Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Win32.ClickPotatoLite got it - NEED HELP REMOVING

  1. #1
    Member
    Join Date
    Oct 2010
    Posts
    45

    Smile Win32.ClickPotatoLite got it - NEED HELP REMOVING

    Hello

    Ran Spybot-S&D "Check for Problems" and Win32.ClickPotatoLite appeared in results page. Ran fix and it wasn't removed.



    ERUNT - Ran and installed; FORGOT to "ONLY choose "System registry" " and DID NOT untoggle "Current User Registry" before clicking OK

    DDS log - attempted to run it, but it did not work.

    TeaTimer - unchecked "Resident TeaTimer"

    Spybot-S&D Log - (pasted only the top part of results below)
    Win32.ClickPotatoLite: [SBI $F8133F18] Interface (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}

    I hope that I've done everything that I've needed to in creating this new thread. I have spent nearly 3 hrs with this issue, getting to this point.

    I'm a real novus with any of this computer stuff and don't understand most of the computer jargon, so please be patient with me.

    Your help and services are greatly appreciated!

    Thank you in advance for your help!

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


    Lets see if these will run


    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply






    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Oct 2010
    Posts
    45

    Default

    Thanks ken545!

    Did as you instructed and posted results below.

    HOWEVER, I when I ran the OTL, no notepad window Extras.TXT came up and it was not located on the C drive in the OTL file either.



    aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-18 20:19:00
    -----------------------------
    20:19:00.052 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:19:00.052 Number of processors: 4 586 0x170A
    20:19:00.068 ComputerName: HARDT-HOME-PC UserName: Milo Hardt
    20:19:01.409 Initialize success
    20:19:16.190 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:19:16.190 Disk 0 Vendor: WDC_WD10EADS-65M2B0 01.00A01 Size: 953869MB BusType: 3
    20:19:16.190 Disk 0 MBR read successfully
    20:19:16.205 Disk 0 MBR scan
    20:19:16.205 Disk 0 unknown MBR code
    20:19:16.205 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    20:19:16.205 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942905 MB offset 206848
    20:19:16.236 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10862 MB offset 1931276288
    20:19:16.252 Service scanning
    20:19:23.756 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    20:19:30.354 Modules scanning
    20:19:30.354 Disk 0 trace - called modules:
    20:19:30.401 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys
    20:19:30.401 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077b0060]
    20:19:30.401 3 CLASSPNP.SYS[fffff880019b343f] -> nt!IofCallDriver -> [0xfffffa80070ddd10]
    20:19:30.417 5 ACPI.sys[fffff88000fa97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80070e2060]
    20:19:30.417 Scan finished successfully
    20:19:41.898 Disk 0 MBR has been saved successfully to "C:\Users\Milo Hardt\Desktop\MBR.dat"
    20:19:41.898 The log file has been saved successfully to "C:\Users\Milo Hardt\Desktop\aswMBR.txt"



    OTL logfile created on: 2/18/2012 8:30:55 PM - Run 3
    OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Milo Hardt\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.97 Gb Total Physical Memory | 5.89 Gb Available Physical Memory | 73.91% Memory free
    15.93 Gb Paging File | 13.79 Gb Available in Paging File | 86.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.81 Gb Total Space | 858.05 Gb Free Space | 93.18% Space Free | Partition Type: NTFS
    Drive D: | 10.61 Gb Total Space | 1.52 Gb Free Space | 14.30% Space Free | Partition Type: NTFS

    Computer Name: HARDT-HOME-PC | User Name: Milo Hardt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Milo Hardt\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
    PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
    PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
    PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe (Affinegy, Inc.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
    PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
    PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
    PRC - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe (Microsoft Corp.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
    MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
    MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()
    MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()
    MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()
    MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
    MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (Belkin Local Backup Service) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()
    SRV:64bit: - (Belkin Network USB Helper) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
    SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
    SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\drivers\sxuptp.sys (silex technology, Inc.)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/03 16:19:55 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/03 16:19:55 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/06/26 19:39:07 | 000,435,366 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 14980 more lines...
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
    O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6F904B-FF9A-475A-A5E2-DB3A8ACD50D6}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{c6088bf5-fc58-11de-8f84-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{c6088bf5-fc58-11de-8f84-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/17 20:06:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/02/15 20:23:08 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/02/15 20:23:08 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/02/15 20:23:06 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/02/15 20:23:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/02/15 20:23:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/02/15 20:23:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/02/15 20:23:05 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/02/15 20:23:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/02/15 20:23:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/02/15 20:23:04 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/02/15 20:23:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/02/15 20:02:38 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
    [2012/02/15 20:02:18 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
    [2012/02/15 20:02:18 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
    [2012/02/15 20:01:31 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
    [2012/02/12 06:14:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/12 06:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/02/12 06:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2012/02/12 05:39:50 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\Desktop\ALL DESKTOP
    [2012/02/11 05:40:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/02/09 21:18:05 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{B77C2D6C-57EC-41AE-85BF-003787D96790}
    [2012/02/09 21:17:55 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{00BA94CA-B743-4969-A9D5-0534B8EB80B9}
    [2012/02/09 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Roaming\Windows Live Writer
    [2012/02/09 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\Windows Live Writer
    [2012/02/09 21:15:00 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{8EAC654E-06DA-4828-98BD-CB0B8E91FF55}
    [2012/02/09 21:14:47 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{9F71BCD5-63A6-4B7F-A2F0-E774A61434AF}
    [2012/01/31 18:19:50 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/01/31 18:19:50 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
    [2012/01/31 18:19:50 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
    [2012/01/31 18:19:50 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
    [2012/01/31 18:19:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
    [2012/01/31 18:19:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
    [1 C:\Users\Milo Hardt\Documents\*.tmp files -> C:\Users\Milo Hardt\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/18 20:19:41 | 000,000,512 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\MBR.dat
    [2012/02/18 20:16:39 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/18 20:16:39 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/18 20:09:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/18 20:09:05 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/18 08:58:42 | 000,746,934 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/02/18 08:58:42 | 000,629,186 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/02/18 08:58:42 | 000,108,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/02/16 04:55:30 | 000,436,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/02/15 20:28:02 | 000,743,718 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/02/12 06:13:36 | 000,001,070 | ---- | M] () -- C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/02/12 06:13:19 | 000,000,890 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\NTREGOPT.lnk
    [2012/02/12 06:13:19 | 000,000,871 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\ERUNT.lnk
    [2012/02/11 05:25:40 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMilo Hardt.job
    [1 C:\Users\Milo Hardt\Documents\*.tmp files -> C:\Users\Milo Hardt\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/18 20:19:41 | 000,000,512 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\MBR.dat
    [2012/02/12 06:13:36 | 000,001,070 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/02/12 06:13:19 | 000,000,890 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\NTREGOPT.lnk
    [2012/02/12 06:13:19 | 000,000,871 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\ERUNT.lnk
    [2011/11/20 16:13:15 | 002,710,180 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0625.JPG
    [2011/06/02 12:13:45 | 000,003,584 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/20 15:34:50 | 000,001,854 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\GhostObjGAFix.xml
    [2011/04/09 11:34:40 | 002,783,557 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0046.JPG
    [2011/04/09 08:03:42 | 003,020,900 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0068.JPG
    [2011/04/02 06:16:19 | 000,407,664 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010135.JPG
    [2011/03/02 04:15:49 | 000,411,537 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010129.JPG
    [2011/01/27 15:56:52 | 000,746,934 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/08 08:35:04 | 000,646,959 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpGATE.0
    [2011/01/08 08:35:04 | 000,509,658 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpGATE.JPG
    [2010/12/31 10:30:43 | 002,728,672 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0014.JPG
    [2010/12/31 10:20:00 | 002,770,979 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0011.JPG
    [2010/12/28 09:33:29 | 000,000,268 | RH-- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\vhosts
    [2010/12/28 09:33:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Action Clauses
    [2010/12/28 09:33:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
    [2010/12/28 09:31:29 | 000,000,268 | RH-- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\manual
    [2010/12/28 09:31:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\AccountTypes
    [2010/12/28 09:31:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
    [2010/12/26 08:58:55 | 000,434,264 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010116.JPG
    [2010/11/21 10:48:35 | 000,144,364 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpBRAKE PADS EBC.JPG
    [2010/11/13 13:00:09 | 000,422,805 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010108.JPG
    [2010/10/24 09:47:02 | 000,427,405 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010093.JPG
    [2010/10/24 09:45:32 | 000,427,111 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010098.JPG
    [2010/10/24 09:44:54 | 000,434,975 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010095.JPG
    [2010/10/17 09:56:57 | 000,428,767 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010087.JPG
    [2010/09/18 14:58:25 | 000,430,749 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010046.0
    [2010/09/18 14:58:25 | 000,140,488 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010046.JPG
    [2010/08/14 19:23:09 | 000,652,799 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP5090168.0
    [2010/08/14 19:23:09 | 000,507,631 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP5090168.JPG
    [2010/08/14 19:20:42 | 000,705,410 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140194.JPG
    [2010/08/14 19:18:36 | 000,699,902 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140195.JPG
    [2010/08/14 19:18:01 | 000,725,967 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140196.JPG
    [2010/08/14 19:13:45 | 000,448,766 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP6010188.JPG
    [2010/08/14 19:13:44 | 000,666,530 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP6010188.0
    [2010/07/30 08:56:12 | 000,000,228 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\wklnhst.dat
    [2010/07/29 07:37:14 | 000,427,548 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010201.JPG
    [2010/07/25 10:11:16 | 000,441,698 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010130.JPG
    [2010/07/25 10:08:22 | 000,428,522 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010159.JPG
    [2010/07/25 10:07:03 | 000,646,087 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4100140.JPG
    [2010/07/25 10:02:25 | 000,430,241 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010125.JPG
    [2010/07/25 09:59:52 | 000,645,888 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4110155.JPG
    [2010/07/25 09:58:38 | 000,689,734 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4110146.JPG
    [2010/07/25 09:57:56 | 000,688,881 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4100133.JPG
    [2010/07/25 09:54:28 | 000,426,121 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010139.JPG
    [2010/07/25 09:53:22 | 000,170,526 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010151_CROP.JPG
    [2010/07/25 09:52:51 | 000,421,651 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010151.JPG
    [2010/07/19 08:47:07 | 000,412,791 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010010.0
    [2010/07/19 08:47:07 | 000,192,713 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010010.JPG
    [2010/07/19 08:46:48 | 000,431,429 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010012.0
    [2010/07/19 08:46:48 | 000,132,589 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010012.JPG
    [2010/07/04 11:08:41 | 000,428,687 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010001.JPG
    [2010/07/02 07:00:21 | 000,416,427 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010186.JPG
    [2010/07/02 06:58:50 | 000,018,996 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpMUG SHOT.JPG
    [2010/07/02 06:47:58 | 000,478,955 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpCANYON JUNE 2010 7.JPG
    [2010/07/02 06:10:00 | 002,413,878 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpIMG_0018[1].0
    [2010/07/02 06:10:00 | 001,085,043 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpIMG_0018[1].JPG
    [2010/07/02 05:48:59 | 000,425,775 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010199.JPG
    [2010/07/02 05:40:59 | 000,425,726 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010198.JPG
    [2010/06/30 12:50:50 | 000,274,268 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.2
    [2010/06/30 12:50:49 | 000,273,663 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.1
    [2010/06/30 12:50:46 | 000,425,973 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.0
    [2010/06/30 12:50:19 | 000,092,675 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196_CROP.JPG
    [2010/06/30 12:50:19 | 000,092,567 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196_CROP.0
    [2010/06/30 12:12:52 | 000,314,409 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010195.JPG
    [2010/06/30 12:12:51 | 000,432,577 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010195.0
    [2010/05/22 08:56:21 | 000,408,859 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010121.JPG
    [2010/05/20 13:02:51 | 000,443,327 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010084.JPG
    [2010/05/20 13:02:51 | 000,400,013 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010084.0
    [2010/04/03 16:19:41 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2010/04/02 15:23:26 | 000,401,222 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010045.JPG
    [2010/04/02 15:23:26 | 000,008,853 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010045_navi.JPG
    [2010/04/02 15:22:33 | 000,257,005 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010047.JPG
    [2010/03/20 14:41:36 | 000,415,997 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010047.0
    [2010/03/20 08:40:34 | 000,201,574 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010105.JPG
    [2010/03/20 08:40:34 | 000,200,480 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010105.0
    [2010/03/18 10:21:27 | 000,224,464 | ---- | C] () -- C:\Windows\hpwins19.dat

    ========== LOP Check ==========

    [2010/09/26 09:36:48 | 000,000,000 | -HSD | M] -- C:\Users\Milo Hardt\AppData\Roaming\.#
    [2010/03/07 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\InterTrust
    [2010/12/28 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\Nikon
    [2010/02/23 17:20:45 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\PictureMover
    [2010/11/25 13:18:14 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\Template
    [2010/03/10 19:32:31 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\WinBatch
    [2012/02/09 21:17:41 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\Windows Live Writer
    [2011/05/31 10:41:05 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
    [2012/01/11 15:19:09 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >

  4. #4
    Member
    Join Date
    Oct 2010
    Posts
    45

    Smile

    Forgot to mention this to you!

    Just this last Thurs. (after my original post on Sunday morning) there were some "automatic updates" that were downloaded. I don't know if this would have an impact on the original ERUNT etc. items that I put in this thread when I started it.

    Thanks again. Your help is greatly appreciated!!

  5. #5
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Are all these that I am looking at pictures put there by yourself ?
    C:\Users\Milo Hardt\AppData\Local\tmpP6010188.JPG



    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #6
    Member
    Join Date
    Oct 2010
    Posts
    45

    Default

    As to the pictures question: The only pictures that have been saved to this computer should have been saved in the "My Pictures" folder.

    NOTE:
    I could not find any "Remove Selected" after scanning with the newly downloaded Malwarebytes.

    However, when I clicked on the Quarantine section there is the following: "Hijack.Displa... Registry Data HKLM\SOFTWARE\Microsoft\Windows\Current..."
    I cannot read the entire item, but I don't think it should be on my computer. Should I "delete" this quarantined item?

    Below is the pasted results of the Malwarebytes Quik Scan that I ran.


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.19.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Milo Hardt :: HARDT-HOME-PC [administrator]

    2/19/2012 4:03:04 AM
    mbam-log-2012-02-19 (04-03-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 227991
    Time elapsed: 9 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Anything in Quarantine you can get rid off


    You need to download the 64bit version of System Look


    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64 Bit Version

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      ClickPotatoLite
      :folderfind
      ClickPotatoLite
      :Regfind
      ClickPotatoLite
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Member
    Join Date
    Oct 2010
    Posts
    45

    Default

    When I go to all three of the links and attempt to download the 64bit version of System Look I get the exact same response when I click on LOOK. A box with an "X" out red circle and "Script required!" pops up!

    The download seems to be on my computer in downloads folder, but it does not want to run!

  9. #9
    Member
    Join Date
    Oct 2010
    Posts
    45

    Default

    The box that appears also says "System Look - Error" at the top.

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You need to download it to your desktop, the right click on it and select RUN AS ADMINISTRATOR
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •