7327-417C-8264-902D99CF6FD1} - C:\Program Files\Search Enhancer Toolbar\NCL.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Search Enhancer Toolbar - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\Program Files\Search Enhancer Toolbar\NCL.dll

O3 - Toolbar: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'Default user')

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O4 - Global Startup: PolderbitS Audio Driver Monitor.lnk = C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe

O13 - Gopher Prefix:

O15 - Trusted Zone: www.factoryfiles.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe

O23 - Service: afisicx Corporation inc. (afisicx) - Unknown owner - C:\Windows\system32\afisicx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\Windows\system32\mabidwe.exe

O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\Windows\system32\macidwe.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Microsoft Network Message Service (msmsnkd) - Unknown owner - C:\Windows\system32\msmsn.exe

O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\Windows\system32\Nobicyt.exe

O23 - Service: noxtcyr Event propagation service (noxtcyr) - Unknown owner - C:\Windows\system32\noxtcyr.exe

O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\Windows\system32\noytcyr.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: perfmons - Unknown owner - C:\Windows\system32\perfs.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe

O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\Windows\system32\roxtctm.exe

O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\Windows\system32\roytctm.exe

O23 - Service: sobicyt - Unknown owner - C:\Windows\system32\sobicyt.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: sotpeca Corporation inc. (sotpeca) - Unknown owner - C:\Windows\system32\sotpeca.exe

O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\Windows\system32\soxpeca.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\Windows\system32\tdxdowkc.exe

O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\Windows\system32\tdydowkc.exe

O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe

O23 - Service: wsldoekd Manages messages (wsldoekd) - Unknown owner - C:\Windows\system32\wsldoekd.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11035 bytes

ComboFix 08-12-18.03 - KAGE 2008-12-19 13:29:28.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.267 [GMT -5:00]

Running from: c:\users\KAGE\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Search Enhancer Toolbar

c:\program files\Search Enhancer Toolbar\NCL.dll

c:\windows\Install.txt

c:\windows\system32\afinding.exe

c:\windows\system32\afisicx.exe

c:\windows\system32\atsxyzd.sys

c:\windows\system32\comsa32.sys

c:\windows\system32\mabidwe.exe

c:\windows\system32\macidwe.exe

c:\windows\system32\msansspc.dll

c:\windows\system32\Nobicyt.exe

c:\windows\system32\noxtcyr.exe

c:\windows\system32\noytcyr.exe

c:\windows\system32\perfs.exe

c:\windows\system32\routing.exe

c:\windows\system32\roxtctm.exe

c:\windows\system32\roytctm.exe

c:\windows\system32\sobicyt.exe

c:\windows\system32\sotpeca.exe

c:\windows\system32\soxpeca.exe

c:\windows\system32\tdxdowkc.exe

c:\windows\system32\tdydowkc.exe

c:\windows\system32\tpszxyd.sys

c:\windows\system32\udxfytw.sys

c:\windows\system32\WServing.exe

c:\windows\system32\wsldoekd.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_AFinding

-------\Service_afisicx

-------\Service_mabidwe

-------\Service_macidwe

-------\Service_NOBICYT

-------\Service_noxtcyr

-------\Service_noytcyr

-------\Service_perfmons

-------\Service_Routing

-------\Service_roxtctm

-------\Service_roytctm

-------\Service_sobicyt

-------\Service_sotpeca

-------\Service_soxpeca

-------\Service_tdxdowkc

-------\Service_tdydowkc

-------\Service_WServing

-------\Service_wsldoekd

((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))

.

2008-12-19 08:41 . 2008-12-11 20:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-12-12 03:02 . 2008-10-21 18:31 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-11 14:28 . 2008-10-31 18:38 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-11 14:28 . 2008-10-31 22:33 1,687,040 --a------ c:\windows\System32\gameux.dll

2008-12-11 14:28 . 2008-10-31 22:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2008-12-11 14:01 . 2008-10-21 00:16 297,472 --a------ c:\windows\System32\gdi32.dll

2008-12-11 13:59 . 2008-10-29 01:20 2,923,520 --a------ c:\windows\explorer.exe

2008-12-06 13:37 . 2008-12-06 14:06 <DIR> d-------- c:\program files\PSP_Blender

2008-12-06 13:37 . 2008-12-06 13:37 <DIR> d-------- c:\program files\Conduit

2008-11-30 18:35 . 2008-11-30 18:35 <DIR> d-------- c:\program files\Trend Micro

2008-11-30 15:05 . 2008-11-30 15:05 24 --a------ c:\windows\System32\Drv32_16.ini

2008-11-30 15:04 . 2008-11-30 15:04 <DIR> d-------- c:\program files\PolderbitS

2008-11-30 15:04 . 2008-11-30 15:04 345,616 --a------ c:\windows\System32\PbsAuDrvPropPage_uk.dll

2008-11-30 15:04 . 2008-11-30 15:04 106,768 --a------ c:\windows\System32\drivers\pbsaudrv.sys

2008-11-25 22:40 . 2008-08-27 22:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-25 22:40 . 2008-08-27 22:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-25 22:40 . 2008-08-27 22:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-25 22:20 . 2008-10-21 00:16 1,645,568 --a------ c:\windows\System32\connect.dll

2008-11-25 22:20 . 2008-10-21 22:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-25 22:20 . 2008-10-21 22:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll

2008-11-25 22:20 . 2008-10-21 22:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-19 18:26 6,736 ----a-w c:\windows\system32\drivers\PROCEXP90.SYS

2008-12-17 23:00 --------- d-----w c:\program files\Norton Security Scan

2008-12-17 07:25 --------- d-----w c:\users\KAGE\AppData\Roaming\uTorrent

2008-12-12 08:18 174 --sha-w c:\program files\desktop.ini

2008-12-12 08:13 --------- d-----w c:\program files\Windows Mail

2008-11-30 23:25 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-05 01:44 318 ----a-w c:\users\KAGE\AppData\Roaming\wklnhst.dat

2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2007-03-27 22:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-03-27 22:48 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-03-27 22:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}"= "c:\program files\PSP_Blender\tbPSP_.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}]

2008-11-23 23:03 1784856 --a------ c:\program files\PSP_Blender\tbPSP_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}"= "c:\program files\PSP_Blender\tbPSP_.dll" [2008-11-23 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D7DF6AE0-D36C-4397-94EC-9F653BD4EDA4}"= "c:\program files\PSP_Blender\tbPSP_.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-22 171448]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"iRiver Updater"="\Updater.exe" [2004-07-01 212992]

"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-18 185896]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE" [2008-01-07 390568]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2008-08-29 995328]

PolderbitS Audio Driver Monitor.lnk - c:\program files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe [2008-11-30 153104]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, msansspc.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk

backup=c:\windows\pss\HP Connections.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^KAGE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEMonitor.lnk]

path=c:\users\KAGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEMonitor.lnk

backup=c:\windows\pss\MEMonitor.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2006-10-24 16:08 107112 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-17 02:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

--a------ 2006-11-16 17:59 1480296 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]

--a------ 2006-10-24 02:19 46728 c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-07-06 20:15 81920 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

--a------ 2006-10-26 18:18 22696 c:\program files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2007-11-29 19:44 1266936 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-22 09:09 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-03-18 14:58 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{29B8D3C6-CA28-4884-83AF-0064BFC85E14}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{1854626B-BCCB-4249-842C-4F221AE1A38B}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{26DA99DD-32E6-406C-88CC-D24780D8CDD6}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{C52ACD81-B9BA-454A-8A23-F50F21F15BCA}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{4B9CBF85-2188-4C95-840E-391E426B51CE}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections

"{99163293-948E-4773-9E0D-DD7E435A323C}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{D0DEF4E2-F06C-496B-92AA-1B4EAC7D2490}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{33B05DAB-8F2E-4BCA-ABED-4EBCBA0B1EAC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{61730387-55AA-47EE-871D-B5360A87C61C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{9727EAA8-00E7-48EA-9136-EBF171CFDF14}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{CFD00705-484C-48A3-95AA-2BF2E898FCE0}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{561FCCC8-4ACB-435D-B8DD-6B014A365085}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{63FF3013-938F-45E8-AB04-758636756562}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{443A8C79-6A8E-43B4-9BF8-2B01A68A0551}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{E5AD71F2-7EE8-40B8-9B52-37CC8ABEDD0E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"TCP Query User{405DBE2A-E01C-4639-9080-DD698DB146CF}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{7652A2C7-8BE2-4A68-98A3-C372F86775B6}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"{E838D742-B5D1-452B-A370-FFA43593B6AE}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{E041B6BC-D8ED-4704-8DE5-A583C3E3E13E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{7560F20C-B2F3-47C9-8F91-6710207530E2}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{9B3559D3-32B3-445E-A4FD-7BA55AD3C26F}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{C8EA727A-164C-4DFF-B71B-69B89AB06B19}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{1D8B78BF-99E9-457A-BB66-75AECF48FDA0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2008-08-29 20480]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-30 99376]

R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [2008-11-30 106768]

R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111v.sys [2008-08-29 870400]

S2 msmsnkd;Microsoft Network Message Service;c:\windows\system32\msmsn.exe [2006-11-02 62976]

S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2008-08-29 21504]

S3 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2007-01-11 202872]

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\HPCeeScheduleForKAGE.job

- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-24 18:04]

2008-12-17 c:\windows\Tasks\Norton Security Scan for KAGE.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

.

- - - - ORPHANS REMOVED - - - -

BHO-{25875464-7327-417C-8264-902D99CF6FD1} - c:\program files\Search Enhancer Toolbar\NCL.dll

HKCU-Run-Aim6 - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-19 13:35:22

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2844)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\PSIService.exe

c:\windows\System32\drivers\XAudio.exe

c:\windows\System32\WUDFHost.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\hp\KBD\kbd.exe

.

**************************************************************************

.

Completion time: 2008-12-19 13:44:41 - machine was rebooted [KAGE]

ComboFix-quarantined-files.txt 2008-12-19 18:44:22

Pre-Run: 158,386,860,032 bytes free

Post-Run: 160,847,540,224 bytes free

256 --- E O F --- 2008-12-19 13:45:30

Here's the Hijackthis log No. 2

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:59:42 PM, on 12/19/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\hp\support\hpsysdrv.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\NETGEAR\WPN111\wpn111.exe

C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\rundll32.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Search Enhancer Toolbar - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\Program Files\Search Enhancer Toolbar\NCL.dll (file missing)

O3 - Toolbar: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'Default user')

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O4 - Global Startup: PolderbitS Audio Driver Monitor.lnk = C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe

O13 - Gopher Prefix:

O15 - Trusted Zone: www.factoryfiles.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Microsoft Network Message Service (msmsnkd) - Unknown owner - C:\Windows\system32\msmsn.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8296 bytes

Malwarebytes' Anti-Malware 1.31

Database version: 1531

Windows 6.0.6000

12/22/2008 10:44:01 AM

mbam-log-2008-12-22 (10-44-01).txt

Scan type: Quick Scan

Objects scanned: 48322

Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Infected: 7

Memory Modules Infected: 0

Registry Keys Infected: 25

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 14

Memory Processes Infected:

C:\Windows\System32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\noytcyr.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\roytctm.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\soxpeca.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\tdydowkc.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\wsldoekd.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\axloader.loader (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\axloader.loader.1 (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{326cfa75-1073-48e3-a411-221f72e8d76e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\msudf.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\tmpxr_357243519767.bk (Trojan.Refpron) -> Quarantined and deleted successfully.

C:\Windows\System32\ceswxfst.sys (RootKit.Clicker) -> Quarantined and deleted successfully.

C:\Windows\System32\tmpxr_215616270839.bk (Trojan.Refpron) -> Quarantined and deleted successfully.

C:\Windows\System32\tmpxr_25050380072.bk (Trojan.Refpron) -> Quarantined and deleted successfully.

C:\Windows\System32\tmpxr_8837160360.bk (Trojan.Refpron) -> Quarantined and deleted successfully.

C:\Windows\System32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\mabidwe.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\noytcyr.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\roytctm.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\soxpeca.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\tdydowkc.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\wsldoekd.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.

And the OTMoveIt log.

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

Service msmsnkd stopped successfully.

Service msmsnkd deleted successfully.

========== REGISTRY ==========

========== FILES ==========

File move failed. c:\windows\system32\msmsn.exe scheduled to be moved on reboot.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\Windows\temp\mta101312.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta107838.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta112181.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta112646.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta121808.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta46351.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta99440.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12222008_095834

Files moved on Reboot...

c:\windows\system32\msmsn.exe moved successfully.

File C:\Windows\temp\mta101312.dll not found!

File C:\Windows\temp\mta107838.dll not found!

File C:\Windows\temp\mta112181.dll not found!

File C:\Windows\temp\mta112646.dll not found!

File C:\Windows\temp\mta121808.dll not found!

File C:\Windows\temp\mta46351.dll not found!

File C:\Windows\temp\mta99440.dll not found!

And the OTMoveIt log.

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

Service msmsnkd stopped successfully.

Service msmsnkd deleted successfully.

========== REGISTRY ==========

========== FILES ==========

File move failed. c:\windows\system32\msmsn.exe scheduled to be moved on reboot.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\Windows\temp\mta101312.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta107838.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta112181.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta112646.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta121808.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta46351.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta99440.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12222008_095834

Files moved on Reboot...

c:\windows\system32\msmsn.exe moved successfully.

File C:\Windows\temp\mta101312.dll not found!

File C:\Windows\temp\mta107838.dll not found!

File C:\Windows\temp\mta112181.dll not found!

File C:\Windows\temp\mta112646.dll not found!

File C:\Windows\temp\mta121808.dll not found!

File C:\Windows\temp\mta46351.dll not found!

File C:\Windows\temp\mta99440.dll not found!

Link to post
Share on other sites

Hello and Welcome to the forums. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your computer problem today.

The reason why you didn't get a reply yet is because you bumped your thread.

We always look at the older posts first. When you bump your thread, it will be in the beginning of the list again, so you'll have to wait longer for a reply.

Anyway, please post a new HijackThislog since entries may be changed in it. Then we'll start from there...

Link to post
Share on other sites

Sorry it took so long to get back to you. I was touring a college.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:46:32 AM, on 2/2/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\mobsync.exe

C:\hp\support\hpsysdrv.exe

C:\hp\KBD\KbdStub.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\NETGEAR\WPN111\wpn111.exe

C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Search Enhancer Toolbar - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\Program Files\Search Enhancer Toolbar\NCL.dll (file missing)

O3 - Toolbar: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'Default user')

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O4 - Global Startup: PolderbitS Audio Driver Monitor.lnk = C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8479 bytes

Link to post
Share on other sites

Hey,

No worries, its all good.

Download OTViewIt to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use multiple posts to fit it all into this topic.

Link to post
Share on other sites

Heres the pop up one.

OTViewIt logfile created on: 2/4/2009 6:29:48 PM - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\KAGE\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16764)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.94 Mb Total Physical Memory | 316.54 Mb Available Physical Memory | 35.41% Memory free

1.99 Gb Paging File | 1.24 Gb Available in Paging File | 61.92% Paging File free

Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 226.62 Gb Total Space | 148.94 Gb Free Space | 65.72% Space Free | Partition Type: NTFS

Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.09% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: KAGE-PC

Current User Name: KAGE

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2006/11/02 04:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe

[2006/11/02 04:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe

[2007/07/11 16:54:42 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe

[2006/10/24 16:08:20 | 00,107,624 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

[2006/09/20 12:05:16 | 00,046,736 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

[2006/09/14 07:56:06 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

[2006/10/31 05:32:10 | 00,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

[2006/10/19 16:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe

[2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe

[2006/11/02 07:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe

[2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

[2006/11/02 04:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe

[2006/11/02 04:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2006/11/02 04:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe

[2006/11/02 04:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2006/09/28 08:42:24 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

[2006/11/09 05:57:52 | 03,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2006/09/14 07:55:52 | 00,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[2008/03/18 14:58:08 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe

[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe

[2008/01/09 18:20:24 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe

[2006/11/02 07:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe

[2009/01/09 00:41:00 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2007/06/20 12:34:32 | 00,995,328 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe

[2008/11/30 15:04:11 | 00,153,104 | ---- | M] (PolderbitS Software) -- C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe

[2006/11/02 07:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe

[2005/02/02 10:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe

[2008/10/16 16:09:43 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe

[2008/10/15 23:40:06 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe

[2008/10/15 23:42:58 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

[2006/11/07 12:48:18 | 00,214,688 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe

[2009/02/04 18:28:04 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\KAGE\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/09/14 07:56:06 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0 [Auto | Running])

[2006/10/31 05:32:10 | 00,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])

[2006/10/24 16:08:20 | 00,107,624 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])

[2006/10/24 16:08:20 | 00,107,624 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])

File not found -- -- (CertPropSvc [unknown | Running])

[2006/11/02 01:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2006/10/24 16:08:20 | 00,107,624 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])

[2006/10/13 09:29:12 | 00,049,296 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])

File not found -- -- (DcomLaunch [unknown | Running])

[2006/11/02 07:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])

[2007/09/04 09:32:07 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [unknown | Running])

[2006/11/02 07:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])

[2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

[2006/11/02 07:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2006/11/02 04:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [unknown | Running])

[2009/01/09 00:40:55 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2006/10/26 18:18:36 | 00,080,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])

[2006/10/19 16:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

[2006/10/31 05:32:10 | 02,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])

[2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])

[2006/11/02 08:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [unknown | Stopped])

[2006/11/02 07:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])

[2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing [Auto | Running])

[2006/11/02 04:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [unknown | Stopped])

File not found -- -- (Schedule [unknown | Running])

File not found -- -- (SCPolicySvc [unknown | Stopped])

[2007/07/11 16:54:42 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])

[2006/11/02 04:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])

[2007/02/05 10:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service [On_Demand | Stopped])

[2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])

[2007/02/05 10:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])

[2008/03/08 22:02:41 | 00,087,288 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])

[2006/11/01 14:58:02 | 00,078,752 | R--- | M] (MicroVision Development, Inc.) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])

[2007/01/11 23:34:30 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])

[2006/09/20 12:05:16 | 00,046,736 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])

[2006/11/02 04:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])

[2006/11/02 04:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])

File not found -- -- (WdiServiceHost [unknown | Stopped])

File not found -- -- (WdiSystemHost [unknown | Running])

[2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[2006/11/02 07:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

[2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

========== Driver Services ==========

[2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])

[2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])

[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])

[2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])

[2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])

[2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])

[2006/11/02 04:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])

[2006/11/02 04:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])

[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])

[2006/11/02 03:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])

[2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])

[2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])

[2006/11/02 03:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])

[2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])

[2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])

[2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])

[2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])

[2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])

[2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

[2006/11/02 03:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])

[2006/11/02 03:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])

[2007/12/05 23:14:53 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [unknown | Running])

[2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])

[2006/11/02 04:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [boot | Running])

[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])

[2006/11/02 03:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [system | Running])

[2006/11/16 13:36:18 | 00,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50 [On_Demand | Stopped])

[2006/11/16 13:36:28 | 00,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50 [On_Demand | Running])

[2007/09/04 09:32:08 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])

[2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])

[2006/11/02 07:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [boot | Running])

[2008/01/20 04:00:00 | 00,385,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])

[2008/11/20 04:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])

[2006/11/02 04:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [boot | Running])

[2006/11/02 03:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])

[2006/11/02 04:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])

[2006/11/02 02:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])

[2007/07/11 16:54:01 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006/11/02 03:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])

[2006/11/02 03:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])

[2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])

[2008/05/08 04:03:18 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP [On_Demand | Running])

[2008/05/08 04:05:18 | 00,266,752 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])

[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])

[2006/10/19 22:10:16 | 00,202,872 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86 [On_Demand | Stopped])

[2004/03/29 16:28:24 | 00,014,531 | ---- | M] (iRiver, Inc.) -- C:\Windows\System32\drivers\Ifp700.sys -- (IFP700 [boot | Running])

[2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])

[2006/11/08 14:09:24 | 01,647,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])

[2006/11/02 03:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])

[2006/11/02 04:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])

[2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])

[2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])

[2006/11/02 03:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])

[2006/11/02 03:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])

[2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])

[2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])

[2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])

[2006/11/02 03:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])

[2006/06/19 08:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])

[2007/12/16 04:56:45 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])

[2006/11/02 04:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])

[2007/07/11 16:56:55 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])

[2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])

[2008/08/25 20:11:59 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])

[2007/12/12 07:18:36 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])

[2006/11/02 04:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])

[2006/11/02 04:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])

[2006/11/02 04:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [boot | Running])

[2006/11/02 04:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])

[2008/01/18 22:06:36 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])

[2006/11/05 20:00:00 | 00,079,240 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])

[2006/11/05 20:00:00 | 00,831,880 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])

[2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])

[2006/11/02 03:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [system | Running])

[2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])

[2007/05/04 01:29:10 | 01,065,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])

[2007/07/06 20:15:00 | 07,568,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])

[2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])

[2007/01/05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [boot | Running])

[2006/11/02 04:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])

[2008/11/30 15:04:11 | 00,106,768 | ---- | M] () -- C:\Windows\System32\drivers\pbsaudrv.sys -- (PbsAuDrv [On_Demand | Running])

[2006/11/02 04:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])

[2005/12/12 11:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])

[2007/09/04 09:32:10 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [system | Running])

[2006/10/18 02:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])

[2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])

[2006/11/02 07:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])

[2006/11/02 04:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [system | Running])

[2006/11/02 03:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])

[2006/11/02 04:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])

[2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

[2007/12/05 21:18:26 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])

[2006/11/02 03:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])

[2006/11/02 03:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])

[2006/11/02 03:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])

[2006/11/02 04:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])

[2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])

[2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])

[2006/11/02 03:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [system | Running])

[2006/10/06 08:26:16 | 00,406,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])

[2006/11/02 04:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [boot | Running])

[2006/11/03 12:22:56 | 00,245,880 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP [On_Demand | Stopped])

[2006/11/03 12:23:02 | 00,275,576 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])

[2006/11/03 12:23:00 | 00,024,184 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX [system | Running])

[2007/12/12 07:18:30 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])

[2007/12/12 07:18:30 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])

[2005/08/17 06:45:00 | 00,058,352 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])

[2005/08/17 06:46:20 | 00,008,272 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])

[2005/08/17 06:46:26 | 00,093,872 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])

[2005/08/17 06:47:48 | 00,073,696 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd [On_Demand | Stopped])

[2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])

[2007/01/11 23:36:20 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2006/10/24 07:40:22 | 00,026,384 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Stopped])

[2006/10/24 07:40:22 | 00,185,744 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])

[2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])

[2006/11/02 03:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])

[2006/11/02 03:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [system | Running])

[2006/11/02 04:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Running])

[2007/07/11 16:56:53 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])

[2007/07/11 16:56:54 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])

[2006/11/02 04:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])

[2006/11/02 04:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])

[2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])

[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])

[2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])

[2006/11/02 03:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])

[2006/11/02 03:55:22 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys -- (UMPass [On_Demand | Stopped])

[2006/11/02 03:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])

[2006/11/02 03:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])

[2006/11/02 03:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])

[2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])

[2006/11/02 04:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [boot | Running])

[2006/11/02 04:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [boot | Running])

[2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

[2006/11/02 03:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])

[2006/11/02 04:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])

[2007/12/05 23:13:53 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [boot | Running])

[2008/05/08 04:04:16 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])

[2006/11/02 03:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])

[2007/06/01 17:36:26 | 00,870,400 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\WPN111v.sys -- (WPN111 [On_Demand | Running])

[2006/11/02 03:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

[2007/10/18 06:36:54 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}" (HKLM) -- C:\Program Files\PSP_Blender\tbPSP_.dll (Conduit Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\Windows\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Start Page"=http://www.yahoo.com/

"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\Windows\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{1E8A6170-7264-4D0F-BEAE-D42A53123C75} (HKLM) -- c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)

{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

{d7df6ae0-d36c-4397-94ec-9f653bd4eda4} (HKLM) -- C:\Program Files\PSP_Blender\tbPSP_.dll (Conduit Ltd.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{90222687-F593-4738-B738-FBEE9C7B26DF}" (HKLM) -- c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{BFB5F154-9212-46F3-B547-AC6106030A54}" (HKLM) -- C:\Program Files\Search Enhancer Toolbar\NCL.dll File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}" (HKLM) -- C:\Program Files\PSP_Blender\tbPSP_.dll (Conduit Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

"{BFB5F154-9212-46F3-B547-AC6106030A54}" (HKLM) -- C:\Program Files\Search Enhancer Toolbar\NCL.dll File not found

"{D7DF6AE0-D36C-4397-94EC-9F653BD4EDA4}" (HKLM) -- C:\Program Files\PSP_Blender\tbPSP_.dll (Conduit Ltd.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" (Adobe Systems Incorporated)

"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

"hpsysdrv"=c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

"iRiver Updater"=\Updater.exe File not found

"KBD"=C:\HP\KBD\KbdStub.EXE ()

"MSConfig"="C:\Windows\system32\msconfig.exe" /auto (Microsoft Corporation)

"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"ConsentPromptBehaviorAdmin"=2

"ConsentPromptBehaviorUser"=1

"EnableInstallerDetection"=1

"EnableLUA"=1

"EnableSecureUIAPaths"=1

"EnableVirtualization"=1

"PromptOnSecureDesktop"=1

"ValidateAdminCodeSignatures"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"scforceoption"=0

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"FilterAdministratorToken"=0

"DisableRegistryTools"=0

"HideLegacyLogonScripts"=0

"HideLogoffScripts"=0

"RunLogonScriptSync"=1

"RunStartupScriptSync"=0

"HideStartupScripts"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]

"CF_TEXT"=1

"CF_BITMAP"=2

"CF_OEMTEXT"=7

"CF_DIB"=8

"CF_PALETTE"=9

"CF_UNICODETEXT"=13

"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"HideLegacyLogonScripts"=0

"HideLogoffScripts"=0

"HideStartupScripts"=0

"RunLogonScriptSync"=1

"RunStartupScriptSync"=0

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{32DCA009-134A-4293-8FB3-CA619C6D4E13} (Servers: | Description: NVIDIA nForce Networking Controller)

{F07E1D72-6FAC-4839-8B9C-8D938C6BD82F} (Servers: | Description: NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]

"SecurityProviders"=credssp.dll, msansspc.dll

>[2006/11/02 04:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

>File not found --

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,

>[2006/11/02 04:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]

[2007/01/11 23:11:06 | 00,000,074 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/02/04 18:28:03 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\KAGE\Desktop\OTViewIt.exe

[2009/01/25 11:06:56 | 00,000,000 | ---D | C] -- C:\Users\KAGE\AppData\Local\Adobe

[2009/01/23 00:00:36 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll

[2009/01/23 00:00:36 | 00,047,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe

[2009/01/22 23:47:07 | 00,081,920 | ---- | C] () -- C:\Windows\SPInstall.etl

[2009/01/22 23:42:58 | 45,561,1504 | ---- | C] (Microsoft Corporation) -- C:\Users\KAGE\Desktop\Windows6.0-KB936330-X86-wave0.exe

[2009/01/21 18:27:40 | 00,000,206 | ---- | C] () -- C:\Users\KAGE\Desktop\Help and Support.url

@Alternate Data Stream - 3638 bytes -> C:\Users\KAGE\Desktop\Help and Support.url:favicon

[2009/01/19 06:56:26 | 02,905,533 | -H-- | C] () -- C:\Users\KAGE\AppData\Local\IconCache.db

[2009/01/19 06:48:05 | 22,718,496 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat

[2009/01/19 06:48:05 | 00,268,352 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx

[2009/01/18 23:14:46 | 00,000,000 | ---D | C] -- C:\ProgramData\is-SJ6MO

[2009/01/18 23:08:52 | 32,442,600 | ---- | C] ( ) -- C:\Users\KAGE\Desktop\setup_7.0.0.290_19.01.2009_04-49.exe

[2009/01/18 18:51:02 | 00,000,000 | ---D | C] -- C:\Users\KAGE\AppData\Local\Apple

[2009/01/14 18:21:59 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2009/01/07 18:32:00 | 00,000,000 | ---D | C] -- C:\Users\KAGE\AppData\Local\Conduit

[2009/01/07 18:31:59 | 00,000,000 | ---D | C] -- C:\Users\KAGE\AppData\Local\PSP_Blender

========== Files - Modified Within 30 Days ==========

[2009/02/04 18:28:13 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/02/04 18:28:13 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/02/04 18:28:04 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\KAGE\Desktop\OTViewIt.exe

[2009/02/04 18:00:05 | 00,000,406 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for KAGE.job

[2009/02/04 13:28:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/02/04 13:28:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/02/03 23:29:06 | 02,905,533 | -H-- | M] () -- C:\Users\KAGE\AppData\Local\IconCache.db

[2009/01/24 13:33:41 | 00,081,920 | ---- | M] () -- C:\Windows\SPInstall.etl

[2009/01/22 23:47:07 | 00,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll

[2009/01/22 23:47:07 | 00,047,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe

[2009/01/22 23:42:57 | 45,561,1504 | ---- | M] (Microsoft Corporation) -- C:\Users\KAGE\Desktop\Windows6.0-KB936330-X86-wave0.exe

[2009/01/21 18:27:40 | 00,000,206 | ---- | M] () -- C:\Users\KAGE\Desktop\Help and Support.url

@Alternate Data Stream - 3638 bytes -> C:\Users\KAGE\Desktop\Help and Support.url:favicon

[2009/01/20 15:45:22 | 22,718,496 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat

[2009/01/20 15:45:22 | 00,268,352 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx

[2009/01/18 23:10:04 | 32,442,600 | ---- | M] ( ) -- C:\Users\KAGE\Desktop\setup_7.0.0.290_19.01.2009_04-49.exe

[2009/01/18 15:26:18 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/01/18 15:26:18 | 00,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/01/18 15:26:18 | 00,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

< End of report >

And the Extras

OTViewIt Extras logfile created on: 2/4/2009 6:29:48 PM - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\KAGE\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16764)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.94 Mb Total Physical Memory | 316.54 Mb Available Physical Memory | 35.41% Memory free

1.99 Gb Paging File | 1.24 Gb Available in Paging File | 61.92% Paging File free

Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 226.62 Gb Total Space | 148.94 Gb Free Space | 65.72% Space Free | Partition Type: NTFS

Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.09% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: KAGE-PC

Current User Name: KAGE

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval"=1

"FirewallDisableNotify"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride"=0

"AntiSpywareOverride"=0

"FirewallOverride"=0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"DisableNotifications"=0

"EnableFirewall"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2006/08/30 07:35:12 | 00,952,088 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols

ldap -- 4 = Restricted sites (Not a Default Protocol)

news -- 4 = Restricted sites (Not a Default Protocol)

nntp -- 4 = Restricted sites (Not a Default Protocol)

oecmd -- 4 = Restricted sites (Not a Default Protocol)

snews -- 4 = Restricted sites (Not a Default Protocol)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2001/06/20 04:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0373779B-A362-4B2E-B8E9-7442F19F9394}"=HP Total Care Advisor

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam

"{072D2077-9E22-4F7F-B817-A92CA6CCC843}"=iriver Music Manager

"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data

"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}"=Roxio Creator EasyArchive

"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime

"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate

"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}"=Rhapsody Player Engine

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{25569723-DC5A-4467-A639-79535BF01B71}"=Adobe Help Center 2.1

"{26FB63F9-AD23-40E4-9B75-0E768AC04262}"=SAMSUNG Mobile USB DRIVER(4.40.1.0) v1.0

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine

"{3248F0A8-6813-11D6-A77B-00B0D0150010}"=J2SE Runtime Environment 5.0 Update 1

"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}"=Norton Internet Security

"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}"=ccCommon

"{3FADAA19-E595-44CA-A072-58B6B0851768}"=Norton Security Scan

"{40F7AED3-0C7D-4582-99F6-484A515C73F2}"=HP Easy Setup - Frontend

"{48185814-A224-447A-81DA-71BD20580E1B}"=Norton Internet Security

"{4843B611-8FCB-4428-8C23-31D0A5EAE164}"=Norton Confidential Browser Component

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}"=HP Picasso Media Center Add-In

"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}"=NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111

"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}"=Norton Internet Security

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3

"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{75E71ADD-042C-4F30-BFAC-A9EC42351313}"=Python 2.4.3

"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit

"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client

"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX

"{81D2FECF-FB01-4120-828B-DB3213440356}"=EverQuest II: The Shadow Odyssey

"{830D8CBD-C668-49e2-A969-C2C2106332E0}"=Norton AntiVirus

"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio

"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update

"{93A1B09E-BAFA-4628-A5B6-921CB026955A}"=Corel Paint Shop Pro Photo XI

"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}"=Norton Protection Center

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}"=HP Customer Feedback

"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 4.3

"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}"=Adobe Photoshop Elements 5.0

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}"=HP Customer Experience Enhancements

"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8

"{B2ED6DAA-31AA-49E4-BFA1-AF3388D90F7D}"=EverQuest II

"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update

"{B7C61755-DB48-4003-948F-3D34DB8EAF69}"=MSRedist

"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}"=muvee autoProducer 5.0

"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}"=OcxSetup

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator Basic v9

"{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00

"{CFF08881-43E4-4082-91C4-0E17F82E849D}"=ArcSoft MediaConverter 2

"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader

"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}"=Norton Confidential Web Protection Component

"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}"=LightScribe 1.4.124.1

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton Internet Security

"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton Internet Security

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver

"{F4DB525F-A986-4249-B98B-42A8066251CA}"=AV

"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}"=HP Easy Setup - Core

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Photoshop Elements 5"=Adobe Photoshop Elements 5.0

"Adobe Shockwave Player"=Adobe Shockwave Player

"AIM_6"=AIM 6

"BitLord"=BitLord 1.1

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1"=Soft Data Fax Modem with SmartCP

"EQ2MAP Updater"=EQ2MAP Updater 1.0.16

"HijackThis"=HijackThis 2.0.2

"HPOOVClient-6811507 Uninstaller"=HP Connections (remove only)

"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00

"LimeWire"=LimeWire PRO 4.8.0

"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Midi2Wav Recorder DEMO"=Midi2Wav Recorder DEMO 4.0

"MLUpdater"=iRiver Updater

"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}"=Norton Security Scan (Symantec Corporation)

"NVIDIA Drivers"=NVIDIA Drivers

"OpenMG HotFix4.7-07-13-22-01"=OpenMG Limited Patch 4.7-07-14-05-01

"PC-Doctor 5 for Windows"=Hardware Diagnostic Tools

"PolderbitSRecorder"=PolderbitS Sound Recorder and Editor

"PSP_Blender Toolbar"=PSP_Blender Toolbar

"RealPlayer 6.0"=RealPlayer

"ShockwaveFlash"=Adobe Flash Player 9 ActiveX

"SprintMusicManagerA"=Sprint music manager

"Station Launcher"=Station Launcher

"Steam App 10"=Counter-Strike

"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}"=Norton Internet Security (Symantec Corporation)

"TBSB02751.TBSB02751Toolbar"=Search Enhancer Toolbar

"ViewpointMediaPlayer"=Viewpoint Media Player

"Warcraft III"=Warcraft III

"WildTangent hpdesktop Master Uninstall"=My HP Games

"WinRAR archiver"=WinRAR archiver

"Yahoo! Companion"=Yahoo! Toolbar for Internet Explorer

"Yahoo! Toolbar"=Yahoo! Toolbar

"YASA MP4 Video Converter v3.2 (build 0051)"=YASA MP4 Video Converter v3.2 (build 0051)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Steam App 10"=Counter-Strike

"uTorrent"=µTorrent

"Warcraft III"=Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/21/2009 8:12:37 PM | Computer Name = KAGE-PC | Source = VSS | ID = 12293

Description =

Error - 1/21/2009 8:12:37 PM | Computer Name = KAGE-PC | Source = VSS | ID = 8194

Description =

Error - 1/23/2009 12:19:45 AM | Computer Name = KAGE-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16764, time stamp

0x48f6a2ed, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception

code 0xc0000005, fault offset 0xffffffff, process id 0xf6c, application start time

0x01c97d106b59960a.

Error - 1/24/2009 11:23:47 PM | Computer Name = KAGE-PC | Source = Application Hang | ID = 1002

Description = The program EverQuest2.exe version 1.0.0.1 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: e74 Start Time: 01c97e8120285701 Termination Time: 4571

Error - 1/25/2009 11:50:42 AM | Computer Name = KAGE-PC | Source = Application Error | ID = 1000

Description = Faulting application KB12.exe, version 5.0.2169.1, time stamp 0x3ff6ff68,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x7ffd4000, process id 0xb3c, application start time 0x01c97f04ad91f97a.

Error - 1/26/2009 12:31:23 AM | Computer Name = KAGE-PC | Source = Application Error | ID = 1000

Description = Faulting application KB73.exe, version 5.0.2169.1, time stamp 0x3ff6ff68,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x7ffd6000, process id 0x1e38, application start time 0x01c97f6ef06d661d.

Error - 1/26/2009 12:34:32 AM | Computer Name = KAGE-PC | Source = Application Error | ID = 1000

Description = Faulting application realplay.exe, version 11.0.0.431, time stamp

0x4775c0a0, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,

exception code 0xc0000005, fault offset 0x00022a24, process id 0x185c, application

start time 0x01c97f6f60cfb16d.

Error - 1/26/2009 12:34:51 AM | Computer Name = KAGE-PC | Source = Application Error | ID = 1000

Description = Faulting application realplay.exe, version 11.0.0.431, time stamp

0x4775c0a0, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,

exception code 0xc0000005, fault offset 0x00022a24, process id 0x1ac4, application

start time 0x01c97f6f6d58ebed.

Error - 1/29/2009 12:34:42 AM | Computer Name = KAGE-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16764, time stamp

0x48f6a2ed, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception

code 0xc0000005, fault offset 0xffffffff, process id 0x1d4, application start time

0x01c981c58ef4d97f.

Error - 1/30/2009 6:13:49 PM | Computer Name = KAGE-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 7.0.6000.16764 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 6bc Start Time: 01c9831f9f17ea3a Termination Time: 125

[ Media Center Events ]

Error - 12/20/2007 10:13:41 AM | Computer Name = KAGE-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/22/2007 11:10:35 AM | Computer Name = KAGE-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/29/2008 7:45:23 PM | Computer Name = KAGE-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/31/2008 12:43:19 PM | Computer Name = KAGE-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 4:13:23 PM | Computer Name = KAGE-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]

Error - 2/2/2009 12:44:47 PM | Computer Name = KAGE-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

2, function 0. Please contact your system vendor for technical assistance.

Error - 2/2/2009 12:44:47 PM | Computer Name = KAGE-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

4, function 0. Please contact your system vendor for technical assistance.

Error - 2/3/2009 4:58:59 PM | Computer Name = KAGE-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

2, function 0. Please contact your system vendor for technical assistance.

Error - 2/3/2009 4:58:59 PM | Computer Name = KAGE-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

4, function 0. Please contact your system vendor for technical assistance.

Error - 2/3/2009 5:01:00 PM | Computer Name = KAGE-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/3/2009 11:16:16 PM | Computer Name = KAGE-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

2, function 0. Please contact your system vendor for technical assistance.

Error - 2/3/2009 11:16:16 PM | Computer Name = KAGE-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

4, function 0. Please contact your system vendor for technical assistance.

Error - 2/3/2009 11:16:45 PM | Computer Name = KAGE-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.101 for the Network Card with network

address 001F33E17AD1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 2/4/2009 2:27:51 PM | Computer Name = KAGE-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

2, function 0. Please contact your system vendor for technical assistance.

Error - 2/4/2009 2:27:51 PM | Computer Name = KAGE-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

4, function 0. Please contact your system vendor for technical assistance.

< End of report >

Link to post
Share on other sites

Hey again,

Step 1

I see you have LimeWire PRO installed on your system.

While the program itself is legal, most of the files downloaded with it are not.

Also, quite often the files can be infected with viruses, malware, and other undesirable applications.

I highly recommend uninstalling LimeWire PRO via Add or Remove Programs, but this program is optional for you if you choose to want to keep it.

Step 2

Please download JavaRa to your Desktop and unzip it to its own folder.

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Step 3

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step 4

Please do an online scan with Kaspersky WebScanner

I highly recommend using Internet Explorer for best results!

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • Once they are downloaded, the database will be updated.
    Please accept any ActiveX or Java notifications
  • After the files have been updated, go to the left side of the page under the Scan section and select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...