Multiple error messages from system check (delayed write fail/critical error)

Solved
By kisaki
Mar 17, 2012
  1. Hello all,

    I tried posting a little earlier, but I think it logged me out and when I checked "my posts" it said it didn't go, so apologies in advance if this appears twice. I'll be the first to admit that I'm not tech savvy, but here goes.

    Like others, I'm getting multiple pop ups that show "Files Indexation process failed/Delayed write failed/critical error to do with free hard drive space/Hard drive clusters are partly damaged/Segment load failures/RAM memory reliability is extremely low" pop up messages, and I do have ESET NOD antivirus 5 on the system. It's showing 12 infiltrations at this point.
    Some of my more "generic" icons have disappeared from the desktop (eg, my documents, my computer, the recycle bin), and on the windows startup menu, all selections are gone from the right side, and instead of being logged in as me, it's now "standard user".

    I'll post the logs as soon as they're done running.
  2. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    Malware Log

    Malwarebytes' Anti-Malware 1.43
    Database version: 3458
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19190

    3/18/2012 11:04:42 AM
    mbam-log-2012-03-18 (11-04-42).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 306541
    Time elapsed: 2 hour(s), 8 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Delete on reboot.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Standard\AppData\Local\Temp\0.3871342887888669.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
  3. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    GMER Log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-18 13:25:02
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBCO
    Running: 5zc5u6o8.exe; Driver: C:\Users\Kisaki\AppData\Local\Temp\agliqkow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0x8F5507F0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0x8F5508B0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0x8F550870]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0x8F550830]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 221 822EC9A4 4 Bytes [F0, 07, 55, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 37D 822ECB00 4 Bytes [B0, 08, 55, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 5DD 822ECD60 4 Bytes [70, 08, 55, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 619 822ECD9C 4 Bytes [30, 08, 55, 8F]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[272] kernel32.dll!SetUnhandledExceptionFilter 7654A8C5 4 Bytes [C2, 04, 00, 00]
    .text C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe[4024] ntdll.dll!DbgBreakPoint 7767878E 1 Byte [90]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

    ---- EOF - GMER 1.0.15 ----
  4. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    DDS Log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_18
    Run by Kisaki at 13:27:38 on 2012-03-18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1303 [GMT 9:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
    mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-JB6QU.exe" /REG /REGSVRMODE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{AB31D837-0957-4C15-BFD6-41483FD56E7D} : DhcpNameServer = 192.168.0.1
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\google\google~1\GOEC62~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2011-8-4 103112]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-12-29 84832]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-10 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-19 753504]
    .
    =============== Created Last 30 ================
    .
    2012-03-16 17:17:58 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d01b58fa-3427-4d5a-bbd1-a87b81966740}\mpengine.dll
    2012-03-14 05:51:06 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 05:51:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 05:51:03 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-14 05:51:03 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-14 05:51:03 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-14 05:51:03 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-14 05:51:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-03-14 05:50:48 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-14 05:50:48 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-09 08:08:53 680448 ----a-w- c:\windows\system32\msvcrt.dll
    .
    ==================== Find3M ====================
    .
    2012-02-23 00:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 13:28:04.35 ===============
  5. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    DDS Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/10/2008 4:02:06 PM
    System Uptime: 3/18/2012 11:09:31 AM (2 hours ago)
    .
    Motherboard: Gateway | |
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1667/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 137 GiB total, 37.195 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 5.195 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {ff646f80-8def-11d2-9449-00105a075f6b}
    Description: pcouffin device ...
    Device ID: ROOT\PCOUFFIN\0000
    Manufacturer:
    Name: pcouffin device ...
    PNP Device ID: ROOT\PCOUFFIN\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1031: 3/9/2012 5:04:12 PM - Windows Update
    RP1032: 3/9/2012 7:13:53 PM - Windows Update
    RP1033: 3/11/2012 12:00:02 AM - Scheduled Checkpoint
    RP1034: 3/12/2012 12:00:02 AM - Scheduled Checkpoint
    RP1035: 3/13/2012 12:00:02 AM - Scheduled Checkpoint
    RP1036: 3/13/2012 5:45:51 PM - Windows Update
    RP1037: 3/15/2012 3:00:28 AM - Windows Update
    RP1038: 3/16/2012 12:00:01 AM - Scheduled Checkpoint
    RP1039: 3/17/2012 12:00:01 AM - Scheduled Checkpoint
    RP1040: 3/17/2012 2:17:16 AM - Windows Update
    RP1041: 3/18/2012 12:00:01 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    7-Zip 9.20
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.7
    Agere Systems HDA Modem
    AnswerWorks 5.0 English Runtime
    Apple Mobile Device Support
    Apple Software Update
    BigFix
    Browser Address Error Redirector
    Camera Assistant Software for Gateway
    Combined Community Codec Pack 2011-07-30
    Compatibility Pack for the 2007 Office system
    ConvertXtoDVD 2.2.3.258
    CyberLink Power2Go
    DirectVobSub 2.40.3644 x86
    eFax Messenger
    ESET NOD32 Antivirus
    Gateway Games
    Gateway Recovery Center Installer
    Google Chrome
    Google Desktop
    Google Gears
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IDT Audio
    IKEA Home Planner
    ImgBurn
    InstallRoot 3.13
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    iTunes
    Japanese Fonts Support For Adobe Reader 9
    Java Auto Updater
    Java(TM) 6 Update 18
    Java(TM) 6 Update 5
    LabelPrint
    Magic DVD Ripper V5.4.2
    Malwarebytes' Anti-Malware
    Media Player Classic - Home Cinema v1.5.2.3456
    Mega Manager
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox (3.6.4)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Napster Burn Engine
    Orbit Downloader
    Pinnacle VideoSpin
    Plato DVD Ripper Professional 6.66.14
    QuickTime
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek USB 2.0 Card Reader
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Skype™ 5.5
    SpywareBlaster 4.2
    StarCraft II
    Synaptics Pointing Device Driver
    TurboTax 2008
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wmdiper
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wmdiper
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wmdiper
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wmdiper
    TurboTax 2011 wrapper
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WD Diagnostics
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xvid 1.2.1 final uninstall
    Yahoo! Messenger
    Yahoo! Software Update
    .
    ==== End Of File ===========================


    Thanks much for your assistance! =)
  6. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    oops - I just realized that when I'd clicked on the update for the Malwarebytes, apparently it didn't take I'm I'm running an older version. I tried to update to the current version, and I'm getting another pop-up which says :

    Internal error : Failed to expand shell folder constant "userappdata.

    I tried downloading the update twice, but get the same error message.
  7. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  8. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    aswMBR Log

    Hi there Broni,
    Thanks for your help (sorry about the delay in response, I just got off work, so here's the response from the first log)

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-19 05:43:16
    -----------------------------
    05:43:16.654 OS Version: Windows 6.0.6002 Service Pack 2
    05:43:16.655 Number of processors: 2 586 0xF0D
    05:43:16.656 ComputerName: KISAKI-LAPTOP UserName: Kisaki
    05:43:21.909 Initialize success
    05:45:03.024 AVAST engine defs: 12031700
    05:45:44.952 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"
    05:46:27.259 The log file has been saved successfully to "C:\Users\Kisaki\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-19 05:43:16
    -----------------------------
    05:43:16.654 OS Version: Windows 6.0.6002 Service Pack 2
    05:43:16.655 Number of processors: 2 586 0xF0D
    05:43:16.656 ComputerName: KISAKI-LAPTOP UserName: Kisaki
    05:43:21.909 Initialize success
    05:45:03.024 AVAST engine defs: 12031700
    05:45:44.952 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"
    05:46:27.259 The log file has been saved successfully to "C:\Users\Kisaki\Desktop\aswMBR.txt"
    05:47:16.811 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    05:47:16.890 Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
    05:47:17.500 Disk 0 MBR read successfully
    05:47:17.523 Disk 0 MBR scan
    05:47:17.530 Disk 0 Windows VISTA default MBR code
    05:47:17.773 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 12213 MB offset 63
    05:47:17.919 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 140411 MB offset 25013205
    05:47:18.506 Disk 0 scanning sectors +312576705
    05:47:19.374 Disk 0 scanning C:\Windows\system32\drivers
    05:50:34.182 Service scanning
    05:51:11.222 Modules scanning
    05:54:10.144 Disk 0 trace - called modules:
    05:54:10.177 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
    05:54:10.184 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863cc368]
    05:54:10.190 3 CLASSPNP.SYS[8a9a08b3] -> nt!IofCallDriver -> [0x84b70b18]
    05:54:10.196 5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b81030]
    05:54:11.320 AVAST engine scan C:\Windows
    05:56:18.541 AVAST engine scan C:\Windows\system32
    06:25:52.735 AVAST engine scan C:\Windows\system32\drivers
    06:29:38.290 AVAST engine scan C:\Users\Kisaki
    06:35:47.940 AVAST engine scan C:\ProgramData
    07:34:44.520 Scan finished successfully
    18:20:21.440 Disk 0 MBR has been saved successfully to "C:\Users\Kisaki\Desktop\MBR.dat"
    18:20:21.450 The log file has been saved successfully to "C:\Users\Kisaki\Desktop\aswMBR.txt"
  9. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    Bootkit Log

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`fb57aa00
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  10. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    System update information

    Oh yes, I forgot to mention in my previous post, the "computer" option has now appeared on the start taskbar, but it's still not showing my usual icon for the "Standard user", and I noticed on the first aswMBR log, it ended up downloading the log to another user desktop (kisaki) vice the account I'm on now (standard).

    I wasn't sure if that was normal, or if I needed to report it per se, but since it wasn't something I've been used to seeing, I figured I should let you know just in case, and you did mention notifying you of changes to behavior on my computer!

    Thanks again for your help!
  11. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  12. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    ComboFix Log

    Hello again Broni -
    Well, that looked like it did something - It would appear that the right side of the windows start up menu has returned! It did change my user account to the "administrator" one vice the "standard" user one I was in before I ran the program, but I'm not sure if that makes any difference (ie, I logged in to the standard account, but when finished the report, it had me logged in as the admin).

    Here's the results of the log :
    ===========================


    ComboFix 12-03-18.04 - Kisaki 03/20/2012 18:41:06.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1234 [GMT 9:00]
    Running from: c:\users\Standard\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\~oBzC0RjTEkMOyp
    c:\programdata\~oBzC0RjTEkMOypr
    c:\programdata\oBzC0RjTEkMOyp
    c:\users\Public\videos\mplayerc.exe
    c:\users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-20 09:48 . 2012-03-20 09:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-20 09:48 . 2012-03-20 09:49 -------- d-----w- c:\users\Kisaki\AppData\Local\temp
    2012-03-20 09:48 . 2012-03-20 09:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-03-19 17:15 . 2012-03-19 17:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D01B58FA-3427-4D5A-BBD1-A87B81966740}\offreg.dll
    2012-03-16 17:17 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D01B58FA-3427-4D5A-BBD1-A87B81966740}\mpengine.dll
    2012-03-14 05:51 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 05:51 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 05:51 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-14 05:51 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-14 05:51 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-14 05:51 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-14 05:51 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-03-14 05:50 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-14 05:50 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-09 08:08 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 00:18 . 2009-10-03 03:52 237072 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-22 19:26 . 2009-11-13 18:30 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 39408]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-22 30192]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "SigmatelSysTrayApp"="sttray.exe" [2007-09-07 405504]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-30 1389904]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
    "*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]
    "InnoSetupRegFile.0000000001"="c:\windows\is-JB6QU.exe" [2011-09-10 1201368]
    .
    c:\users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-27 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-6-10 2342912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - AGLIQKOW
    *NewlyCreated* - ASWMBR
    *Deregistered* - agliqkow
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 07:06]
    .
    2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 07:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Kisaki\AppData\Roaming\Mozilla\Firefox\Profiles\hoggeevb.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-20 18:49
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-03-20 18:51:11
    ComboFix-quarantined-files.txt 2012-03-20 09:51
    ComboFix2.txt 2010-03-05 22:52
    .
    Pre-Run: 40,891,174,912 bytes free
    Post-Run: 41,531,920,384 bytes free
    .
    - - End Of File - - 1E5B6CEC1E3794A0149E4753A5FBB088
  13. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    oops, maybe I spoke to soon. I had to restart to get the ESET to come back as active, and the "standard" user still doesn't have the right side of the windows start bar.
     
  14. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    See my manual here: http://www.smartestcomputing.us.com/topic/49859-missing-items-from-main-start-menu-window-fix/

    Combofix log looks good.

    Any other current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  15. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    Ohh, I feel silly now! Thanks for the link to getting the taskbar fixed! It's looking more "normal" now! =)

    System is still showing everything as empty folders (eg, I get the "This Folder is Empty" message on the screen so it looks like there's nothing in the "Documents", "Pictures", etc etc etc) but maybe those are still hidden - it seems like every time I've run a program, some other icon shows up!

    I'll run OTL and post the results as soon as it's done.

    Thanks again!
  16. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    OTL Text File

    OTL logfile created on: 3/21/2012 5:11:55 PM - Run 1
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Standard\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19190)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.05% Memory free
    6.18 Gb Paging File | 4.76 Gb Available in Paging File | 77.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 137.12 Gb Total Space | 37.79 Gb Free Space | 27.56% Space Free | Partition Type: NTFS
    Drive D: | 11.93 Gb Total Space | 5.20 Gb Free Space | 43.56% Space Free | Partition Type: NTFS

    Computer Name: KISAKI-LAPTOP | User Name: Kisaki | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/21 17:00:47 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
    PRC - [2012/02/02 05:40:18 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2010/11/03 11:00:42 | 002,113,024 | ---- | M] (Megaupload Limited) -- C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
    PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2010/06/14 21:16:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2009/04/11 15:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/10/08 05:25:48 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
    PRC - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2007/09/28 08:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
    PRC - [2007/09/14 06:09:44 | 000,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
    PRC - [2007/09/07 11:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray.exe
    PRC - [2007/08/17 09:17:56 | 002,342,912 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
    PRC - [2007/07/13 08:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/07/13 08:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/20 12:02:05 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
    MOD - [2011/07/30 21:57:34 | 003,572,224 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax
    MOD - [2010/11/03 10:58:18 | 000,019,968 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwinit.dll
    MOD - [2010/11/03 10:58:14 | 000,015,360 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwssl.dll
    MOD - [2010/11/03 10:58:12 | 000,061,440 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwapp.dll
    MOD - [2010/11/03 10:58:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwhttp.dll
    MOD - [2010/11/03 10:58:00 | 000,036,864 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwftp.dll
    MOD - [2010/11/03 10:57:58 | 000,033,280 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwmime.dll
    MOD - [2010/11/03 10:57:56 | 000,020,480 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwdir.dll
    MOD - [2010/11/03 10:57:54 | 000,055,296 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwhtml.dll
    MOD - [2010/11/03 10:57:54 | 000,026,112 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwstream.dll
    MOD - [2010/11/03 10:57:50 | 000,024,064 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwfile.dll
    MOD - [2010/11/03 10:57:48 | 000,027,648 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwcache.dll
    MOD - [2010/11/03 10:57:46 | 000,022,016 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwtrans.dll
    MOD - [2010/11/03 10:57:42 | 000,143,360 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwcore.dll
    MOD - [2010/11/03 10:57:30 | 000,038,400 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwutils.dll
    MOD - [2010/06/14 21:16:36 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
    MOD - [2010/02/23 06:04:00 | 001,589,248 | ---- | M] () -- C:\Program Files\Google\Google Gears\Firefox\lib\ff36\gears.dll
    MOD - [2009/12/01 16:46:20 | 000,839,680 | R--- | M] () -- C:\Program Files\Megaupload\Mega Manager\libeay32.dll
    MOD - [2009/12/01 16:46:20 | 000,159,744 | R--- | M] () -- C:\Program Files\Megaupload\Mega Manager\ssleay32.dll
    MOD - [2009/12/01 16:46:20 | 000,062,464 | R--- | M] () -- C:\Program Files\Megaupload\Mega Manager\hs_regex.dll
    MOD - [2007/09/28 08:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/05/06 07:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/01/21 11:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2007/07/13 08:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Kisaki\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2011/08/09 14:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2009/05/19 19:34:31 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/02/29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/01/21 11:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2007/09/07 11:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/05/24 09:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/05/03 00:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
    DRV - [2007/05/03 00:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
    DRV - [2007/05/03 00:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
    DRV - [2007/04/30 07:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2006/11/02 16:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
    DRV - [2002/07/18 05:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\SearchScopes,DefaultScope = {B80EE549-26B8-4AC2-A076-4C02DCAC4A35}
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GWYE_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=GDY9YzUvqDPbiL-_ojLcTolf4Os?q={searchTerms}
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\SearchScopes\{81E28843-E562-4A45-8C32-73CF94499D3B}: "URL" = http://search.avg.com/route/?d=4ce7402e&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\SearchScopes\{B80EE549-26B8-4AC2-A076-4C02DCAC4A35}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE_en
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..\SearchScopes,DefaultScope = {FB77A334-C613-43D6-842A-D3B78C34071F}
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..\SearchScopes\{31FA1694-F592-4339-B548-94AED3D49B73}: "URL" = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=aa
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GWYE_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=P9rs7kuxicJ0dcPKkcH0am1iQ14?q={searchTerms}
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..\SearchScopes\{FB77A334-C613-43D6-842A-D3B78C34071F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE_en
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/03/05 16:07:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/23 16:59:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/07 18:18:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/02/02 05:25:06 | 000,000,000 | ---D | M]

    [2008/11/28 23:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kisaki\AppData\Roaming\Mozilla\Extensions
    [2012/03/20 18:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kisaki\AppData\Roaming\Mozilla\Firefox\Profiles\hoggeevb.default\extensions
    [2010/03/02 22:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kisaki\AppData\Roaming\Mozilla\Firefox\Profiles\hoggeevb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/03/20 18:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/03/05 16:07:23 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX

    O1 HOSTS File: ([2012/03/20 18:48:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001..\Run: [fvmJCJEUlfbO.exe] C:\ProgramData\fvmJCJEUlfbO.exe File not found
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001..\Run: [TOY5KNQ8OC] C:\Users\Standard\AppData\Local\Temp\Am4.exe File not found
    O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-JB6QU.exe ()
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..Trusted Domains: localhost ([]http in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB31D837-0957-4C15-BFD6-41483FD56E7D}: DhcpNameServer = 192.168.0.1
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/19 06:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.mjpg - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/20 18:51:15 | 000,000,000 | -HSD | C] -- C:\Users\Kisaki\%APPDATA%
    [2012/03/20 18:51:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/20 18:51:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/20 18:51:13 | 000,000,000 | ---D | C] -- C:\Users\Kisaki\AppData\Local\temp
    [2012/03/20 18:39:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/20 18:39:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/20 18:39:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/20 18:38:55 | 000,000,000 | ---D | C] -- C:\Qoobox

    ========== Files - Modified Within 30 Days ==========

    [2012/03/21 16:45:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/21 16:40:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/21 16:40:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/21 05:45:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/21 04:40:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/20 19:02:57 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/20 18:48:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/03/19 18:20:21 | 000,000,512 | ---- | M] () -- C:\Users\Kisaki\Desktop\MBR.dat
    [2012/03/15 03:23:11 | 000,321,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/03/13 06:46:03 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/03/10 15:06:26 | 007,939,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/10 15:06:26 | 002,736,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2012/03/20 18:39:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/20 18:39:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/20 18:39:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/20 18:39:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/20 18:39:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/19 18:20:21 | 000,000,512 | ---- | C] () -- C:\Users\Kisaki\Desktop\MBR.dat
    [2012/01/28 15:14:26 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/10/16 06:36:29 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2011/09/10 14:47:46 | 001,201,368 | ---- | C] () -- C:\Windows\is-JB6QU.exe

    ========== LOP Check ==========

    [2009/10/29 22:56:52 | 000,000,000 | ---D | M] -- C:\Users\Kisaki\AppData\Roaming\GrabPro
    [2009/07/16 03:52:48 | 000,000,000 | ---D | M] -- C:\Users\Kisaki\AppData\Roaming\ImgBurn
    [2009/11/27 03:37:27 | 000,000,000 | ---D | M] -- C:\Users\Kisaki\AppData\Roaming\Orbit
    [2009/04/21 04:04:08 | 000,000,000 | ---D | M] -- C:\Users\Kisaki\AppData\Roaming\SampleView
    [2009/05/19 19:11:51 | 000,000,000 | ---D | M] -- C:\Users\Kisaki\AppData\Roaming\Samsung
    [2010/10/06 19:59:02 | 000,000,000 | ---D | M] -- C:\Users\Kisaki\AppData\Roaming\uTorrent
    [2009/07/16 03:59:18 | 000,000,000 | ---D | M] -- C:\Users\Kisaki\AppData\Roaming\Vso
    [2008/10/20 07:44:15 | 000,000,000 | ---D | M] -- C:\Users\Kisaki\AppData\Roaming\WildTangent
    [2010/11/20 13:06:35 | 000,000,000 | -H-D | M] -- C:\Users\Standard\AppData\Roaming\AVG10
    [2010/03/01 04:09:45 | 000,000,000 | -H-D | M] -- C:\Users\Standard\AppData\Roaming\GrabPro
    [2011/01/30 10:11:36 | 000,000,000 | -H-D | M] -- C:\Users\Standard\AppData\Roaming\Megaupload
    [2009/11/03 08:03:34 | 000,000,000 | -H-D | M] -- C:\Users\Standard\AppData\Roaming\Orbit
    [2012/01/22 18:50:49 | 000,000,000 | -H-D | M] -- C:\Users\Standard\AppData\Roaming\QuickScan
    [2009/07/25 10:31:53 | 000,000,000 | -H-D | M] -- C:\Users\Standard\AppData\Roaming\SampleView
    [2009/05/19 19:22:29 | 000,000,000 | -H-D | M] -- C:\Users\Standard\AppData\Roaming\Samsung
    [2010/01/26 02:58:01 | 000,000,000 | -H-D | M] -- C:\Users\Standard\AppData\Roaming\Template
    [2010/12/28 02:49:57 | 000,000,000 | -H-D | M] -- C:\Users\Standard\AppData\Roaming\uTorrent
    [2008/12/02 04:20:58 | 000,000,000 | -H-D | M] -- C:\Users\Standard\AppData\Roaming\WildTangent
    [2012/03/20 19:01:59 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2006/09/19 06:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 15:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/02/05 14:22:11 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2009/05/19 19:39:41 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
    [2012/03/20 18:51:11 | 000,009,891 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/19 06:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/03/20 19:02:57 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
    [2008/06/10 16:22:08 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
    [2012/03/20 19:02:55 | 3524,980,736 | -HS- | M] () -- C:\pagefile.sys
    [2008/06/10 16:27:51 | 000,000,163 | ---- | M] () -- C:\power2go.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 21:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 21:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 21:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/11/03 07:56:50 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/19 06:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 21:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/27 11:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >
    Invalid Environment Variable: APPDATA

    < %ALLUSERSPROFILE%\Favorites\*.* >
    Invalid Environment Variable: APPDATA

    < %PROGRAMFILES%\*.* >
    [2008/01/21 11:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    Invalid Environment Variable: APPDATA

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 12:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 12:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 12:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 19:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 19:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    Invalid Environment Variable: APPDATA

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/21 05:45:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/21 16:45:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/20 19:03:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/20 19:01:59 | 000,032,606 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    Invalid Environment Variable: APPDATA

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/10/20 05:24:21 | 000,000,402 | -HS- | M] () -- C:\Users\Kisaki\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/08/14 06:56:11 | 000,000,000 | -H-- | M] () -- C:\ProgramData\LauncherAccess.dt
    [2012/01/31 17:43:13 | 000,000,451 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2010/03/11 17:21:25 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >
    Invalid Environment Variable: AppData

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >
  17. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    OTL Extras File

    OTL Extras logfile created on: 3/21/2012 5:11:55 PM - Run 1
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Standard\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19190)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.05% Memory free
    6.18 Gb Paging File | 4.76 Gb Available in Paging File | 77.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 137.12 Gb Total Space | 37.79 Gb Free Space | 27.56% Space Free | Partition Type: NTFS
    Drive D: | 11.93 Gb Total Space | 5.20 Gb Free Space | 43.56% Space Free | Partition Type: NTFS

    Computer Name: KISAKI-LAPTOP | User Name: Kisaki | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1001\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UpdatesDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6244177A-422D-4BDA-A98A-C12ED2778850}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
    "{79BDEE97-A869-4C6C-AF58-B7BF3FD916BE}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
    "{85FCBED8-56B6-44DF-B493-9172BFB5D7C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{BC3621B7-F82E-479B-98CD-FC22CBBA606C}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
    "{F7B0B470-37D8-49B9-9504-C40E54678801}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
    "{FFF2F9C1-4F67-41B7-A681-49ECF5965066}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0F4BE54C-A5FD-4A08-BFE5-75602F50C9E7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{27CF138F-6541-4305-A1AC-E57AFD545CC9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{2E1F92F4-9AA5-48E1-8BBC-EB1CB9BDFB65}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3759EC8D-E00C-4E8D-A7D8-81F61891F60C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{3F7DB7B8-6676-4B4F-A8FD-4D0D91A04DE5}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
    "{41270118-208F-415B-92E9-5CA38648AFFA}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
    "{5C954720-DAC2-49AF-9A23-7FE096D98599}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
    "{738A1A2B-558B-46DD-8832-A1FB9E939E9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{7C5C43A0-0BAB-4B93-A081-8CF1A40E3E5B}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
    "{86E89421-D664-41D5-9DF5-375B0E6A8F7B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
    "{8A57E0D6-8B24-408C-B863-3C36C3259BDA}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
    "{8F58817B-FC55-480D-81B6-2E562395BF8C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
    "{939A8469-4A1C-4411-A4D7-1AD602C40AE1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{955EF960-DEC3-4D5B-BDEC-90EDDCD6E359}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
    "{9A1FF9A7-5298-4E1E-967E-650372A71BC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9D9C2C32-EBF0-4770-A449-379EE1B9AAC2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{9FF1162D-51CF-4A30-AD36-1BC81AA435BA}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
    "{A4F625DF-2C12-470B-A4B0-4F701BAC9A32}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{BDE0F70E-D6C0-451F-931B-19F1983C22D9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D7425BC2-285A-44A5-9A13-F8D9C7E90903}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
    "{E0BCE8B9-8C20-4F27-87D2-1E0B602272B2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{E328C955-610B-4B97-B6AD-34871CD0AA26}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{F34E9DE1-F586-450F-9D60-743456279F96}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "TCP Query User{00DA8354-038B-4F5A-B5FE-D9D44069F08B}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{01C886F7-490B-4728-91EB-F18BB9E615B6}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
    "TCP Query User{03182851-375E-49BE-BC20-073290896568}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{0D9A603A-57E2-48E5-B00B-0F379B2A61AE}C:\program files\pinnacle\videospin\programs\videospin.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
    "TCP Query User{1312E703-6680-4DB7-839A-CBDC88AA2126}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
    "TCP Query User{14576027-BEF4-4BA0-94B7-33EF20E38C7C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{2580C21E-7FD1-4B1F-A76D-67A2D6B37295}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |
    "TCP Query User{2E69BCE2-E0C8-4C3E-AB62-38A86E2F0433}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{96DF889C-DB8A-43A5-8376-A84ACB84D0D2}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
    "TCP Query User{99FED435-6136-4A60-83C9-E413B69439DF}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "TCP Query User{A93ECD7E-7F32-44E4-9B9B-392ADE21447D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
    "TCP Query User{BADD8014-E3FA-45A5-9FC6-13C6F25D7E64}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{DB04E165-17C0-4C17-830C-0CC017FF4866}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{03B8EF7B-6618-4EE3-B473-6F133F1AF04C}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
    "UDP Query User{15853BB0-01E5-4A4F-8C43-98FE4E61110C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{16AF7B95-6301-4D93-AC47-7BC77EBB8980}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{3DD730D7-C230-4192-9FCA-97C43E8F69C1}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
    "UDP Query User{64CBE662-9D47-4B25-827D-49899DFA72A4}C:\program files\pinnacle\videospin\programs\videospin.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
    "UDP Query User{67DD28F9-9429-4CD4-A76E-E1DB6AAA6DE7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{A5F6754C-11E1-488B-B1BF-6B094D7AFB30}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{B1490DFD-57F1-46D3-8798-C94D634A9C70}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
    "UDP Query User{BA503E2B-2287-408C-9455-DBDDCF12E5F6}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |
    "UDP Query User{C83BCD2B-72C8-4243-A678-44A3F91F7C9E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{D4F2E733-B563-4083-805E-C4B6554163E1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{E9B5AC08-4CF5-41B9-908C-EC05FADB367C}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
    "UDP Query User{F30F7181-FBDB-4016-B902-02AC050ACFD5}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{113AC946-0CEB-49C7-828A-230FF9EB1DBB}" = TurboTax 2010 wmdiper
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
    "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
    "{39940ED0-EAA2-012B-ADF1-000000000000}" = TurboTax 2009 wmdiper
    "{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A11948E-8521-43B8-BBBD-5C24B804F0A3}" = Samsung PC Studio 3
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{595ED82D-446E-4C0B-B327-216AE31E9471}" = TurboTax 2008 wmdiper
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
    "{8537ABE9-DCE4-4149-A0B4-9926E449AD01}" = ESET NOD32 Antivirus
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A6F57B66-21BA-4065-9096-D6D6B5F395AB}" = InstallRoot 3.13
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
    "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
    "{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C6D442EC-14C6-4E5B-8378-305BAE7EDBBF}" = TurboTax 2011 wmdiper
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ImgBurn" = ImgBurn
    "Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Money2007b" = Microsoft Money Essentials
    "Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
    "Orbit_is1" = Orbit Downloader
    "Plato DVD Ripper Professional_is1" = Plato DVD Ripper Professional 6.66.14
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "SpywareBlaster_is1" = SpywareBlaster 4.2
    "StarCraft II" = StarCraft II
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "vsfilter_is1" = DirectVobSub 2.40.3644 x86
    "WildTangent gateway Master Uninstall" = Gateway Games
    "WinRAR archiver" = WinRAR archiver
    "Xvid_is1" = Xvid 1.2.1 final uninstall
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "uTorrent" = µTorrent

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Windows System Scanner" = Windows System Scanner

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/3/2012 7:38:36 AM | Computer Name = Kisaki-Laptop | Source = LoadPerf | ID = 3012
    Description =

    Error - 1/3/2012 7:38:36 AM | Computer Name = Kisaki-Laptop | Source = LoadPerf | ID = 3011
    Description =

    Error - 1/3/2012 7:38:37 AM | Computer Name = Kisaki-Laptop | Source = LoadPerf | ID = 3012
    Description =

    Error - 1/3/2012 7:38:37 AM | Computer Name = Kisaki-Laptop | Source = LoadPerf | ID = 3011
    Description =

    Error - 1/11/2012 4:56:28 AM | Computer Name = Kisaki-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 1/26/2012 2:19:47 PM | Computer Name = Kisaki-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 1/26/2012 4:22:26 PM | Computer Name = Kisaki-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 2/1/2012 4:21:10 AM | Computer Name = Kisaki-Laptop | Source = MsiInstaller | ID = 11606
    Description =

    Error - 2/1/2012 4:21:10 AM | Computer Name = Kisaki-Laptop | Source = MsiInstaller | ID = 11606
    Description =

    Error - 2/2/2012 6:09:52 AM | Computer Name = Kisaki-Laptop | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 6/6/2010 6:00:07 PM | Computer Name = Kisaki-Laptop | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    Error - 11/1/2010 8:41:56 PM | Computer Name = Kisaki-Laptop | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.


    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
  18. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    I think the documents/pictures are still on my computer since I just did a quick search and it found one of them, and it says it's in the old folder/path name that I thought it was, but when I go back to the My pictures option, it still says that the folder is empty. Does that mean it's somehow showing up as "hidden" for me? I didn't want to try to make any changes to the folders (ie, unhide them in the properties section) without checking with you first!
  19. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.
  20. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    Yup! That worked! =) I was a little worried because I did get an error message on the unhide where it said drive D didn't exist, and then I realized it was right - I don't have a drive D, but there was a USB cord plugged in (for the wireless headset, but the headphones aren't plugged in right now, but the cord is). I'm guessing that might triggered a "Fake" drive per se, but it's looking like everything is back document/picture wise.
  21. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Very good :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001..\Run: [fvmJCJEUlfbO.exe] C:\ProgramData\fvmJCJEUlfbO.exe File not found
      O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001..\Run: [TOY5KNQ8OC] C:\Users\Standard\AppData\Local\Temp\Am4.exe File not found
      O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-JB6QU.exe ()
      O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Ranges: GD ([http] in Local intranet)
      O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\..Trusted Domains: localhost ([]http in Local intranet)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
      O37 - HKU\S-1-5-21-710243377-3777013803-3809824090-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
      [2010/11/20 13:06:35 | 000,000,000 | -H-D | M] -- C:\Users\Standard\AppData\Roaming\AVG10
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
  22. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    Here's the new OTL Log :

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1001\Software\Microsoft\Windows\CurrentVersion\Run\\fvmJCJEUlfbO.exe not found.
    Registry value HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.0000000001 not found.
    File C:\Windows\is-JB6QU.exe not found.
    Registry key HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
    Registry value HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http not found.
    Registry key HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ not found.
    Registry key HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry key HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1001_Classes\.exe\ not found.
    Registry key HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1001_Classes\exefile\ not found.
    HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
    Folder move failed. C:\Users\Standard\AppData\Roaming\AVG10\cfgall scheduled to be moved on reboot.
    Folder move failed. C:\Users\Standard\AppData\Roaming\AVG10 scheduled to be moved on reboot.
    Unable to delete ADS C:\ProgramData\TEMP:5C321E34 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kisaki
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Standard
    ->Temp folder emptied: 808956 bytes
    ->Temporary Internet Files folder emptied: 145074 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 4963811 bytes
    ->Flash cache emptied: 207583 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 17075104 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 22.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Kisaki
    ->Java cache emptied: 0 bytes

    User: Public

    User: Standard
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest

    User: Kisaki
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Standard
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.1 log created on 03242012_032126

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Standard\AppData\Roaming\AVG10\cfgall not found!
    Folder move failed. C:\Users\Standard\AppData\Roaming\AVG10 scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  23. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    I couldn't get the Update to Java to work - I keep getting the

    "Error 1606. Could not access network location %APPDATA%\."

    I tried hitting the retry button, but get the same message after a couple of minutes.
    The online help that pops up says I need to try the offline installer, but thought I"d check to make sure thats ok first.

    Thanks!
  24. Broni

    Broni Malware Annihilator Posts: 45,188   +242

  25. kisaki

    kisaki Newcomer, in training Topic Starter Posts: 26

    Ok, I've no longer got Java on the system (at least the Java site says it's gone, and it's not appearing in the list of removable programs), and but I'm still getting the same Error message when I try with the manual download. I'm also having issues with Firefox (I keep getting a blank white screen when I try to come to the forum and all it says in the bottom corner is Read ads.pubmatic.com, but it's not actually loading anything). I'll try another reboot and see if it lets me install the Java


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.