Inactive Internet access not allowed after TDSS rootkit removal

Dds log

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by Raj at 16:07:41 on 2011-05-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3582.1722 [GMT 1:00]
.
AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\system32\FsUsbExService.Exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Altaro\Oops!Backup\OopsBackup.Service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Switcher\Switcher.exe
C:\Program Files\Altaro\Oops!Backup\OopsBackup.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Altaro\Oops!Backup\OopsBackup.Engine.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\rundll32.exe
C:\Windows\system32\sdclt.exe
K:\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
mWinlogon: Userinit=Userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Switcher] "c:\program files\switcher\Switcher.exe" /quiet
uRun: [Oops!Backup] c:\program files\altaro\oops!backup\OopsBackup.exe AUTOSTART
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NPSStartup]
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure\avp.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky pure\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
TCP: {83F776CF-6AFD-44E8-A640-222AA9C9262F} = 156.154.70.22,156.154.71.22
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\windows\system32\guard32.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 20609872;20609872 Boot Guard Driver;c:\windows\system32\drivers\20609872.sys [2011-5-22 37392]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2011-5-29 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
R1 20609871;20609871;c:\windows\system32\drivers\20609871.sys [2011-5-22 128016]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 236600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 34744]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2011-5-29 39352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-6 218688]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-7 390528]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\dvdplay\000.fcl [2008-9-23 61424]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 AVP;Kaspersky PURE;c:\program files\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-7-27 238952]
R2 OopsBackup.Service.exe;Oops!Backup Service;c:\program files\altaro\oops!backup\OopsBackup.Service.exe [2011-4-6 22016]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-11-20 240232]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2011-5-1 4096]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-7-27 36608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.2;c:\windows\system32\drivers\libusb0.sys [2006-5-30 29184]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2008-12-30 53168]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-15 552448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ca810av;CA810A WebCam Driver;c:\windows\system32\drivers\Ca810av.sys [2009-9-7 2329216]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-19 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [2007-3-27 92032]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-1-10 32512]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-5-28 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-5-28 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-5-28 123648]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-9-24 19968]
S4 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
.
=============== Created Last 30 ================
.
2011-05-30 15:05:31 -------- d-----w- c:\users\raj\appdata\roaming\.
2011-05-30 15:05:30 -------- d--h--w- C:\VritualRoot
2011-05-30 15:05:30 -------- d-----w- c:\users\raj\appdata\roaming\..
2011-05-30 15:05:30 -------- d-----w- c:\users\raj\appdata\local\..
2011-05-30 15:05:30 -------- d-----w- c:\users\raj\appdata\local\.
2011-05-30 15:05:30 -------- d-----w- c:\users\raj\..
2011-05-30 15:05:30 -------- d-----w- c:\users\raj\.
2011-05-30 15:05:30 -------- d-----w- C:\Users
2011-05-30 14:47:05 -------- d-----w- c:\users\raj\appdata\local\Adobe
2011-05-29 13:52:13 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-05-29 13:52:13 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-05-29 13:51:26 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-05-29 13:51:26 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-05-29 13:49:21 -------- d-----w- c:\program files\common files\InfoWatch
2011-05-29 13:49:16 -------- d-----w- c:\program files\Kaspersky Lab
2011-05-29 13:18:48 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-05-29 11:19:22 -------- d-----w- c:\users\raj\appdata\roaming\SUPERAntiSpyware.com
2011-05-29 11:04:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-29 08:54:26 -------- d-----w- c:\users\raj\appdata\roaming\Malwarebytes
2011-05-29 08:54:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:54:11 -------- d-----w- c:\programdata\Malwarebytes
2011-05-29 08:54:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 08:54:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 12:30:27 98432 ---ha-w- c:\windows\system32\drivers\ss_bbus.sys
2011-05-28 12:30:27 14848 ---ha-w- c:\windows\system32\drivers\ss_bmdfl.sys
2011-05-28 12:30:27 12416 ---ha-w- c:\windows\system32\drivers\ss_bcmnt.sys
2011-05-28 12:30:27 12416 ---ha-w- c:\windows\system32\drivers\ss_bcm.sys
2011-05-28 12:30:27 123648 ---ha-w- c:\windows\system32\drivers\ss_bmdm.sys
2011-05-28 12:30:27 12288 ---ha-w- c:\windows\system32\drivers\ss_bwhnt.sys
2011-05-28 12:30:27 12288 ---ha-w- c:\windows\system32\drivers\ss_bwh.sys
2011-05-28 12:26:56 -------- d-----w- c:\program files\MarkAny
2011-05-28 12:03:24 -------- d-----w- c:\users\raj\appdata\local\Downloaded Installations
2011-05-28 06:37:38 -------- d-----w- c:\users\raj\appdata\roaming\CoreFTP
2011-05-28 06:37:06 -------- d-----w- c:\program files\CoreFTP
2011-05-28 06:31:12 -------- d-----w- c:\users\raj\appdata\local\Altaro
2011-05-28 06:31:01 -------- d-----w- c:\programdata\OopsBackup
2011-05-28 06:30:57 -------- d-----w- c:\program files\Altaro
2011-05-26 15:14:37 -------- d-----w- c:\programdata\Samsung
2011-05-26 06:09:54 -------- d-----w- c:\users\raj\appdata\local\Mango_Enterprise_-_http__
2011-05-22 15:27:19 -------- d-----w- c:\windows\system32\AGEIA
2011-05-22 15:27:08 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-05-22 07:17:53 37392 ---ha-w- c:\windows\system32\drivers\20609872.sys
2011-05-22 07:17:53 311312 ---ha-w- c:\windows\system32\drivers\2060987.sys
2011-05-22 07:17:53 128016 ---ha-w- c:\windows\system32\drivers\20609871.sys
2011-05-21 18:02:11 -------- d-----w- c:\program files\RegDefense
2011-05-21 16:35:00 -------- d-----w- c:\users\raj\appdata\roaming\ParetoLogic
2011-05-21 16:35:00 -------- d-----w- c:\users\raj\appdata\roaming\DriverCure
2011-05-21 16:34:56 -------- d-----w- c:\programdata\ParetoLogic
2011-05-21 16:34:56 -------- d-----w- c:\program files\ParetoLogic
2011-05-21 16:34:56 -------- d-----w- c:\program files\common files\ParetoLogic
2011-05-21 12:37:10 -------- d-----w- c:\program files\Hide My IP
2011-05-21 12:11:52 -------- d-----w- c:\users\raj\appdata\local\Media Get LLC
2011-05-21 12:11:40 -------- d-----w- c:\users\raj\appdata\local\MediaGet2
2011-05-21 12:06:00 -------- d-----w- c:\users\raj\appdata\local\SKIDROW
2011-05-19 17:44:14 -------- d-----w- c:\users\raj\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-05-18 06:30:18 784136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-05-11 06:00:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-08 07:16:33 -------- d-----w- c:\program files\SystemRequirementsLab
2011-05-01 13:05:32 -------- d-----w- c:\programdata\Blueberry
2011-05-01 12:33:34 -------- d-----w- c:\users\raj\appdata\roaming\Blueberry
2011-05-01 12:31:41 4608 ----a-w- c:\windows\system32\bbchlp.dll
2011-05-01 12:31:41 4096 ---ha-w- c:\windows\system32\drivers\bbcap.sys
2011-05-01 12:31:41 30720 ----a-w- c:\windows\system32\bbcap.dll
2011-05-01 12:31:23 -------- d-----w- c:\users\raj\appdata\roaming\LogSys
2011-05-01 12:31:22 -------- d-----w- c:\programdata\LogSys
2011-05-01 12:31:14 -------- d-----w- c:\program files\common files\Blueberry Software
2011-05-01 12:31:08 -------- d-----w- c:\program files\Blueberry Software
2011-04-30 16:57:56 -------- d-----w- c:\program files\HyCam2
.
==================== Find3M ====================
.
2011-04-28 13:34:50 53816 ---ha-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-06 20:49:32 218688 ---ha-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35:36 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 16:12:26.29 ===============

Attach.txt for DDS

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2008 01:56:24
System Uptime: 30/05/2011 08:28:48 (8 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLA
Processor: AMD Phenom(tm) 8550 Triple-Core Processor | CPU 1 | 1100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 583 GiB total, 382.855 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.749 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP733: 02/05/2011 11:25:44 - Scheduled Checkpoint
RP734: 03/05/2011 07:34:57 - Scheduled Checkpoint
RP736: 03/05/2011 16:47:30 - Installed Rapport
RP737: 06/05/2011 12:19:19 - Scheduled Checkpoint
RP738: 10/05/2011 11:17:41 - Scheduled Checkpoint
RP739: 12/05/2011 17:40:47 - Windows Update
RP740: 13/05/2011 21:34:59 - Scheduled Checkpoint
RP741: 14/05/2011 09:51:09 - Scheduled Checkpoint
RP742: 15/05/2011 09:45:24 - Removed BBC iPlayer Desktop
RP743: 17/05/2011 12:13:06 - Scheduled Checkpoint
RP744: 17/05/2011 21:16:45 - Windows Modules Installer
RP745: 18/05/2011 17:05:32 - Scheduled Checkpoint
RP746: 21/05/2011 15:34:11 - Scheduled Checkpoint
RP747: 21/05/2011 16:55:37 - Restore Operation
RP905: 30/05/2011 13:48:21 - Windows Backup
.
==== Installed Programs ======================
.
7-Zip 9.20
ABBYY FineReader 6.0 Sprint
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop CS5
Adobe Reader 8.1.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Any Video Converter 3.1.7
AOL Toolbar 5.0
Apple Application Support
Apple Software Update
µTorrent
AutocompletePro
AviSynth 2.5
AVS Document Converter 1.0.3
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BB FlashBack Express
Belkin F5D8053 N Wireless USB Adapter
Cards_Calendar_OrderGift_DoMorePlugout
CDDRV_Installer
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Connect
Core FTP LE
Counter-Strike 1.6
CyberLink DVD Suite Deluxe
DAEMON Tools Lite
Driving Test Success - All Tests (2007-2008)
Driving Test Success - Hazard Perception (2009-2010)
DVD Play BD
Enhanced Multimedia Keyboard Solution
Epson Easy Photo Print 2
Epson Event Manager
EPSON Scan
EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Manual
EPSON SX600FW Series Printer Uninstall
EpsonNet Config V3
erLT
Geekbench 2.1
Google SketchUp Pro 8
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Easy Setup - Frontend
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Product Detection
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartPhotobookWebPack1
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Kaspersky PURE
KhalInstallWrapper
kuler
LabelPrint
LibUSB-Win32-0.1.10.1
LightScribe System Software 1.14.17.1
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Protection Service
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MioMore Desktop 2
Mozilla Thunderbird (3.1.9)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Oops!Backup
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Power2Go
PowerDirector
PSSWCORE
Python 2.5.2
Quake Live Mozilla Plugin
Rapport
RocketDock 1.3.5
Safari
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Skype™ 5.1
Sony Picture Utility
Sony USB Driver
Spelling Dictionaries Support For Adobe Reader 8
Suite Shared Configuration CS4
SUPERAntiSpyware
Switcher 2.0.0
System Requirements Lab CYRI
Ulead Burn.Now 1.5
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB2.0 2MP UVC Camera
VideoToolkit01
VLC media player 1.0.1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
30/05/2011 15:47:01, Error: MSFWDrv [9] - The device, , did not respond within the timeout period.
30/05/2011 15:41:56, Error: bowser [8003] - The master browser has received a server announcement from the computer SECRETASSASIN69 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2205C147-47D3-4539-BC31-34. The master browser is stopping or an election is being forced.
30/05/2011 12:51:39, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
30/05/2011 12:37:05, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.170.149.194 for the Network Card with network address 001CDF9373F7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
30/05/2011 12:36:29, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 001CDF9373F7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
30/05/2011 11:29:58, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 001CDF9373F7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
30/05/2011 08:30:36, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
30/05/2011 08:30:34, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
30/05/2011 08:30:05, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
30/05/2011 08:29:59, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 86.18.141.193:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 81.103.55.233:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 80.6.26.224:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.2.4:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.2.3:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.2.2:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.100.10:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.4:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.3:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.2:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.91.21:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.66.202:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.51.182:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.254.74:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.251.209:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.235.126:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.227.178:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.223.99:63331. The error status code is contained within the returned data.
30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.204.221:63331. The error status code is contained within the returned data.
29/05/2011 18:37:37, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: Access is denied.
29/05/2011 18:37:36, Error: Service Control Manager [7023] - The TPM Base Services service terminated with the following error: Access is denied.
29/05/2011 18:37:36, Error: Service Control Manager [7023] - The KtmRm for Distributed Transaction Coordinator service terminated with the following error: Access is denied.
29/05/2011 18:37:34, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {6295DF2D-35EE-11D1-8707-00C04FD93327} as /. The error: "5" Happened while starting this command: C:\Windows\System32\mobsync.exe -Embedding
29/05/2011 18:37:32, Error: Service Control Manager [7023] - The Windows Font Cache Service service terminated with the following error: Access is denied.
29/05/2011 18:31:41, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
29/05/2011 18:31:39, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: Windows Font Cache Service is not a valid Win32 application.
29/05/2011 18:31:38, Error: Service Control Manager [7023] - The Windows Media Center Service Launcher service terminated with the following error: Access is denied.
29/05/2011 17:28:41, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
29/05/2011 14:36:11, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Automatic LiveUpdate Scheduler service to connect.
29/05/2011 13:58:39, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
29/05/2011 12:30:13, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
29/05/2011 11:37:50, Error: bowser [8003] - The master browser has received a server announcement from the computer SECRETASSASIN69 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CF54F713-18D6-41CB-9BD7-5D. The master browser is stopping or an election is being forced.
29/05/2011 09:45:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
29/05/2011 09:44:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
29/05/2011 09:36:22, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
29/05/2011 09:35:34, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
29/05/2011 09:35:34, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
29/05/2011 09:34:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
29/05/2011 09:34:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
29/05/2011 09:34:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/05/2011 09:34:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
29/05/2011 08:39:10, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
29/05/2011 08:39:10, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/05/2011 08:35:24, Error: EventLog [6008] - The previous system shutdown at 08:32:51 on 29/05/2011 was unexpected.
29/05/2011 08:30:12, Error: EventLog [6008] - The previous system shutdown at 08:27:54 on 29/05/2011 was unexpected.
28/05/2011 21:22:44, Error: EventLog [6008] - The previous system shutdown at 19:10:50 on 28/05/2011 was unexpected.
28/05/2011 18:54:13, Error: EventLog [6008] - The previous system shutdown at 18:49:26 on 28/05/2011 was unexpected.
28/05/2011 13:27:49, Error: Service Control Manager [7030] - The FsUsbExService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
27/05/2011 18:08:09, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.3 with the system having network hardware address 00-00-48-62-28-28. Network operations on this system may be disrupted as a result.
27/05/2011 07:02:15, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
25/05/2011 18:53:55, Error: EventLog [6008] - The previous system shutdown at 18:51:45 on 25/05/2011 was unexpected.
24/05/2011 20:57:23, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/05/2011 19:28:30, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/05/2011 19:28:30, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/05/2011 19:20:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
24/05/2011 18:22:02, Error: EventLog [6008] - The previous system shutdown at 18:18:08 on 24/05/2011 was unexpected.
24/05/2011 18:17:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
24/05/2011 18:17:14, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/05/2011 11:46:38, Error: EventLog [6008] - The previous system shutdown at 11:43:36 on 23/05/2011 was unexpected.
23/05/2011 11:43:17, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/05/2011 11:43:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
23/05/2011 11:43:16, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
23/05/2011 11:40:46, Error: EventLog [6008] - The previous system shutdown at 11:37:25 on 23/05/2011 was unexpected.
23/05/2011 11:36:35, Error: EventLog [6008] - The previous system shutdown at 11:33:37 on 23/05/2011 was unexpected.
23/05/2011 11:32:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Stereoscopic 3D Driver Service service to connect.
23/05/2011 11:32:15, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/05/2011 11:30:46, Error: EventLog [6008] - The previous system shutdown at 11:27:45 on 23/05/2011 was unexpected.
23/05/2011 11:26:43, Error: EventLog [6008] - The previous system shutdown at 11:23:02 on 23/05/2011 was unexpected.
23/05/2011 11:20:19, Error: EventLog [6008] - The previous system shutdown at 11:18:03 on 23/05/2011 was unexpected.
23/05/2011 11:16:13, Error: EventLog [6008] - The previous system shutdown at 11:13:02 on 23/05/2011 was unexpected.
23/05/2011 11:12:19, Error: EventLog [6008] - The previous system shutdown at 11:09:13 on 23/05/2011 was unexpected.
23/05/2011 11:05:30, Error: EventLog [6008] - The previous system shutdown at 11:02:48 on 23/05/2011 was unexpected.
23/05/2011 11:02:06, Error: EventLog [6008] - The previous system shutdown at 10:59:20 on 23/05/2011 was unexpected.
20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6
20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6
20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6
.
==== End Of File ===========================


=======================================

Please stay away from the FunWebSearch and similar sites. You do not get something for nothing! They are happy to put adware and spyware on the system.

If you are using any file sharing programs are sites, please do not use them while I am helping you.Again, free file sharing really isn't> free!

Click to expand...

Thanks for letting me know and will do also there was a problem with running GMER; is it normal for it to take something around 3 / 4 hours to complete.

And also what do you think is stopping me from getting on to the internet? I forgot to mention that i had quite a few BSoDs on this pc and i started a thread on that here. I'm not sure but does that have anything to do with this.

Thanks again for your help

GMER does not load for me so I have attached the error message and the system properties page because in another forum I read that it does not work for people on Vista Home Premium because it is x64 but my system is a 32 bit but it still doesn't work. GMER does not load even when it is run as administrator.

Please check these programs for contents:

AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
http://usa.kaspersky.com/products-services/home-computer-security/pure

SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
https://forums.comodo.com/guides-cis/setting-up-defense-for-maximum-security-t30473.0.html

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
c:\program files\SUPERAntiSpyware
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\trusteer\rapport
=====================================
Rule: One antivirus program
Rule: One firewall
2 or more antimalware programs
===================================
You are so over-protected that the progrms are fighting to shut you down!!!
From the Event Viewer:
20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6
20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6
20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6

cmdGuard is the Comado firewall;;

The I8042prt.sys is a system function driver found in Microsoft Windows 2000 and later versions for PS/2-style keyboard and mouse devices.

Rapportkell.sys with description RapportKE is a driver file from company Trusteer Ltd. belonging to product Rapport. Needs to be removed.

SASDIFSV and SASKUTIL are both Drivers for the Super Antispyware security software.

spldr is the Security Processor Loader Driver (Microsoft)

Wanarpv6.sys = Remote Access IPv6 ARP Driver
=========================================
Suggest you get the security in order. In attempting to lock others out, you have-literally- locked yourself in. Then we can check for malware. Also suggest you stick to one thread. The problems you have posted in several other threads currently (in last week) are most likely related. Spreading them out over several threads is not going to work!

ok thanks for your help again so i have now uninstalled comodo av and fw btw what's sp? anyway the internet access is working now i think there may have been conflict between the two programs that stopped me from accessing the internet? GMER still won't work please help!!

Run these instead:

Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
============================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

==========================================================================
COMBO FIX LOG
==========================================================================
ComboFix 11-05-30.07 - Raj 31/05/2011 7:52.1.3 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3582.2328 [GMT 1:00]
Running from: c:\users\Raj\AppData\Local\Temp\9357gxlj.tmp\ComboFix.exe
AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\64\AutocompletePro64.dll
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\users\Raj\AppData\Local\{C33DA028-E847-45A0-AB7E-3176C37C55FE}
c:\users\Raj\AppData\Local\{C33DA028-E847-45A0-AB7E-3176C37C55FE}\chrome.manifest
c:\users\Raj\AppData\Local\{C33DA028-E847-45A0-AB7E-3176C37C55FE}\chrome\content\_cfg.js
c:\users\Raj\AppData\Local\{C33DA028-E847-45A0-AB7E-3176C37C55FE}\chrome\content\overlay.xul
c:\users\Raj\AppData\Local\{C33DA028-E847-45A0-AB7E-3176C37C55FE}\install.rdf
c:\users\Raj\AppData\Roaming\.#
c:\users\Raj\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\jusched.exe
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-31 07:11 . 2011-05-31 07:18 -------- d-----w- c:\users\Raj\AppData\Local\temp
2011-05-31 07:11 . 2011-05-31 07:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 15:05 . 2011-05-30 15:05 -------- d-----w- C:\VritualRoot
2011-05-30 14:47 . 2011-05-30 16:14 -------- d-----w- c:\users\Raj\AppData\Local\Adobe
2011-05-29 16:49 . 2011-05-29 16:49 -------- d-----w- c:\program files\Safari
2011-05-29 16:47 . 2011-05-29 16:47 -------- d-----w- c:\program files\Common Files\Apple
2011-05-29 16:47 . 2011-05-29 16:47 -------- d-----w- c:\program files\Apple Software Update
2011-05-29 13:52 . 2011-05-29 14:16 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-05-29 13:52 . 2011-05-29 14:16 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-05-29 13:51 . 2009-12-14 11:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-05-29 13:51 . 2009-12-14 11:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-05-29 13:49 . 2011-05-29 13:49 -------- d-----w- c:\program files\Common Files\InfoWatch
2011-05-29 13:49 . 2011-05-29 13:49 -------- d-----w- c:\program files\Kaspersky Lab
2011-05-29 13:18 . 2011-05-29 13:18 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-05-29 11:19 . 2011-05-29 11:19 -------- d-----w- c:\users\Raj\AppData\Roaming\SUPERAntiSpyware.com
2011-05-29 11:04 . 2011-05-29 11:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-29 08:54 . 2011-05-29 08:54 -------- d-----w- c:\users\Raj\AppData\Roaming\Malwarebytes
2011-05-29 08:54 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:54 . 2011-05-29 08:54 -------- d-----w- c:\programdata\Malwarebytes
2011-05-29 08:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 08:54 . 2011-05-29 08:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 12:30 . 2010-04-27 02:25 98432 ---ha-w- c:\windows\system32\drivers\ss_bbus.sys
2011-05-28 12:30 . 2010-04-27 02:25 14848 ---ha-w- c:\windows\system32\drivers\ss_bmdfl.sys
2011-05-28 12:30 . 2010-04-27 02:25 12416 ---ha-w- c:\windows\system32\drivers\ss_bcmnt.sys
2011-05-28 12:30 . 2010-04-27 02:25 12416 ---ha-w- c:\windows\system32\drivers\ss_bcm.sys
2011-05-28 12:30 . 2010-04-27 02:25 123648 ---ha-w- c:\windows\system32\drivers\ss_bmdm.sys
2011-05-28 12:30 . 2010-04-27 02:25 12288 ---ha-w- c:\windows\system32\drivers\ss_bwhnt.sys
2011-05-28 12:30 . 2010-04-27 02:25 12288 ---ha-w- c:\windows\system32\drivers\ss_bwh.sys
2011-05-28 12:26 . 2011-05-28 12:26 -------- d-----w- c:\program files\MarkAny
2011-05-28 12:03 . 2011-05-28 12:03 -------- d-----w- c:\users\Raj\AppData\Local\Downloaded Installations
2011-05-28 06:37 . 2011-05-28 06:37 -------- d-----w- c:\users\Raj\AppData\Roaming\CoreFTP
2011-05-28 06:37 . 2011-05-28 06:37 -------- d-----w- c:\program files\CoreFTP
2011-05-28 06:31 . 2011-05-30 21:47 -------- d-----w- c:\users\Raj\AppData\Local\Altaro
2011-05-28 06:31 . 2011-05-30 21:52 -------- d-----w- c:\programdata\OopsBackup
2011-05-26 15:14 . 2011-05-26 15:14 -------- d-----w- c:\programdata\Samsung
2011-05-26 06:09 . 2011-05-28 06:30 -------- d-----w- c:\users\Raj\AppData\Local\Mango_Enterprise_-_http__
2011-05-22 15:27 . 2011-05-22 15:27 -------- d-----w- c:\program files\AGEIA Technologies
2011-05-22 15:27 . 2011-05-22 15:27 -------- d-----w- c:\windows\system32\AGEIA
2011-05-22 15:27 . 2011-05-22 15:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-05-22 14:37 . 2011-05-22 14:37 -------- d-----w- c:\program files\7-Zip
2011-05-22 07:17 . 2009-10-22 12:54 37392 ---ha-w- c:\windows\system32\drivers\20609872.sys
2011-05-22 07:17 . 2009-10-09 22:31 311312 ---ha-w- c:\windows\system32\drivers\2060987.sys
2011-05-22 07:17 . 2009-09-25 16:59 128016 ---ha-w- c:\windows\system32\drivers\20609871.sys
2011-05-21 18:02 . 2011-05-24 18:12 -------- d-----w- c:\program files\RegDefense
2011-05-21 16:35 . 2011-05-21 16:35 -------- d-----w- c:\users\Raj\AppData\Roaming\ParetoLogic
2011-05-21 16:35 . 2011-05-21 16:35 -------- d-----w- c:\users\Raj\AppData\Roaming\DriverCure
2011-05-21 16:34 . 2011-05-21 16:34 -------- d-----w- c:\programdata\ParetoLogic
2011-05-21 16:34 . 2011-05-21 16:34 -------- d-----w- c:\program files\ParetoLogic
2011-05-21 16:34 . 2011-05-21 16:34 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-05-21 12:37 . 2011-05-21 14:42 -------- d-----w- c:\program files\Hide My IP
2011-05-21 12:11 . 2011-05-21 12:11 -------- d-----w- c:\users\Raj\AppData\Local\Media Get LLC
2011-05-21 12:11 . 2011-05-21 12:11 -------- d-----w- c:\users\Raj\AppData\Local\MediaGet2
2011-05-21 12:06 . 2011-05-21 12:06 -------- d-----w- c:\users\Raj\AppData\Local\SKIDROW
2011-05-19 17:44 . 2011-05-19 17:44 -------- d-----w- c:\users\Raj\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-05-18 17:04 . 2011-05-18 17:04 -------- d-----w- c:\windows\Sun
2011-05-18 06:30 . 2011-05-18 06:30 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-11 06:00 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-08 07:16 . 2011-05-08 07:16 -------- d-----w- c:\program files\SystemRequirementsLab
2011-05-08 07:16 . 2011-05-08 07:16 -------- d-----w- c:\users\Raj\AppData\Roaming\SystemRequirementsLab
2011-05-01 13:05 . 2011-05-01 13:12 -------- d-----w- c:\programdata\Blueberry
2011-05-01 12:33 . 2011-05-01 13:12 -------- d-----w- c:\users\Raj\AppData\Roaming\Blueberry
2011-05-01 12:31 . 2011-05-01 12:31 4608 ----a-w- c:\windows\system32\bbchlp.dll
2011-05-01 12:31 . 2011-05-01 12:31 4096 ---ha-w- c:\windows\system32\drivers\bbcap.sys
2011-05-01 12:31 . 2011-05-01 12:31 30720 ----a-w- c:\windows\system32\bbcap.dll
2011-05-01 12:31 . 2011-05-01 12:33 -------- d-----w- c:\users\Raj\AppData\Roaming\LogSys
2011-05-01 12:31 . 2011-05-01 12:31 -------- d-----w- c:\programdata\LogSys
2011-05-01 12:31 . 2011-05-01 12:31 -------- d-----w- c:\program files\Common Files\Blueberry Software
2011-05-01 12:31 . 2011-05-01 12:31 -------- d-----w- c:\program files\Blueberry Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 13:34 . 2011-04-28 13:34 53816 ---ha-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-13 06:06 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-13 06:06 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-06 20:49 . 2011-04-06 20:49 218688 ---ha-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-12 21:55 . 2011-04-28 15:29 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 06:28 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 06:28 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 06:28 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 15:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-28 15:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 15:29 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 15:29 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 15:29 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-28 15:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-15 06:28 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 06:28 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 21:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 07:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-07-04 18:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAMONITOR]
2007-10-16 17:32 249856 ----a-w- c:\program files\USB2.0 2MP UVC Camera\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-05-07 15:28 591696 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX600FW Series]
2008-03-05 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEKE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON622828]
2008-03-05 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEKE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 14:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-05 21:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2008-06-06 18:17 203296 ----a-w- c:\windows\System32\nvraidservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 13:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-04-07 01:56 132760 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-23 15:00 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher]
2007-10-28 11:35 425984 ----a-w- c:\program files\Switcher\Switcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-17 18:18 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3699171474-4233505151-127562807-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\Raj\AppData\Local\Temp\ALSysIO.sys [x]
R3 Ca810av;CA810A WebCam Driver;c:\windows\system32\Drivers\Ca810av.sys [2007-10-16 2329216]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmvmdm.sys [2007-03-27 92032]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
R4 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200]
S0 20609872;20609872 Boot Guard Driver;c:\windows\system32\DRIVERS\20609872.sys [2009-10-22 37392]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-28 53816]
S1 20609871;20609871;c:\windows\system32\DRIVERS\20609871.sys [2009-09-25 128016]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-06 218688]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-07 390528]
S1 RapportCerberus_26169;RapportCerberus_26169;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [2011-05-02 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-28 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-28 158904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\DVDPlay\000.fcl [2008-06-11 61424]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2011-05-01 4096]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.2;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-30 29184]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-15 552448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-30 c:\windows\Tasks\HPCeeScheduleForRaj.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-09-23 19:03]
.
2011-05-31 c:\windows\Tasks\User_Feed_Synchronization-{2BDB8D55-462F-4297-B3C2-3FE801E7AF2E}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{83F776CF-6AFD-44E8-A640-222AA9C9262F}: NameServer = 156.154.70.22,156.154.71.22
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-WinDefender - c:\users\Raj\AppData\Roaming\svchost.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\DVDPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7136)
c:\windows\System32\NLSData0009.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2011-05-31 08:30:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-31 07:30
.
Pre-Run: 418,783,600,640 bytes free
Post-Run: 418,024,968,192 bytes free
.
- - End Of File - - 5E0BE6253A360D83054F1EFEF044E1CF
==========================================================================

Results of ESET Scan

===================================================================
C:\Program Files\IWONGEI\Installr\1.bin\9uEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Users\Raj\AppData\Local\_rr_odugoqoralosu.dll a variant of Win32/Kryptik.KNA trojan
===================================================================

Sorry for delay- we've been swamped!

For Eset:
Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  Code:

  :Files 
  C:\Program Files\[B]IWON[/B]GEI\Installr\1.bin\9uEIPlug.dll 
  C:\Users\Raj\AppData\Local\_rr_odugoqoralosu.dll 
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==================================
If you have anything from iWon> Delete it

IWon.com is a free casual game site and web portal that offers the chance to win cash and prizes through activities such as clicking through links or playing online games.

Click to expand...

It's a dirty site. Delete or uninstall all entries.
==================================
STOP adding security:> C:\VritualRoot
Be careful where and what you download. You install at least 9 new programs between 5/21-5/30/2011. You were already having BSOD, you could only boot into Safe Mode and you had malware. I am reasonable certain that the malware resulted from 1. Excessive security. 2. Bad download or bad site
===================================
FYI: AV=antivirus, FW=firewall, SP=spyware (antimalware) programs.
=====================================
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

All processes killed
========== FILES ==========
C:\Program Files\IWONGEI\Installr\1.bin\9uEIPlug.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Raj\AppData\Local\_rr_odugoqoralosu.dll
C:\Users\Raj\AppData\Local\_rr_odugoqoralosu.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Raj
->Temp folder emptied: 176974395 bytes
->Temporary Internet Files folder emptied: 18303444 bytes
->Java cache emptied: 112029 bytes
->FireFox cache emptied: 65707216 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 20740096 bytes
->Flash cache emptied: 3207099 bytes

User: RAJ_2
->Temp folder emptied: 0 bytes

User: SHUBHAM.Kalyan
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 542 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49406726 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 331 bytes
RecycleBin emptied: 30883311 bytes

Total Files Cleaned = 348.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 06052011_170821

Files moved on Reboot...
File C:\Users\Raj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4JMZ8RPM(38)\8a005e39ea57a367bc4b3140393fb470097cc658d530a0f37ee95e09b5401ca19e4a93320904af6a357b56e0345c9cb9e8c605e4dd58d5e1179c1d52b9cb0e7f8668fd41a97a11698d26029a738d[1].txt not found!
File C:\Users\Raj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\18OPDXCH(36)\bbf4838ee9360caf26a4216076ca1f28ea7500a7f77b314c842af436e80365137160fb24087da950d631a4e471f90d0be6404ea1cd14c6610d50ab6e332356b4355c9be4bc9013ff951d03bf1b5f[1].txt not found!

Registry entries deleted on Reboot...
==========================================================================
btw in C:\Virtual Root there is only a folder named dds.scr which you told me to install

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:17:40, on 05/06/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Switcher\Switcher.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msfeedssync.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Switcher] "C:\Program Files\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83F776CF-6AFD-44E8-A640-222AA9C9262F}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8223 bytes

====================================================================================================================
Once again thank you for the help i appreciate it very much.

You're welcome. Just a few entries in HJT to remove:

Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll See Option 1

Option 1: You may have used GoToAssist at one time for remote help. IF you are not using this now, you should stop this process and remove the program.

Close all Windows except HijackThis and click on "Fix Checked."
======================================
C:\Virtual Root is the renamed "Sandbox" for the Comodo Internet Security. It is a new feature added into the newest Comodo Internet Security 4.
Supposedly, a program is placed in that directory if the security status cannot be immediately identified. In some instances, this will allow the program to be run safely without alerts while it is investigated (eg via CIMA) by Comodo.

It can have some drawbacks:

But the following may be experienced:
- installers do not work if sandboxed (?may never be implemented - too difficult in 64 bit?)
- automatic investigation by Comodo is not enabled
- automatic sandboxing does not include virtualisation of program data

Click to expand...

Many don't realize that too much security can make a system more vulnerable, not less. When you are tempted to add any security, be sure you understand it's purpose and contents.

Has the internet connection been restored? Are there any malware related problem remaining?

thank you the internet connection was restored quite a while ago and currently there aren't any malware problems that i can see.

You're welcome. You can remove the cleaning tools now:

Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if you have any more questions.