[HOH_Virus]

I have been working on this all day but no solutions!! I try to run superantispyware it opens then just freezes up and does not respond at all when I go to the task manager to try to end SAS it just sits there. basically the only way I can get it to close is shutting down. Then I try to open Malwarebytes and I click on the Icon it opens a window asking if I will allow malwarebytes to make changes I click yes then nothing. Also I have tried to open up itunes and vuze and they will not open either! Any suggestions will be appreciated!

Also I noticed SAS will open and run but quits reponding as soo as you hit the scan my computer button.

Edited by HOH_Virus, 18 February 2010 - 04:02 PM.

[Advertisements]

I posted a couple hours ago but did not get any response and things have taken a turn for the worse I will try to explain as much as I can. First hardly any programs will open especially one that connect to the web. No spyware I try to either run, install, or Uninstall will do so. Superantispyware opens but as soon as you click the scan button it stops responding. Malwarebytes will not open at all, Itunes will not open. And I even tried a system restore to an earlier date and I get a message saying creation of a shadow copy timed out. When I try to restart windows gets stuck on the logging off screen and I have to hold down the power button. Then the latest! I rebooted and my wireless Icon on the bottom is gone, I went in the control panel and I can see my access point but when I try to repair it gets stuck trying to do that. Now the cursor has the blue circle just blinking beside about every two seconds. I have tried everything and have been working on this since about 1 this afternoon any suggestions will be helpful.

[HOH_Virus]

I posted a couple hours ago but did not get any response and things have taken a turn for the worse I will try to explain as much as I can. First hardly any programs will open especially one that connect to the web. No spyware I try to either run, install, or Uninstall will do so. Superantispyware opens but as soon as you click the scan button it stops responding. Malwarebytes will not open at all, Itunes will not open. And I even tried a system restore to an earlier date and I get a message saying creation of a shadow copy timed out. When I try to restart windows gets stuck on the logging off screen and I have to hold down the power button. Then the latest! I rebooted and my wireless Icon on the bottom is gone, I went in the control panel and I can see my access point but when I try to repair it gets stuck trying to do that. Now the cursor has the blue circle just blinking beside about every two seconds. I have tried everything and have been working on this since about 1 this afternoon any suggestions will be helpful.

[JSntgRvr]

Hi, HOH_Virus




Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Ensure that only the following are CHECKED ...
  • IAT/EAT
  • Devices
  • Processes
  • Threads
  • Drives/Partition other than Systemdrive (typically C:\)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  
• Save it where you can easily find it, such as your desktop and post its contents in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[HOH_Virus]

I tried running gmer.exe it gives me the error C:Windows\system32\config\system: the system cannot find the file specified. I click ok and all the areas you told me to check are shaded out.
I had to put the gmer on an external hard drive and extract it in safe mode because it will not allow me in to my computer screen.

[JSntgRvr]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• OTL should now start. Change the following settings
  
  • Change Drivers to All
  • Change Standard Registry to All
  • Under File Scans, change File age to 30
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.*
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
  • Please post the contents of these files in your next reply.

[HOH_Virus]

OTL.TXT

OTL logfile created on: 2/18/2010 7:56:14 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Matt\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.05 Gb Total Space | 75.71 Gb Free Space | 26.56% Space Free | Partition Type: NTFS
Drive D: | 13.04 Gb Total Space | 2.03 Gb Free Space | 15.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.74 Gb Total Space | 3.74 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive H: | 3.68 Gb Total Space | 3.38 Gb Free Space | 91.73% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/18 19:50:04 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2010/02/02 00:13:34 | 000,049,152 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\mmcmsxmlClient\mmcmsxmlClient.exe
PRC - [2010/01/24 21:06:16 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/01/24 20:59:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2010/01/07 15:56:40 | 000,504,320 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/21 15:36:12 | 000,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/09/20 12:36:12 | 000,270,336 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/09/20 12:07:24 | 000,559,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/09/20 12:07:24 | 000,168,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 13:09:39 | 001,150,016 | ---- | M] (NBC Universal) -- C:\Program Files (x86)\NBC Direct\DirectPlayerCore.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/05/08 19:32:38 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/29 09:24:39 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2009/04/29 09:24:36 | 000,766,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 15:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 18:34:24 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
PRC - [2008/11/28 20:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/26 19:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/26 19:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/11/19 12:14:06 | 000,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/10/23 15:46:02 | 000,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2008/10/22 13:32:20 | 000,628,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/10/10 15:24:44 | 000,206,128 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/15 09:13:38 | 000,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/06/09 12:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/09 12:16:32 | 002,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe


========== Modules (SafeList) ==========

MOD - [2010/02/18 19:50:04 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
MOD - [2009/07/13 20:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/20 14:28:16 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/21 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 20:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/04/24 14:47:59 | 001,032,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2009/04/24 14:47:53 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:64bit: - [2009/03/01 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2010/01/08 20:46:12 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/21 15:36:16 | 000,660,256 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/20 12:36:12 | 000,249,344 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/09/20 12:24:02 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/20 14:25:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 15:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/04/24 14:47:44 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeacoms.exe -- (lxea_device)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/26 19:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 19:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/11/19 12:14:06 | 000,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/10/23 15:46:02 | 000,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/10/09 10:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/15 09:13:38 | 000,241,734 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/06/09 12:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ie.redirect.h...vilion&pf=cnnb"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/25 23:41:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/02/18 17:30:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/23 06:37:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/24 20:59:34 | 000,000,000 | ---D | M]

[2009/12/23 01:37:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2009/12/10 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/08/15 15:38:13 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/02/18 02:45:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\u2pfd47f.default\extensions
[2009/12/23 01:37:25 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\u2pfd47f.default\extensions\[email protected]
[2009/12/23 01:37:25 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\u2pfd47f.default\extensions\[email protected]
[2010/01/24 20:59:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe File not found
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [qonolmsys] c:\users\matt\appdata\local\temp\ssrrro.DLL ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinsysMon] C:\Users\Matt\AppData\Local\Temp\nsu2425.tmp\googletoolbar.exe File not found
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DirectPlayerCore] C:\Program Files (x86)\NBC Direct\DirectPlayerCore.exe (NBC Universal)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [mmcmsxmlClient] C:\Users\Matt\AppData\Roaming\mmcmsxmlClient\mmcmsxmlClient.exe ()
O4 - HKCU..\Run: [opomlksys] c:\users\matt\appdata\local\temp\ssrrro.DLL ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe File not found
O4 - HKCU..\Run: [upbrowseGame] C:\Users\Matt\AppData\Local\upbrowseGame\upbrowseGame.DLL ()
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindow...PProdDetect.cab (HP Product Detection Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9E5E440-45DE-4D5B-8F8E-54212D160106} http://afocx.afreeca.../AFC/OpenTV.cab (OpenTV Control)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\PR19.DLL) - C:\Windows\SysWOW64\PR19.DLL ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\BlackGold3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\BlackGold3.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8c11d931-faea-11de-a8e1-001bdc002303}\Shell - "" = AutoRun
O33 - MountPoints2\{8c11d931-faea-11de-a8e1-001bdc002303}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 22:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/18 19:51:33 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/02/18 17:30:17 | 000,029,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2010/02/18 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/02/18 17:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/02/18 17:14:41 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\AVG8
[2010/02/18 16:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/02/18 14:32:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/02/18 14:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/02/17 20:14:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\TuneUpMedia
[2010/02/17 17:04:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2010/02/12 02:47:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\dBpoweramp
[2010/02/12 01:26:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\DWP
[2010/02/10 01:47:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\MIXXX
[2010/02/09 01:49:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\paper planes
[2010/02/08 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\PokerFace
[2010/02/08 15:06:40 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\AudioMulch 2.0
[2010/02/08 01:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech Touch Mouse Server
[2010/02/07 23:22:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/02/06 23:20:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Interpol
[2010/02/06 15:17:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Tecno beats
[2010/02/06 02:24:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Its a Knife party
[2010/02/05 21:19:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Drum Loop Tracks
[2009/11/17 18:38:00 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2009/11/17 18:38:00 | 000,368,640 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2009/11/17 18:38:00 | 000,348,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2009/11/17 18:37:58 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2009/11/17 18:37:57 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2009/11/17 18:37:57 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2009/11/17 18:37:56 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2009/11/17 18:37:56 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2009/11/17 18:37:55 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/18 19:58:51 | 004,194,304 | -HS- | M] () -- C:\Users\Matt\ntuser.dat
[2010/02/18 19:52:20 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/18 19:52:20 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/18 19:52:20 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/18 19:50:04 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/02/18 19:47:06 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/18 19:47:06 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/18 19:39:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/18 19:38:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/18 19:38:20 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/18 19:15:38 | 000,284,915 | ---- | M] () -- C:\Users\Matt\Desktop\gmer.zip
[2010/02/18 17:30:17 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2010/02/18 16:38:48 | 000,001,849 | ---- | M] () -- C:\Users\Matt\Desktop\CCleaner.lnk
[2010/02/17 03:35:16 | 000,168,892 | ---- | M] () -- C:\Users\Matt\Desktop\Coach_Box_Set_Retail_DVD-5_Full_(Seasons_1___2___3).5018330.TPB.torrent
[2010/02/15 15:38:36 | 000,050,060 | ---- | M] () -- C:\Users\Matt\Documents\021500_1535[00].jpg
[2010/02/15 15:34:29 | 000,046,579 | ---- | M] () -- C:\Users\Matt\Documents\021500_1521[00].jpg
[2010/02/15 01:55:31 | 000,018,211 | ---- | M] () -- C:\Users\Matt\Desktop\LifeCycleManagementAnalysis.docx
[2010/02/15 00:29:35 | 000,039,936 | ---- | M] () -- C:\Users\Matt\Desktop\Assignment_Life_Cycle_Management_Analysis_2.doc
[2010/02/15 00:29:24 | 000,037,376 | ---- | M] () -- C:\Users\Matt\Desktop\Assignment_Life_Cycle_Management_Analysis1.doc
[2010/02/13 13:45:58 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMatt.job
[2010/02/12 01:29:40 | 000,537,322 | ---- | M] () -- C:\Users\Matt\Desktop\2.wav
[2010/02/12 01:06:33 | 034,455,596 | ---- | M] () -- C:\Users\Matt\Desktop\FistfulofSteel.wav
[2010/02/11 22:36:11 | 001,048,576 | -HS- | M] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.2.regtrans-ms
[2010/02/11 22:36:11 | 001,048,576 | -HS- | M] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.1.regtrans-ms
[2010/02/11 22:36:11 | 001,048,576 | -HS- | M] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.0.regtrans-ms
[2010/02/11 22:36:11 | 000,065,536 | -HS- | M] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.blf
[2010/02/10 18:15:45 | 000,029,184 | ---- | M] () -- C:\Users\Matt\Documents\2009_2010_Actual(1).xls
[2010/02/08 16:07:41 | 017,880,300 | ---- | M] () -- C:\Users\Matt\Desktop\Mix1.wav
[2010/02/08 16:07:41 | 000,174,664 | ---- | M] () -- C:\Users\Matt\Desktop\Mix1.pk
[2010/02/08 01:00:26 | 000,001,163 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
[2010/02/06 16:14:30 | 000,286,050 | ---- | M] () -- C:\Users\Matt\Desktop\Rightaboutnow.wav
[2010/02/05 21:39:14 | 000,611,268 | ---- | M] () -- C:\Users\Matt\Desktop\VideophoneDrum1.wav
[2010/02/05 21:27:08 | 000,475,714 | ---- | M] () -- C:\Users\Matt\Desktop\IceCreamDrum3.wav
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/18 19:34:48 | 000,293,376 | ---- | C] () -- C:\Users\Matt\Desktop\gmer.exe
[2010/02/18 19:34:28 | 000,284,915 | ---- | C] () -- C:\Users\Matt\Desktop\gmer.zip
[2010/02/18 16:38:48 | 000,001,849 | ---- | C] () -- C:\Users\Matt\Desktop\CCleaner.lnk
[2010/02/17 03:35:10 | 000,168,892 | ---- | C] () -- C:\Users\Matt\Desktop\Coach_Box_Set_Retail_DVD-5_Full_(Seasons_1___2___3).5018330.TPB.torrent
[2010/02/15 15:38:35 | 000,050,060 | ---- | C] () -- C:\Users\Matt\Documents\021500_1535[00].jpg
[2010/02/15 15:34:28 | 000,046,579 | ---- | C] () -- C:\Users\Matt\Documents\021500_1521[00].jpg
[2010/02/15 01:55:26 | 000,018,211 | ---- | C] () -- C:\Users\Matt\Desktop\LifeCycleManagementAnalysis.docx
[2010/02/15 00:29:34 | 000,039,936 | ---- | C] () -- C:\Users\Matt\Desktop\Assignment_Life_Cycle_Management_Analysis_2.doc
[2010/02/15 00:29:22 | 000,037,376 | ---- | C] () -- C:\Users\Matt\Desktop\Assignment_Life_Cycle_Management_Analysis1.doc
[2010/02/14 15:45:26 | 734,605,836 | ---- | C] () -- C:\Users\Matt\Desktop\camelot-uita.avi
[2010/02/12 01:29:39 | 000,537,322 | ---- | C] () -- C:\Users\Matt\Desktop\2.wav
[2010/02/12 01:03:07 | 034,455,596 | ---- | C] () -- C:\Users\Matt\Desktop\FistfulofSteel.wav
[2010/02/11 22:36:11 | 001,048,576 | -HS- | C] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.2.regtrans-ms
[2010/02/11 22:36:11 | 001,048,576 | -HS- | C] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.1.regtrans-ms
[2010/02/11 22:36:11 | 001,048,576 | -HS- | C] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.0.regtrans-ms
[2010/02/11 22:36:11 | 000,065,536 | -HS- | C] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.blf
[2010/02/10 18:15:42 | 000,029,184 | ---- | C] () -- C:\Users\Matt\Documents\2009_2010_Actual(1).xls
[2010/02/08 16:04:34 | 000,174,664 | ---- | C] () -- C:\Users\Matt\Desktop\Mix1.pk
[2010/02/08 16:02:03 | 017,880,300 | ---- | C] () -- C:\Users\Matt\Desktop\Mix1.wav
[2010/02/08 01:00:26 | 000,001,163 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
[2010/02/06 16:14:29 | 000,286,050 | ---- | C] () -- C:\Users\Matt\Desktop\Rightaboutnow.wav
[2010/02/05 21:39:13 | 000,611,268 | ---- | C] () -- C:\Users\Matt\Desktop\VideophoneDrum1.wav
[2010/02/05 21:27:07 | 000,475,714 | ---- | C] () -- C:\Users\Matt\Desktop\IceCreamDrum3.wav
[2010/01/25 23:36:58 | 000,001,809 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/01/11 19:43:46 | 000,000,001 | -H-- | C] () -- C:\Windows\mulch200.ini
[2010/01/05 13:33:09 | 000,000,556 | ---- | C] () -- C:\ProgramData\lxeaJSW.log
[2010/01/04 01:54:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\PR19.DLL
[2010/01/02 23:31:14 | 000,107,520 | -HS- | C] () -- C:\Users\Matt\AppData\Roaming\install.config.exe
[2009/12/23 02:21:35 | 000,096,888 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/23 02:21:29 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\QSwitch.txt
[2009/12/23 02:21:29 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\DSwitch.txt
[2009/12/23 02:21:29 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\AtStart.txt
[2009/12/23 02:20:57 | 000,011,880 | ---- | C] () -- C:\ProgramData\lxeascan.log
[2009/12/03 11:41:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/11/17 18:38:01 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2009/11/17 18:38:01 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2009/11/17 18:38:00 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2009/11/17 18:38:00 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2009/11/17 18:38:00 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2009/11/17 18:37:59 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2009/11/17 18:37:59 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2009/11/17 18:37:58 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2009/11/17 18:37:58 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2009/11/17 18:37:07 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2009/11/17 18:37:06 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2009/08/16 21:56:20 | 000,000,042 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\wklnhst.dat
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/12/23 01:36:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.purple
[2010/01/28 00:44:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ableton
[2009/12/23 01:36:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2009/12/23 01:36:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2010/02/18 16:51:13 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Azureus
[2010/02/04 17:23:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Broderbund
[2010/01/23 06:37:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools
[2010/02/03 16:25:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
[2010/02/12 02:47:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\dBpoweramp
[2009/12/02 03:10:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GrabPro
[2009/12/23 01:36:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IDM
[2009/12/23 01:36:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Individual Software
[2010/02/17 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LimeWire
[2010/02/03 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\mmcmsxmlClient
[2010/02/17 18:30:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\NBC Direct
[2009/12/23 01:37:26 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Orbit
[2009/12/23 01:37:26 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Palo Alto Software
[2010/01/08 23:52:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2010/01/08 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2009/12/23 01:37:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\StreamTorrent
[2009/12/23 01:37:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Template
[2010/02/17 17:04:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2009/12/23 01:37:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TomTom
[2010/02/18 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUpMedia
[2010/01/23 06:37:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,023,382 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/12/23 03:37:03 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/02/18 19:38:20 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/04 18:37:55 | 000,000,365 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2002/01/05 03:40:20 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\msvcp70.dll
[2002/01/05 03:37:28 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
[2010/02/18 19:38:29 | 4193,452,032 | -HS- | M] () -- C:\pagefile.sys
[2009/09/01 15:17:43 | 000,000,204 | ---- | M] () -- C:\Plugins


< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/18 00:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >

[HOH_Virus]

Extras.txt

OTL Extras logfile created on: 2/18/2010 7:56:14 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Matt\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.05 Gb Total Space | 75.71 Gb Free Space | 26.56% Space Free | Partition Type: NTFS
Drive D: | 13.04 Gb Total Space | 2.03 Gb Free Space | 15.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3.74 Gb Total Space | 3.74 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive H: | 3.68 Gb Total Space | 3.38 Gb Free Space | 91.73% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{C7311329-C491-427B-8880-133E84869B3A}" = Vista Shortcut Manager x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E5A24F8D-40E1-45CB-B509-81186D795735}" = HP Photosmart C6300 All-In-One Driver Software 13.0 Rel. 4
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20585CDC-114E-4372-986A-0686B1A37A30}" = Business Plan Pro 2007
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9795B0-EAA2-012B-AEEE-000000000000}" = TurboTax 2009 wwviper
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{405dfe30-f270-40ef-a844-b4e7d2caf691}" = Nero 9
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C12E000-7B3C-415C-9880-946C1400262E}" = Air Mouse Server
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{543BDDCD-E230-4F37-881B-4900B833BBD7}" = C6300
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8CE9B20A-6C15-48A3-99A5-02C9A3E389EF}" = PS_AIO_04_C6300_Software_Min
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B8A817D7-AE0F-42BA-AEB9-B5F1F3EFB7AF}" = Sound Forge Pro 10.0
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F}" = NBC Direct
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs
"Adobe_d2f336b2c5feeb945c28b7a0a45170f" = Adobe Creative Suite 4 Master Collection
"AIM_6" = AIM 6
"ASIO4ALL" = ASIO4ALL
"AudioMulch Interactive Music Studio_is1" = AudioMulch Interactive Music Studio 2.0.2
"AVG9Uninstall" = AVG 9.0
"AVI to DVD Converter" = AVI to DVD Converter
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"dBpoweramp [Arrange Audio] Codec" = dBpoweramp [Arrange Audio] Codec
"dBpoweramp [Audio Info] Codec" = dBpoweramp [Audio Info] Codec
"dBpoweramp [Channel Split] Codec" = dBpoweramp [Channel Split] Codec
"dBpoweramp [ID Tag Update] Codec" = dBpoweramp [ID Tag Update] Codec
"dBpoweramp [Length Split] Codec" = dBpoweramp [Length Split] Codec
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec
"dBpoweramp [Tag From Filename] Codec" = dBpoweramp [Tag From Filename] Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HaaliMkx" = Haali Media Splitter
"Hardcore" = Hardcore
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"IL Download Manager" = IL Download Manager
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LimeWire" = LimeWire 5.2.13
"Live 8.1" = Live 8.1
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"PoiZone" = PoiZone
"ResumeMaker Professional" = ResumeMaker Professional
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"TurboTax 2009" = TurboTax 2009
"VLC media player" = VLC media player 1.0.1
"WebDesigner" = Microsoft Expression Web
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"idm_flash" = IDM Flash 4.4.0.468
"Move Media Player" = Move Media Player
"NBC Direct" = NBC Direct

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[JSntgRvr]

• Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :OTL
  PRC - [2010/02/02 00:13:34 | 000,049,152 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\mmcmsxmlClient\mmcmsxmlClient.exe
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
  O4 - HKLM..\Run: [qonolmsys] c:\users\matt\appdata\local\temp\ssrrro.DLL ()
  O4 - HKLM..\Run: [WinsysMon] C:\Users\Matt\AppData\Local\Temp\nsu2425.tmp\googletoolbar.exe File not found
  O4 - HKCU..\Run: [mmcmsxmlClient] C:\Users\Matt\AppData\Roaming\mmcmsxmlClient\mmcmsxmlClient.exe ()
  O4 - HKCU..\Run: [opomlksys] c:\users\matt\appdata\local\temp\ssrrro.DLL ()
  O4 - HKCU..\Run: [upbrowseGame] C:\Users\Matt\AppData\Local\upbrowseGame\upbrowseGame.DLL ()
  O20 - AppInit_DLLs: (C:\Windows\system32\PR19.DLL) - C:\Windows\SysWOW64\PR19.DLL () adobemedia.exe
  
  :Files
  C:\Users\Matt\AppData\Roaming\mmcmsxmlClient\mmcmsxmlClient.exe
  c:\users\matt\appdata\local\temp\ssrrro.DLL
  C:\Users\Matt\AppData\Local\Temp\nsu2425.tmp\googletoolbar.exe
  C:\Users\Matt\AppData\Local\upbrowseGame\upbrowseGame.DLL
  C:\Windows\SysWOW64\PR19.DLL
  
  :Commands
  [EMPTYTEMP]
  [REBOOT]

• Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
• Click the red Run Fix button.
• The computer will restart
• A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Run OTL as follows:

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• OTL should now start. Change the following settings
  
  • Change Drivers to All
  • Change Standard Registry to All
  • Under File Scans, change File age to 30
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
  • Please post the contents of these files in your next reply.

Run Malwarebytes as follows:

• Launch and update Malwarebytes' Anti-Malware.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[HOH_Virus]

All processes killed
========== OTL ==========
No active process named mmcmsxmlClient.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qonolmsys deleted successfully.
c:\Users\Matt\AppData\Local\Temp\ssrrro.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinsysMon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mmcmsxmlClient deleted successfully.
C:\Users\Matt\AppData\Roaming\mmcmsxmlClient\mmcmsxmlClient.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\opomlksys deleted successfully.
File c:\users\matt\appdata\local\temp\ssrrro.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\upbrowseGame deleted successfully.
C:\Users\Matt\AppData\Local\upbrowseGame\upbrowseGame.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\system32\PR19.DLL deleted successfully.
File C:\Windows\SysWOW64\PR19.DLL () adobemedia.exe not found.
========== FILES ==========
File\Folder C:\Users\Matt\AppData\Roaming\mmcmsxmlClient\mmcmsxmlClient.exe not found.
File\Folder c:\users\matt\appdata\local\temp\ssrrro.DLL not found.
File\Folder C:\Users\Matt\AppData\Local\Temp\nsu2425.tmp\googletoolbar.exe not found.
File\Folder C:\Users\Matt\AppData\Local\upbrowseGame\upbrowseGame.DLL not found.
C:\Windows\SysWOW64\PR19.DLL moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matt
->Temp folder emptied: 506438001 bytes
->Temporary Internet Files folder emptied: 28068520 bytes
->Java cache emptied: 14183074 bytes
->FireFox cache emptied: 42072655 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68874 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 564.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02182010_223355

Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF18C628333A816D7A.TMP not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF4E2C02941C4BD6FC.TMP not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF6E0AC47471C0FED7.TMP not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF85578DC164D35B3B.TMP not found!
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3LMTNO7\iframe[1].htm moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3LMTNO7\Programs-will-not-open-not-respond-t269054[2].htm moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

[HOH_Virus]

OTL logfile created on: 2/18/2010 10:55:05 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Matt\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.05 Gb Total Space | 76.25 Gb Free Space | 26.75% Space Free | Partition Type: NTFS
Drive D: | 13.04 Gb Total Space | 2.03 Gb Free Space | 15.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 3.68 Gb Total Space | 3.38 Gb Free Space | 91.73% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/18 19:50:04 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2010/01/24 21:06:16 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/01/24 20:59:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2010/01/07 15:56:40 | 000,504,320 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/21 15:36:12 | 000,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/09/20 12:36:12 | 000,270,336 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/09/20 12:15:26 | 000,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
PRC - [2009/09/20 12:07:24 | 000,559,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/09/20 12:07:24 | 000,168,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
PRC - [2009/07/17 22:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 13:09:39 | 001,150,016 | ---- | M] (NBC Universal) -- C:\Program Files (x86)\NBC Direct\DirectPlayerCore.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/05/08 19:32:38 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/29 09:24:39 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2009/04/29 09:24:36 | 000,766,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 15:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 18:34:24 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
PRC - [2008/11/28 20:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/26 19:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/26 19:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/11/19 12:14:06 | 000,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/10/23 15:46:02 | 000,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2008/10/22 13:32:20 | 000,628,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/10/10 15:24:44 | 000,206,128 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/15 09:13:38 | 000,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/07/22 18:33:36 | 000,150,528 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/06/09 12:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/09 12:16:32 | 002,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe


========== Modules (SafeList) ==========

MOD - [2010/02/18 19:50:04 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
MOD - [2009/07/13 20:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/20 14:28:16 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/21 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 20:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/04/24 14:47:59 | 001,032,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2009/04/24 14:47:53 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:64bit: - [2009/03/01 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2010/01/08 20:46:12 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/21 15:36:16 | 000,660,256 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/20 12:36:12 | 000,249,344 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/09/20 12:24:02 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/20 14:25:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 15:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/04/24 14:47:44 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeacoms.exe -- (lxea_device)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/26 19:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 19:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/11/19 12:14:06 | 000,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/10/23 15:46:02 | 000,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/10/09 10:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/15 09:13:38 | 000,241,734 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/06/09 12:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ie.redirect.h...vilion&pf=cnnb"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/25 23:41:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/02/18 17:30:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/23 06:37:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/24 20:59:34 | 000,000,000 | ---D | M]

[2009/12/23 01:37:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2009/12/10 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/08/15 15:38:13 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/02/18 02:45:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\u2pfd47f.default\extensions
[2009/12/23 01:37:25 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\u2pfd47f.default\extensions\[email protected]
[2009/12/23 01:37:25 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\u2pfd47f.default\extensions\[email protected]
[2010/01/24 20:59:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe File not found
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [opmlllsys] c:\users\matt\appdata\local\temp\ssrrro.DLL ()
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DirectPlayerCore] C:\Program Files (x86)\NBC Direct\DirectPlayerCore.exe (NBC Universal)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe File not found
O4 - HKCU..\Run: [tuturpsys] c:\users\matt\appdata\local\temp\ssrrro.DLL ()
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindow...PProdDetect.cab (HP Product Detection Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9E5E440-45DE-4D5B-8F8E-54212D160106} http://afocx.afreeca.../AFC/OpenTV.cab (OpenTV Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\BlackGold3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\BlackGold3.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8c11d931-faea-11de-a8e1-001bdc002303}\Shell - "" = AutoRun
O33 - MountPoints2\{8c11d931-faea-11de-a8e1-001bdc002303}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/18 22:33:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/18 19:51:33 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/02/18 17:30:17 | 000,029,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2010/02/18 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/02/18 17:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/02/18 17:14:41 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\AVG8
[2010/02/18 16:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/02/18 14:32:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/02/18 14:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/02/17 20:14:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\TuneUpMedia
[2010/02/17 17:04:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2010/02/12 02:47:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\dBpoweramp
[2010/02/12 01:26:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\DWP
[2010/02/10 01:47:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\MIXXX
[2010/02/09 01:49:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\paper planes
[2010/02/08 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\PokerFace
[2010/02/08 15:06:40 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\AudioMulch 2.0
[2010/02/08 01:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech Touch Mouse Server
[2010/02/07 23:22:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/02/06 23:20:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Interpol
[2010/02/06 15:17:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Tecno beats
[2010/02/06 02:24:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Its a Knife party
[2010/02/05 21:19:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Drum Loop Tracks
[2009/11/17 18:38:00 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2009/11/17 18:38:00 | 000,368,640 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2009/11/17 18:38:00 | 000,348,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2009/11/17 18:37:58 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2009/11/17 18:37:57 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2009/11/17 18:37:57 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2009/11/17 18:37:56 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2009/11/17 18:37:56 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2009/11/17 18:37:55 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/18 22:56:41 | 004,194,304 | -HS- | M] () -- C:\Users\Matt\ntuser.dat
[2010/02/18 22:55:02 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/18 22:55:02 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/18 22:54:58 | 000,627,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/18 22:54:58 | 000,107,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/18 22:54:58 | 000,004,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/18 22:47:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/18 22:47:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/18 22:47:23 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/18 20:50:25 | 001,495,548 | -H-- | M] () -- C:\Users\Matt\AppData\Local\IconCache.db
[2010/02/18 20:20:56 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/18 19:50:04 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/02/18 19:15:38 | 000,284,915 | ---- | M] () -- C:\Users\Matt\Desktop\gmer.zip
[2010/02/18 17:30:17 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2010/02/18 16:38:48 | 000,001,849 | ---- | M] () -- C:\Users\Matt\Desktop\CCleaner.lnk
[2010/02/17 03:35:16 | 000,168,892 | ---- | M] () -- C:\Users\Matt\Desktop\Coach_Box_Set_Retail_DVD-5_Full_(Seasons_1___2___3).5018330.TPB.torrent
[2010/02/15 15:38:36 | 000,050,060 | ---- | M] () -- C:\Users\Matt\Documents\021500_1535[00].jpg
[2010/02/15 15:34:29 | 000,046,579 | ---- | M] () -- C:\Users\Matt\Documents\021500_1521[00].jpg
[2010/02/15 01:55:31 | 000,018,211 | ---- | M] () -- C:\Users\Matt\Desktop\LifeCycleManagementAnalysis.docx
[2010/02/15 00:29:35 | 000,039,936 | ---- | M] () -- C:\Users\Matt\Desktop\Assignment_Life_Cycle_Management_Analysis_2.doc
[2010/02/15 00:29:24 | 000,037,376 | ---- | M] () -- C:\Users\Matt\Desktop\Assignment_Life_Cycle_Management_Analysis1.doc
[2010/02/13 13:45:58 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMatt.job
[2010/02/12 01:29:40 | 000,537,322 | ---- | M] () -- C:\Users\Matt\Desktop\2.wav
[2010/02/12 01:06:33 | 034,455,596 | ---- | M] () -- C:\Users\Matt\Desktop\FistfulofSteel.wav
[2010/02/11 22:36:11 | 001,048,576 | -HS- | M] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.2.regtrans-ms
[2010/02/11 22:36:11 | 001,048,576 | -HS- | M] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.1.regtrans-ms
[2010/02/11 22:36:11 | 001,048,576 | -HS- | M] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.0.regtrans-ms
[2010/02/11 22:36:11 | 000,065,536 | -HS- | M] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.blf
[2010/02/10 18:15:45 | 000,029,184 | ---- | M] () -- C:\Users\Matt\Documents\2009_2010_Actual(1).xls
[2010/02/08 16:07:41 | 017,880,300 | ---- | M] () -- C:\Users\Matt\Desktop\Mix1.wav
[2010/02/08 16:07:41 | 000,174,664 | ---- | M] () -- C:\Users\Matt\Desktop\Mix1.pk
[2010/02/08 01:00:26 | 000,001,163 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
[2010/02/06 16:14:30 | 000,286,050 | ---- | M] () -- C:\Users\Matt\Desktop\Rightaboutnow.wav
[2010/02/05 21:39:14 | 000,611,268 | ---- | M] () -- C:\Users\Matt\Desktop\VideophoneDrum1.wav
[2010/02/05 21:27:08 | 000,475,714 | ---- | M] () -- C:\Users\Matt\Desktop\IceCreamDrum3.wav
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/18 20:20:56 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/18 19:34:48 | 000,293,376 | ---- | C] () -- C:\Users\Matt\Desktop\gmer.exe
[2010/02/18 19:34:28 | 000,284,915 | ---- | C] () -- C:\Users\Matt\Desktop\gmer.zip
[2010/02/18 16:38:48 | 000,001,849 | ---- | C] () -- C:\Users\Matt\Desktop\CCleaner.lnk
[2010/02/17 03:35:10 | 000,168,892 | ---- | C] () -- C:\Users\Matt\Desktop\Coach_Box_Set_Retail_DVD-5_Full_(Seasons_1___2___3).5018330.TPB.torrent
[2010/02/15 15:38:35 | 000,050,060 | ---- | C] () -- C:\Users\Matt\Documents\021500_1535[00].jpg
[2010/02/15 15:34:28 | 000,046,579 | ---- | C] () -- C:\Users\Matt\Documents\021500_1521[00].jpg
[2010/02/15 01:55:26 | 000,018,211 | ---- | C] () -- C:\Users\Matt\Desktop\LifeCycleManagementAnalysis.docx
[2010/02/15 00:29:34 | 000,039,936 | ---- | C] () -- C:\Users\Matt\Desktop\Assignment_Life_Cycle_Management_Analysis_2.doc
[2010/02/15 00:29:22 | 000,037,376 | ---- | C] () -- C:\Users\Matt\Desktop\Assignment_Life_Cycle_Management_Analysis1.doc
[2010/02/14 15:45:26 | 734,605,836 | ---- | C] () -- C:\Users\Matt\Desktop\camelot-uita.avi
[2010/02/12 01:29:39 | 000,537,322 | ---- | C] () -- C:\Users\Matt\Desktop\2.wav
[2010/02/12 01:03:07 | 034,455,596 | ---- | C] () -- C:\Users\Matt\Desktop\FistfulofSteel.wav
[2010/02/11 22:36:11 | 001,048,576 | -HS- | C] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.2.regtrans-ms
[2010/02/11 22:36:11 | 001,048,576 | -HS- | C] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.1.regtrans-ms
[2010/02/11 22:36:11 | 001,048,576 | -HS- | C] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.0.regtrans-ms
[2010/02/11 22:36:11 | 000,065,536 | -HS- | C] () -- C:\Users\Matt\ntuser.dat{56c23ee8-0812-11df-a770-b9f6ac2945dd}.TxR.blf
[2010/02/10 18:15:42 | 000,029,184 | ---- | C] () -- C:\Users\Matt\Documents\2009_2010_Actual(1).xls
[2010/02/08 16:04:34 | 000,174,664 | ---- | C] () -- C:\Users\Matt\Desktop\Mix1.pk
[2010/02/08 16:02:03 | 017,880,300 | ---- | C] () -- C:\Users\Matt\Desktop\Mix1.wav
[2010/02/08 01:00:26 | 000,001,163 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
[2010/02/06 16:14:29 | 000,286,050 | ---- | C] () -- C:\Users\Matt\Desktop\Rightaboutnow.wav
[2010/02/05 21:39:13 | 000,611,268 | ---- | C] () -- C:\Users\Matt\Desktop\VideophoneDrum1.wav
[2010/02/05 21:27:07 | 000,475,714 | ---- | C] () -- C:\Users\Matt\Desktop\IceCreamDrum3.wav
[2010/01/25 23:36:58 | 000,001,809 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/01/11 19:43:46 | 000,000,001 | -H-- | C] () -- C:\Windows\mulch200.ini
[2010/01/05 13:33:09 | 000,000,556 | ---- | C] () -- C:\ProgramData\lxeaJSW.log
[2010/01/02 23:31:14 | 000,107,520 | -HS- | C] () -- C:\Users\Matt\AppData\Roaming\install.config.exe
[2009/12/23 02:21:35 | 000,024,178 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/23 02:21:29 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\QSwitch.txt
[2009/12/23 02:21:29 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\DSwitch.txt
[2009/12/23 02:21:29 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\AtStart.txt
[2009/12/23 02:20:57 | 000,012,210 | ---- | C] () -- C:\ProgramData\lxeascan.log
[2009/12/03 11:41:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/11/17 18:38:01 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2009/11/17 18:38:01 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2009/11/17 18:38:00 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2009/11/17 18:38:00 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2009/11/17 18:38:00 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2009/11/17 18:37:59 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2009/11/17 18:37:59 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2009/11/17 18:37:58 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2009/11/17 18:37:58 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2009/11/17 18:37:07 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2009/11/17 18:37:06 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2009/08/16 21:56:20 | 000,000,042 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\wklnhst.dat
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/12/23 01:36:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.purple
[2010/01/28 00:44:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ableton
[2009/12/23 01:36:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2009/12/23 01:36:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2010/02/18 16:51:13 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Azureus
[2010/02/04 17:23:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Broderbund
[2010/01/23 06:37:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools
[2010/02/03 16:25:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
[2010/02/12 02:47:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\dBpoweramp
[2009/12/02 03:10:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GrabPro
[2009/12/23 01:36:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IDM
[2009/12/23 01:36:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Individual Software
[2010/02/17 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LimeWire
[2010/02/18 22:33:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\mmcmsxmlClient
[2010/02/18 20:09:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\NBC Direct
[2009/12/23 01:37:26 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Orbit
[2009/12/23 01:37:26 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Palo Alto Software
[2010/01/08 23:52:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2010/01/08 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2009/12/23 01:37:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\StreamTorrent
[2009/12/23 01:37:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Template
[2010/02/17 17:04:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2009/12/23 01:37:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TomTom
[2010/02/18 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUpMedia
[2010/01/23 06:37:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,024,138 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

[HOH_Virus]

Malwarebytes will not open, I tried to right click and run as admi just brongs up windows asking if I want malware bytes to make changes to my computer and I say yes but nothing comes up.

[JSntgRvr]

Please follow these steps:

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. mbam-setup.exe

Launch the program. Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that you can run a quick scan.

• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[JSntgRvr]

Second step:

Download OTS.exe by OldTimer to your Desktop.

• Close any open browsers.
• Double-click on OTS.exe to start the program.
• Leave all settings as they appear as default, except for the following:
  
  • Under File Age, select 30.
  • Under Drivers, select "All".
  • Under Registry, select "All".
  • Under Additional Scans, click on the "Extras" button.
• Now click the Run Scan button on the toolbar.
• The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Save that notepad file

Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).

Edited by JSntgRvr, 19 February 2010 - 12:07 AM.

[HOH_Virus]

I followed your steps to uninstall malwarebytes and reinstall with the utility and malwarebytes will still not open. I checked the firewall and tried to run as admin and still the same thing happens. It asks if I allow to make changes and then nothing..

[JSntgRvr]

Run OTS and attach its report.

Please try the Fix-it program here from Microsoft:

http://support.microsoft.com/kb/299357

Some systems may have an issue where the Automatically detect settings checkbox is not checked in Internet Explorer 8 in the LAN Settings, and thus receive an error code 732. Here are some quick steps to see if this is what is causing the error for you:

• Click the 'Start' button.
• Click on "Control Panel".
• Double-click on "Internet Options" (you may have to switch the Control Panel to 'Classic' view to find it).
• Click on the 'Connections' tab (step 1 in the screenshot below).
• Click on the "LAN settings" button (step 2 in the screenshot below).
• Put a check mark in the box labeled "Automatically detect settings" (step 3 in the screenshot below).
• Click OK.
• Click OK.
• Try the update again (you may need to close any open Internet Explorer Windows before trying).

I will review the OTS report upon received.

In addition, turn Off your security programs and run GMER as follows:

• Double click GMER.exe.
• No need to scan. Just wait until the initial scan is finished.
• Once done click on the Rootkit tab, then on the[Save..] button, and in the File name area, type in "ark.txt"
• Change the Save as Type to All Files
• Save the log where you can easily find it, such as your desktop.
• Post it in your next reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the contents of that report in your next reply.

Edited by JSntgRvr, 19 February 2010 - 11:03 AM.