View Full Version : help
this is try three now.....plz make me a beleaver in this site...
Admin Edit
http://forums.spybot.info/showthread.php?t=61243
http://forums.spybot.info/showthread.php?t=61108
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Ian Young at 12:25:20.30 on Mon 01/10/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6279 [GMT -6:00]
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\KBD\KbdStub.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbtcoms.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\java.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\DNA\btdna.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Ian Young\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K4YYFW7\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe -rem
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [KBD] C:\HP\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\IANYOU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://photos1.walmart.com/WalmartActivia3.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553512000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {F999A48B-1950-4D81-9971-79018F807B4B} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
================= FIREFOX ===================
FF - ProfilePath - C:\Users\IANYOU~1\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/showthread.php?t=288
FF - component: C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\components\FFExternalAlert.dll
FF - component: C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Ian Young\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {B3CFF1CD-9E08-47F7-8F3D-4E2049E3845B} - C:\Windows\system32\config\systemprofile\AppData\Local\{B3CFF1CD-9E08-47F7-8F3D-4E2049E3845B}
FF - Ext: XULRunner: {9727A106-0AB1-4EFA-955D-4DE0558A883B} - C:\Users\Ian Young\AppData\Local\{9727A106-0AB1-4EFA-955D-4DE0558A883B}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
FF - Ext: Search Toolbar: http://forums.spybot.info/misc.php?do=email_dev&email=c2VhcmNodG9vbGJhckB6dWdvLmNvbQ== - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
============= SERVICES / DRIVERS ===============
R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2010-4-29 335288]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 HPBtnSrv;HP Chasis Button Service;C:\hp\HPEZBTN\HPBtnSrv.exe [2008-8-8 198240]
R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2009-9-25 517632]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2008-12-3 1686528]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2008-8-8 459776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-12 136176]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-6-24 35840]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-16 89920]
=============== File Associations ===============
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
=============== Created Last 30 ================
2011-01-10 17:41:40 -------- d-----w- C:\Program Files (x86)\whitesmoketoolbar
2011-01-02 05:31:47 -------- d-----w- C:\Program Files (x86)\WhiteSmoke Translator
==================== Find3M ====================
============= FINISH: 12:39:25.82 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
I replied to your last post here and you never replied back so the thread was closed.
http://forums.spybot.info/showthread.php?t=61108
Please be advised that when a helper replies to your thread and there is no reply back from you in three days that the thread is closed.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
i have like 20 windows come up when i start my computer, that say program not working is this normal? i also have windows that just pop and go away for the first like 20 min my computer is running. since my computer was infected the only thing i have done is use this website.....i just wanted to no if all this was normal.
here is the Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5195
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
1/16/2011 11:49:26 AM
mbam-log-2011-01-16 (11-49-26).txt
Scan type: Quick scan
Objects scanned: 221246
Time elapsed: 5 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
here is the olt
OTL logfile created on: 1/16/2011 11:53:36 AM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Ian Young\Saved Games\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.46 Gb Total Space | 342.70 Gb Free Space | 49.92% Space Free | Partition Type: NTFS
Drive D: | 12.18 Gb Total Space | 1.66 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 139.02 Gb Free Space | 46.65% Space Free | Partition Type: FAT32
Drive N: | 970.13 Mb Total Space | 441.45 Mb Free Space | 45.50% Space Free | Partition Type: FAT
Computer Name: IANYOUNG-PC | User Name: Ian Young | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ian Young\AppData\Local\Temp\hki224.exe ()
PRC - C:\Program Files (x86)\QuickTime\QTTask .exe ()
PRC - C:\Users\Ian Young\Saved Games\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\steam.exe ()
PRC - C:\Program Files (x86)\DNA\btdna.exe ()
PRC - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ()
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe ()
PRC - C:\hp\KBD\KbdStub.EXE ()
PRC - C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe ()
PRC - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Ian Young\Saved Games\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\WhiteSmoke Translator\WHook.dll (Deskperience)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (dlbt_device) -- C:\Windows\SysNative\dlbtcoms.exe ( )
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\Supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (LinksysUpdater) -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "FreeOnlineRadioPlayerRecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://forums.spybot.info/showthread.php?t=288"
FF - prefs.js..extensions.enabledItems: {f999a48b-1950-4d81-9971-79018f807b4b}:2.7.2.0
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {B3CFF1CD-9E08-47F7-8F3D-4E2049E3845B}:1.9.1
FF - prefs.js..extensions.enabledItems: {9727A106-0AB1-4EFA-955D-4DE0558A883B}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{B3CFF1CD-9E08-47F7-8F3D-4E2049E3845B}: C:\Windows\system32\config\systemprofile\AppData\Local\{B3CFF1CD-9E08-47F7-8F3D-4E2049E3845B}\ [2010/11/10 19:03:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9727A106-0AB1-4EFA-955D-4DE0558A883B}: C:\Users\Ian Young\AppData\Local\{9727A106-0AB1-4EFA-955D-4DE0558A883B} [2010/11/10 19:13:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/30 11:19:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/30 11:19:47 | 000,000,000 | ---D | M]
[2010/06/05 17:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Extensions
[2010/06/05 17:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/26 18:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions
[2010/06/07 09:55:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/18 13:29:18 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010/08/27 13:16:27 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Toolbar) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2010/11/20 17:16:53 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions\searchtoolbar@zugo.com
[2010/07/08 20:15:56 | 000,002,425 | ---- | M] () -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\searchplugins\askcom.xml
[2010/09/14 06:41:12 | 000,002,506 | ---- | M] () -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\searchplugins\BearShareWebSearch.xml
[2010/11/20 17:16:53 | 000,001,919 | ---- | M] () -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\searchplugins\bing-zugo.xml
[2010/08/11 10:56:22 | 000,000,961 | ---- | M] () -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\searchplugins\conduit.xml
[2010/09/23 11:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 19:13:37 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\IAN YOUNG\APPDATA\LOCAL\{9727A106-0AB1-4EFA-955D-4DE0558A883B}
[2010/11/10 19:03:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{B3CFF1CD-9E08-47F7-8F3D-4E2049E3845B}
[2010/09/14 06:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2011/01/10 11:41:14 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml
O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe ()
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.EXE ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask .exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe ()
O4 - HKCU..\Run: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe ()
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident\4.0; File not found
O4 - Startup: C:\Users\Ian Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} http://photos1.walmart.com/WalmartActivia3.cab (Snapfish Activia3)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553512000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Ian Young\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ian Young\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/18 10:37:12 | 000,000,069 | RH-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2008/01/22 19:40:38 | 000,000,090 | ---- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{0cb12bdb-bd6f-11dd-8035-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: Logotvol - (C:\Windows\system32\audition.dll) - C:\Windows\SysWOW64\audition.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/01/15 09:03:53 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/15 09:03:53 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/15 09:03:51 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[2011/01/10 11:48:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ian Young\Saved Games\Desktop\OTL.exe
[2011/01/10 11:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\whitesmoketoolbar
[2011/01/01 23:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke Translator
[2011/01/01 23:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmoke Translator
[2011/01/01 23:23:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/01 23:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/01/01 23:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/01/01 23:22:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Ian Young\Saved Games\Desktop\erunt-setup.exe
[2011/01/01 23:03:22 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/01/01 23:03:22 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/01/01 23:03:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/01/01 23:03:21 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2011/01/01 23:03:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2011/01/01 23:03:21 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/01/01 23:03:17 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011/01/01 23:03:00 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/01/01 23:02:59 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/01/01 23:02:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/01/01 23:02:59 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/01/01 23:02:59 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/01/01 23:02:59 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/01/01 23:02:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/01/01 23:02:59 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/01/01 23:02:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/01/01 23:02:59 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/01/01 23:02:59 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/01/01 23:02:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/01/01 23:02:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/01/01 23:02:59 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/01/01 23:02:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/01/01 23:02:59 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/01/01 23:02:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/01/01 23:02:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/01/01 23:02:59 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/01/01 23:02:59 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/01/01 23:02:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/01/01 23:02:59 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/01/01 23:02:59 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/01/01 23:02:59 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/01/01 23:02:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/01/01 23:02:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/01/01 23:02:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/01/01 23:02:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/01/01 23:02:44 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011/01/01 23:02:44 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2011/01/01 23:02:44 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011/01/01 23:02:44 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011/01/01 23:02:44 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011/01/01 23:02:44 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2009/03/16 13:36:16 | 001,691,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2009/03/16 13:35:46 | 000,525,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
[2009/03/16 13:35:34 | 000,094,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/01/16 11:50:35 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2B569909-EA70-4117-81A1-F0AA99D8121D}.job
[2011/01/16 11:42:16 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/16 11:42:16 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/16 11:42:16 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/16 11:37:15 | 000,000,112 | ---- | M] () -- C:\ProgramData\6WODEbKw.dat
[2011/01/16 11:35:01 | 000,001,344 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\Clean Registry for Free!.lnk
[2011/01/16 11:34:49 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/16 11:34:43 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/16 11:34:43 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/16 11:34:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/15 12:09:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/15 09:05:05 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/10 12:45:43 | 000,003,284 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\Attach #2.zip
[2011/01/10 11:49:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ian Young\Saved Games\Desktop\OTL.exe
[2011/01/10 11:41:18 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\Launch WhiteSmoke Translator.lnk
[2011/01/02 10:13:29 | 000,397,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/01 23:31:48 | 000,001,909 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2011/01/01 23:31:48 | 000,001,328 | ---- | M] () -- C:\Users\Public\Desktop\Buy Whitesmoke Translator.lnk
[2011/01/01 23:23:23 | 000,000,945 | ---- | M] () -- C:\Users\Ian Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/01 23:22:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Ian Young\Saved Games\Desktop\erunt-setup.exe
[2011/01/01 23:17:26 | 000,002,607 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\ian's Attach text.zip
[2011/01/01 22:58:25 | 000,624,128 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\dds.scr
[2011/01/01 22:51:28 | 000,293,144 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\SoftonicDownloader_for_erunt.exe
[2010/12/28 10:08:18 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2010/12/28 09:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/01/10 12:45:43 | 000,003,284 | ---- | C] () -- C:\Users\Ian Young\Saved Games\Desktop\Attach #2.zip
[2011/01/10 11:30:32 | 000,000,112 | ---- | C] () -- C:\ProgramData\6WODEbKw.dat
[2011/01/01 23:31:48 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2011/01/01 23:31:48 | 000,001,328 | ---- | C] () -- C:\Users\Public\Desktop\Buy Whitesmoke Translator.lnk
[2011/01/01 23:31:47 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\Launch WhiteSmoke Translator.lnk
[2011/01/01 23:23:23 | 000,000,945 | ---- | C] () -- C:\Users\Ian Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/01 23:17:26 | 000,002,607 | ---- | C] () -- C:\Users\Ian Young\Saved Games\Desktop\ian's Attach text.zip
[2011/01/01 22:58:19 | 000,624,128 | ---- | C] () -- C:\Users\Ian Young\Saved Games\Desktop\dds.scr
[2011/01/01 22:50:56 | 000,293,144 | ---- | C] () -- C:\Users\Ian Young\Saved Games\Desktop\SoftonicDownloader_for_erunt.exe
[2010/11/26 10:31:17 | 000,000,010 | ---- | C] () -- C:\Users\Ian Young\AppData\Roaming\install
[2010/11/26 08:40:03 | 000,000,218 | ---- | C] () -- C:\Users\Ian Young\AppData\Roaming\sdhkryu.bat
[2010/11/22 17:45:42 | 000,049,664 | -H-- | C] () -- C:\Windows\SysWow64\audition.dll
[2010/11/11 13:26:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FastUv32.dll
[2010/11/11 09:15:41 | 000,000,120 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\Cricoxut.dat
[2010/11/11 09:15:41 | 000,000,000 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\Cmetuxeg.bin
[2010/09/18 14:45:43 | 000,424,616 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\dd_vcredistMSI271D.txt
[2010/09/18 14:45:43 | 000,011,410 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\dd_vcredistUI271D.txt
[2010/01/02 14:18:23 | 000,000,270 | ---- | C] () -- C:\Windows\game.ini
[2009/12/08 16:55:04 | 018,030,130 | ---- | C] () -- C:\ProgramData\vlc-1.0.3-win32.exe
[2009/08/19 13:38:11 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/07/20 15:27:56 | 017,828,326 | ---- | C] () -- C:\ProgramData\vlc-1.0.0-win32.exe
[2009/06/19 22:45:40 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/06/16 13:58:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/16 13:58:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/16 13:36:48 | 013,264,160 | ---- | C] () -- C:\Program Files\dxnt.cab
[2009/03/16 13:36:48 | 004,162,622 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
[2009/03/16 13:36:48 | 001,973,694 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x64.cab
[2009/03/16 13:36:48 | 001,906,870 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x64.cab
[2009/03/16 13:36:48 | 001,800,152 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
[2009/03/16 13:36:48 | 001,794,076 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x64.cab
[2009/03/16 13:36:46 | 001,802,050 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab
[2009/03/16 13:36:46 | 001,792,600 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x64.cab
[2009/03/16 13:36:46 | 001,769,854 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
[2009/03/16 13:36:44 | 001,709,352 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab
[2009/03/16 13:36:44 | 001,155,483 | ---- | C] () -- C:\Program Files\BDANT.cab
[2009/03/16 13:36:44 | 001,115,221 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
[2009/03/16 13:36:44 | 001,084,712 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
[2009/03/16 13:36:42 | 001,350,534 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
[2009/03/16 13:36:42 | 001,127,209 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
[2009/03/16 13:36:42 | 001,079,456 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
[2009/03/16 13:36:42 | 001,078,954 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
[2009/03/16 13:36:42 | 001,077,644 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
[2009/03/16 13:36:42 | 001,067,160 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x64.cab
[2009/03/16 13:36:42 | 001,064,917 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
[2009/03/16 13:36:42 | 001,040,745 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x86.cab
[2009/03/16 13:36:42 | 001,013,217 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
[2009/03/16 13:36:42 | 000,994,146 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x64.cab
[2009/03/16 13:36:40 | 001,607,766 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
[2009/03/16 13:36:40 | 001,607,286 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
[2009/03/16 13:36:40 | 001,347,346 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2009/03/16 13:36:38 | 001,708,144 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
[2009/03/16 13:36:38 | 001,612,446 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x86.cab
[2009/03/16 13:36:38 | 001,607,358 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
[2009/03/16 13:36:38 | 001,606,039 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
[2009/03/16 13:36:38 | 001,574,376 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
[2009/03/16 13:36:38 | 001,571,154 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
[2009/03/16 13:36:38 | 001,550,796 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x86.cab
[2009/03/16 13:36:38 | 001,464,664 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x86.cab
[2009/03/16 13:36:38 | 001,463,878 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x86.cab
[2009/03/16 13:36:38 | 001,443,282 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
[2009/03/16 13:36:38 | 001,412,894 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
[2009/03/16 13:36:38 | 001,397,830 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
[2009/03/16 13:36:38 | 001,362,788 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
[2009/03/16 13:36:38 | 001,357,976 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
[2009/03/16 13:36:38 | 001,335,994 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
[2009/03/16 13:36:38 | 001,247,499 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
[2009/03/16 13:36:38 | 000,975,148 | ---- | C] () -- C:\Program Files\BDAXP.cab
[2009/03/16 13:36:38 | 000,965,413 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x86.cab
[2009/03/16 13:36:38 | 000,916,422 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab
[2009/03/16 13:36:38 | 000,867,828 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x64.cab
[2009/03/16 13:36:38 | 000,867,604 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x64.cab
[2009/03/16 13:36:36 | 000,864,592 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab
[2009/03/16 13:36:36 | 000,852,278 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
[2009/03/16 13:36:36 | 000,849,919 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x86.cab
[2009/03/16 13:36:36 | 000,849,159 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x86.cab
[2009/03/16 13:36:34 | 000,844,884 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
[2009/03/16 13:36:34 | 000,818,252 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
[2009/03/16 13:36:34 | 000,803,884 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab
[2009/03/16 13:36:34 | 000,796,859 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
[2009/03/16 13:36:34 | 000,698,612 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
[2009/03/16 13:36:34 | 000,698,472 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
[2009/03/16 13:36:34 | 000,273,990 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x64.cab
[2009/03/16 13:36:32 | 000,699,036 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
[2009/03/16 13:36:32 | 000,695,857 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
[2009/03/16 13:36:32 | 000,273,203 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x86.cab
[2009/03/16 13:36:32 | 000,271,360 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x64.cab
[2009/03/16 13:36:32 | 000,269,842 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x86.cab
[2009/03/16 13:36:32 | 000,269,620 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x64.cab
[2009/03/16 13:36:32 | 000,269,016 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x86.cab
[2009/03/16 13:36:30 | 000,275,036 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x64.cab
[2009/03/16 13:36:30 | 000,273,010 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x86.cab
[2009/03/16 13:36:30 | 000,251,194 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x64.cab
[2009/03/16 13:36:30 | 000,226,242 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x86.cab
[2009/03/16 13:36:30 | 000,212,799 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
[2009/03/16 13:36:30 | 000,191,720 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
[2009/03/16 13:36:28 | 000,198,088 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab
[2009/03/16 13:36:28 | 000,197,122 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab
[2009/03/16 13:36:28 | 000,196,754 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x64.cab
[2009/03/16 13:36:28 | 000,182,361 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab
[2009/03/16 13:36:28 | 000,180,777 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab
[2009/03/16 13:36:28 | 000,179,125 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab
[2009/03/16 13:36:28 | 000,178,351 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab
[2009/03/16 13:36:26 | 000,195,758 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab
[2009/03/16 13:36:26 | 000,194,675 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab
[2009/03/16 13:36:26 | 000,192,475 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab
[2009/03/16 13:36:26 | 000,182,895 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab
[2009/03/16 13:36:26 | 000,151,225 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab
[2009/03/16 13:36:24 | 000,153,004 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab
[2009/03/16 13:36:24 | 000,152,909 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab
[2009/03/16 13:36:24 | 000,147,975 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab
[2009/03/16 13:36:22 | 000,148,264 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x86.cab
[2009/03/16 13:36:22 | 000,145,591 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab
[2009/03/16 13:36:22 | 000,138,017 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab
[2009/03/16 13:36:22 | 000,137,227 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab
[2009/03/16 13:36:20 | 000,133,663 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab
[2009/03/16 13:36:20 | 000,133,095 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab
[2009/03/16 13:36:20 | 000,132,409 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab
[2009/03/16 13:36:20 | 000,122,328 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x64.cab
[2009/03/16 13:36:20 | 000,121,824 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x64.cab
[2009/03/16 13:36:20 | 000,121,746 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x64.cab
[2009/03/16 13:36:20 | 000,121,498 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x64.cab
[2009/03/16 13:36:20 | 000,121,046 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x64.cab
[2009/03/16 13:36:20 | 000,096,817 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab
[2009/03/16 13:36:20 | 000,093,726 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x86.cab
[2009/03/16 13:36:20 | 000,093,120 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x86.cab
[2009/03/16 13:36:20 | 000,093,004 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x86.cab
[2009/03/16 13:36:18 | 000,095,296 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2009/03/16 13:36:18 | 000,092,688 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x86.cab
[2009/03/16 13:36:16 | 000,092,732 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x86.cab
[2009/03/16 13:36:16 | 000,087,134 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab
[2009/03/16 13:36:16 | 000,087,093 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab
[2009/03/16 13:36:16 | 000,086,029 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab
[2009/03/16 13:36:14 | 000,055,154 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x64.cab
[2009/03/16 13:36:14 | 000,055,058 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
[2009/03/16 13:36:14 | 000,053,302 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab
[2009/03/16 13:36:12 | 000,055,110 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x64.cab
[2009/03/16 13:36:12 | 000,054,592 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x64.cab
[2009/03/16 13:36:12 | 000,046,144 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
[2009/03/16 13:36:12 | 000,046,050 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab
[2009/03/16 13:36:12 | 000,046,002 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab
[2009/03/16 13:36:12 | 000,045,359 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab
[2009/03/16 13:36:12 | 000,044,444 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2009/03/16 13:36:12 | 000,021,897 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x86.cab
[2009/03/16 13:36:12 | 000,021,867 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
[2009/03/16 13:36:12 | 000,021,836 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x86.cab
[2009/03/16 13:36:12 | 000,018,488 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
[2009/03/16 13:36:10 | 000,021,298 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x86.cab
[2009/01/07 18:32:32 | 000,000,680 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\d3d9caps.dat
[2009/01/07 18:31:34 | 000,000,732 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\d3d9caps64.dat
[2008/11/28 14:46:17 | 000,159,744 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/08 02:06:35 | 000,007,662 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/08/08 01:43:58 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/08 01:43:58 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/04/27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
========== LOP Check ==========
[2010/11/08 14:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Ian Young\AppData\Roaming\.#
[2010/08/26 09:23:26 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\Amazon
[2010/01/02 13:52:08 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\Azureus
[2008/11/30 19:23:14 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\BitTorrent
[2010/01/02 12:15:25 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\BitZipper
[2011/01/16 11:52:51 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\DNA
[2010/08/27 16:16:01 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\Free Audio Editor
[2009/07/08 07:05:33 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\IWeb Project
[2010/09/18 14:50:18 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\MAGIX
[2010/03/24 11:35:36 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\McGraw-HillLicensing
[2009/10/18 17:48:58 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\Mount&Blade
[2010/03/24 11:35:47 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\ProtectDisc
[2009/05/31 22:01:50 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\Sammsoft
[2009/05/04 12:48:33 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\Snapfish
[2010/10/31 14:26:46 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\Wal-Mart
[2009/03/23 21:54:01 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\WeatherBug
[2011/01/02 10:14:50 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\WhiteSmokeTranslator
[2008/11/28 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\Ian Young\AppData\Roaming\WildTangent
[2011/01/15 12:26:35 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/26 03:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\Statistics (Fall 2008 Student Version) Updates.job
[2011/01/16 11:50:35 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2B569909-EA70-4117-81A1-F0AA99D8121D}.job
========== Purity Check ==========
< End of report >
Hi,
WhiteSmoke Translator <-- Don't know if its related but this program is add supported and will send you lots of adds some via pop up windows
BitTorrent DNA <--Any type of File Sharing is dangerous and should be avoided, your downloading that file from and unknown source and not all but most contain some sort of malware, it may be the root of your pop up windows
Ask.com <--This is another program that will change your setting for your browser and is not recommended
* It promotes its toolbars on sites targeted at kids.
* It promotes its toolbars through ads that appear to be part of other companies' sites.
* It promotes its toolbars through other companies' spyware.
* It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
* It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
* It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.
You can try uninstalling them via Programs and Features in the Control Panel and see if that helped.
Scan With RootKitUnHooker
Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1 (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Link 2 (http://www.kernelmode.info/ARKs/RKUnhookerLE.zip)
Link 3 (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar)
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.
Note** you may get the following warning, just click OK and continue.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
the first link went round and roung saying in had a parasite - parasite removed. then ended with frror loding driver- NTSTATUS: 0xC000036B
the other links went straght to the error mesage after i saved the file and extraced the prgram.
what should i do?
Ian
Hi,
See if it will run in Safemode
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
If not try running this program
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
my computer did nothing when i hit F8 i could not get it to start in safe mode.... when i ran the program it cam up with a box after 45 minutes saying it found nothing and gave me no report??
what should i do
Run GMER in normal windows
it said after like 50 min "GMER hasn't found any system modification"
when i hit ok there was no lof to be found?
did i do it wrong?
I am working up a fix, I am going to remove BitTorrent, Ask and White Smoke along with some other bad stuff. If you disagree let me know.
You have so many tool bars its a wonder you can see your desktop :sad:
i have tried to remove some peer to peer stuff before but i never get rid of it all... plz do what ever you need to do im a teacher and i have all my photos and lesson ppts. remove what ever you want i just want my computer back...
Hi,
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DNA\btdna.exe ()
PRC - C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe ()
MOD - C:\Program Files (x86)\WhiteSmoke Translator\WHook.dll (Deskperience)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4 - HKCU..\Run: C:\Program Files (x86)\DNA\btdna.exe ()
[2011/01/01 23:31:48 | 000,001,909 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2011/01/01 23:31:48 | 000,001,328 | ---- | M] () -- C:\Users\Public\Desktop\Buy Whitesmoke Translator.lnk
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the [b]Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then do a new OTL scan and post the new log please
This is the lof after the rebot. i said yes to rebot befor i saved the log that came up sorry :sad:
but when my computer reboted the safe mode screen came up :rockon:
OTL logfile created on: 1/20/2011 8:07:02 PM - Run 3
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Ian Young\Saved Games\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.46 Gb Total Space | 357.45 Gb Free Space | 52.07% Space Free | Partition Type: NTFS
Drive D: | 12.18 Gb Total Space | 1.66 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 147.23 Gb Free Space | 49.40% Space Free | Partition Type: FAT32
Drive H: | 7.34 Gb Total Space | 0.07 Gb Free Space | 0.95% Space Free | Partition Type: FAT32
Drive N: | 970.13 Mb Total Space | 441.45 Mb Free Space | 45.50% Space Free | Partition Type: FAT
Computer Name: IANYOUNG-PC | User Name: Ian Young | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ian Young\Saved Games\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\steam.exe ()
PRC - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ()
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe ()
PRC - C:\hp\KBD\KbdStub.EXE ()
PRC - C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Ian Young\Saved Games\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (dlbt_device) -- C:\Windows\SysNative\dlbtcoms.exe ( )
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\Supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (LinksysUpdater) -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "FreeOnlineRadioPlayerRecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://forums.spybot.info/showthread.php?t=288"
FF - prefs.js..extensions.enabledItems: {f999a48b-1950-4d81-9971-79018f807b4b}:2.7.2.0
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {B3CFF1CD-9E08-47F7-8F3D-4E2049E3845B}:1.9.1
FF - prefs.js..extensions.enabledItems: {9727A106-0AB1-4EFA-955D-4DE0558A883B}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{B3CFF1CD-9E08-47F7-8F3D-4E2049E3845B}: C:\Windows\system32\config\systemprofile\AppData\Local\{B3CFF1CD-9E08-47F7-8F3D-4E2049E3845B}\ [2010/11/10 19:03:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9727A106-0AB1-4EFA-955D-4DE0558A883B}: C:\Users\Ian Young\AppData\Local\{9727A106-0AB1-4EFA-955D-4DE0558A883B} [2010/11/10 19:13:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/30 11:19:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/30 11:19:47 | 000,000,000 | ---D | M]
[2010/06/05 17:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Extensions
[2010/06/05 17:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/26 18:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions
[2010/06/07 09:55:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/18 13:29:18 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010/08/27 13:16:27 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Toolbar) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2010/11/20 17:16:53 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\extensions\searchtoolbar@zugo.com
[2010/07/08 20:15:56 | 000,002,425 | ---- | M] () -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\searchplugins\askcom.xml
[2010/09/14 06:41:12 | 000,002,506 | ---- | M] () -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\searchplugins\BearShareWebSearch.xml
[2010/11/20 17:16:53 | 000,001,919 | ---- | M] () -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\searchplugins\bing-zugo.xml
[2010/08/11 10:56:22 | 000,000,961 | ---- | M] () -- C:\Users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\searchplugins\conduit.xml
[2010/09/23 11:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 19:13:37 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\IAN YOUNG\APPDATA\LOCAL\{9727A106-0AB1-4EFA-955D-4DE0558A883B}
[2010/11/10 19:03:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{B3CFF1CD-9E08-47F7-8F3D-4E2049E3845B}
[2010/09/14 06:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2011/01/10 11:41:14 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml
O1 HOSTS File: ([2011/01/20 18:23:11 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe ()
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.EXE ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask .exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe ()
O4 - HKCU..\Run: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident\4.0; File not found
O4 - Startup: C:\Users\Ian Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} http://photos1.walmart.com/WalmartActivia3.cab (Snapfish Activia3)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553512000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Ian Young\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ian Young\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/18 10:37:12 | 000,000,069 | RH-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2008/01/22 19:40:38 | 000,000,090 | ---- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{0cb12bdb-bd6f-11dd-8035-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: Logotvol - (C:\Windows\system32\audition.dll) - C:\Windows\SysWOW64\audition.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/01/20 16:10:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/20 16:08:58 | 000,000,000 | ---D | C] -- C:\Users\Ian Young\Saved Games\Desktop\erunt2
[2011/01/18 15:37:01 | 000,000,000 | ---D | C] -- C:\Users\Ian Young\Saved Games\Desktop\gmer2
[2011/01/17 08:50:42 | 000,000,000 | ---D | C] -- C:\Users\Ian Young\Saved Games\Desktop\hooker
[2011/01/15 09:03:53 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/15 09:03:53 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/15 09:03:51 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[2011/01/10 11:48:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ian Young\Saved Games\Desktop\OTL.exe
[2011/01/10 11:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\whitesmoketoolbar
[2011/01/01 23:23:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/01 23:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/01/01 23:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/01/01 23:22:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Ian Young\Saved Games\Desktop\erunt-setup.exe
[2011/01/01 23:03:22 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/01/01 23:03:22 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/01/01 23:03:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/01/01 23:03:21 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2011/01/01 23:03:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2011/01/01 23:03:21 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/01/01 23:03:17 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011/01/01 23:03:00 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/01/01 23:02:59 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/01/01 23:02:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/01/01 23:02:59 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/01/01 23:02:59 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/01/01 23:02:59 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/01/01 23:02:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/01/01 23:02:59 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/01/01 23:02:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/01/01 23:02:59 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/01/01 23:02:59 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/01/01 23:02:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/01/01 23:02:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/01/01 23:02:59 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/01/01 23:02:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/01/01 23:02:59 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/01/01 23:02:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/01/01 23:02:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/01/01 23:02:59 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/01/01 23:02:59 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/01/01 23:02:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/01/01 23:02:59 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/01/01 23:02:59 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/01/01 23:02:59 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/01/01 23:02:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/01/01 23:02:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/01/01 23:02:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/01/01 23:02:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/01/01 23:02:44 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011/01/01 23:02:44 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2011/01/01 23:02:44 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011/01/01 23:02:44 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011/01/01 23:02:44 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011/01/01 23:02:44 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2009/03/16 13:36:16 | 001,691,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2009/03/16 13:35:46 | 000,525,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
[2009/03/16 13:35:34 | 000,094,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
========== Files - Modified Within 30 Days ==========
[2011/01/20 20:05:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/20 20:04:02 | 000,001,344 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\Clean Registry for Free!.lnk
[2011/01/20 20:03:50 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/20 20:03:50 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/20 20:03:49 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/20 20:03:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/20 20:03:26 | 688,103,337 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/20 20:00:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/01/20 19:47:58 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2B569909-EA70-4117-81A1-F0AA99D8121D}.job
[2011/01/20 19:30:21 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/20 19:30:21 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/20 19:30:21 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/20 19:25:29 | 000,000,112 | ---- | M] () -- C:\ProgramData\6WODEbKw.dat
[2011/01/20 19:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/01/20 18:00:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/01/20 17:00:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/01/20 16:08:42 | 000,513,320 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\erunt.zip
[2011/01/20 16:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/01/20 15:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/01/20 14:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/01/20 13:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/01/20 12:44:38 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/20 12:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/01/20 11:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/01/20 10:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/01/20 09:00:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/01/20 08:00:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/01/20 07:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/01/20 06:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/01/20 05:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/01/20 04:00:06 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/01/20 03:00:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/01/20 03:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\Statistics (Fall 2008 Student Version) Updates.job
[2011/01/20 02:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/01/20 01:00:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/01/20 00:07:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/01/19 23:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/01/19 22:00:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/01/19 21:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/01/19 18:37:13 | 000,079,874 | ---- | M] () -- C:\ProgramData\V7IFM37E.exe
[2011/01/18 15:28:38 | 000,288,107 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\gmer.zip
[2011/01/17 08:53:52 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/01/10 12:45:43 | 000,003,284 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\Attach #2.zip
[2011/01/10 11:49:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ian Young\Saved Games\Desktop\OTL.exe
[2011/01/02 10:13:29 | 000,397,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/01 23:23:23 | 000,000,945 | ---- | M] () -- C:\Users\Ian Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/01 23:22:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Ian Young\Saved Games\Desktop\erunt-setup.exe
[2011/01/01 23:17:26 | 000,002,607 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\ian's Attach text.zip
[2011/01/01 22:58:25 | 000,624,128 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\dds.scr
[2011/01/01 22:51:28 | 000,293,144 | ---- | M] () -- C:\Users\Ian Young\Saved Games\Desktop\SoftonicDownloader_for_erunt.exe
[2010/12/28 10:08:18 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2010/12/28 09:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
========== Files Created - No Company Name ==========
[2011/01/20 16:08:38 | 000,513,320 | ---- | C] () -- C:\Users\Ian Young\Saved Games\Desktop\erunt.zip
[2011/01/19 18:37:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/01/19 18:37:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/01/19 18:37:49 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/01/19 18:37:49 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/01/19 18:37:48 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/01/19 18:37:48 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/01/19 18:37:48 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/01/19 18:37:47 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/01/19 18:37:47 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/01/19 18:37:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/01/19 18:37:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/01/19 18:37:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/01/19 18:37:45 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/01/19 18:37:45 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/01/19 18:37:45 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/01/19 18:37:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/01/19 18:37:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/01/19 18:37:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/01/19 18:37:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/01/19 18:37:43 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/01/19 18:37:43 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/01/19 18:37:43 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/01/19 18:37:42 | 000,079,874 | ---- | C] () -- C:\ProgramData\V7IFM37E.exe
[2011/01/19 18:37:42 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/01/19 18:37:42 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/01/18 15:28:33 | 000,288,107 | ---- | C] () -- C:\Users\Ian Young\Saved Games\Desktop\gmer.zip
[2011/01/17 08:47:29 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/01/10 12:45:43 | 000,003,284 | ---- | C] () -- C:\Users\Ian Young\Saved Games\Desktop\Attach #2.zip
[2011/01/10 11:30:32 | 000,000,112 | ---- | C] () -- C:\ProgramData\6WODEbKw.dat
[2011/01/01 23:23:23 | 000,000,945 | ---- | C] () -- C:\Users\Ian Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/01 23:17:26 | 000,002,607 | ---- | C] () -- C:\Users\Ian Young\Saved Games\Desktop\ian's Attach text.zip
[2011/01/01 22:58:19 | 000,624,128 | ---- | C] () -- C:\Users\Ian Young\Saved Games\Desktop\dds.scr
[2011/01/01 22:50:56 | 000,293,144 | ---- | C] () -- C:\Users\Ian Young\Saved Games\Desktop\SoftonicDownloader_for_erunt.exe
[2010/11/26 10:31:17 | 000,000,010 | ---- | C] () -- C:\Users\Ian Young\AppData\Roaming\install
[2010/11/26 08:40:03 | 000,000,218 | ---- | C] () -- C:\Users\Ian Young\AppData\Roaming\sdhkryu.bat
[2010/11/22 17:45:42 | 000,049,664 | -H-- | C] () -- C:\Windows\SysWow64\audition.dll
[2010/11/11 13:26:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FastUv32.dll
[2010/11/11 09:15:41 | 000,000,120 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\Cricoxut.dat
[2010/11/11 09:15:41 | 000,000,000 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\Cmetuxeg.bin
[2010/09/18 14:45:43 | 000,424,616 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\dd_vcredistMSI271D.txt
[2010/09/18 14:45:43 | 000,011,410 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\dd_vcredistUI271D.txt
[2010/01/02 14:18:23 | 000,000,270 | ---- | C] () -- C:\Windows\game.ini
[2009/12/08 16:55:04 | 018,030,130 | ---- | C] () -- C:\ProgramData\vlc-1.0.3-win32.exe
[2009/08/19 13:38:11 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/07/20 15:27:56 | 017,828,326 | ---- | C] () -- C:\ProgramData\vlc-1.0.0-win32.exe
[2009/06/19 22:45:40 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/06/16 13:58:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/16 13:58:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/16 13:36:48 | 013,264,160 | ---- | C] () -- C:\Program Files\dxnt.cab
[2009/03/16 13:36:48 | 004,162,622 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
[2009/03/16 13:36:48 | 001,973,694 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x64.cab
[2009/03/16 13:36:48 | 001,906,870 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x64.cab
[2009/03/16 13:36:48 | 001,800,152 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
[2009/03/16 13:36:48 | 001,794,076 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x64.cab
[2009/03/16 13:36:46 | 001,802,050 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab
[2009/03/16 13:36:46 | 001,792,600 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x64.cab
[2009/03/16 13:36:46 | 001,769,854 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
[2009/03/16 13:36:44 | 001,709,352 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab
[2009/03/16 13:36:44 | 001,155,483 | ---- | C] () -- C:\Program Files\BDANT.cab
[2009/03/16 13:36:44 | 001,115,221 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
[2009/03/16 13:36:44 | 001,084,712 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
[2009/03/16 13:36:42 | 001,350,534 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
[2009/03/16 13:36:42 | 001,127,209 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
[2009/03/16 13:36:42 | 001,079,456 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
[2009/03/16 13:36:42 | 001,078,954 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
[2009/03/16 13:36:42 | 001,077,644 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
[2009/03/16 13:36:42 | 001,067,160 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x64.cab
[2009/03/16 13:36:42 | 001,064,917 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
[2009/03/16 13:36:42 | 001,040,745 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x86.cab
[2009/03/16 13:36:42 | 001,013,217 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
[2009/03/16 13:36:42 | 000,994,146 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x64.cab
[2009/03/16 13:36:40 | 001,607,766 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
[2009/03/16 13:36:40 | 001,607,286 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
[2009/03/16 13:36:40 | 001,347,346 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2009/03/16 13:36:38 | 001,708,144 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
[2009/03/16 13:36:38 | 001,612,446 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x86.cab
[2009/03/16 13:36:38 | 001,607,358 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
[2009/03/16 13:36:38 | 001,606,039 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
[2009/03/16 13:36:38 | 001,574,376 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
[2009/03/16 13:36:38 | 001,571,154 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
[2009/03/16 13:36:38 | 001,550,796 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x86.cab
[2009/03/16 13:36:38 | 001,464,664 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x86.cab
[2009/03/16 13:36:38 | 001,463,878 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x86.cab
[2009/03/16 13:36:38 | 001,443,282 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
[2009/03/16 13:36:38 | 001,412,894 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
[2009/03/16 13:36:38 | 001,397,830 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
[2009/03/16 13:36:38 | 001,362,788 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
[2009/03/16 13:36:38 | 001,357,976 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
[2009/03/16 13:36:38 | 001,335,994 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
[2009/03/16 13:36:38 | 001,247,499 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
[2009/03/16 13:36:38 | 000,975,148 | ---- | C] () -- C:\Program Files\BDAXP.cab
[2009/03/16 13:36:38 | 000,965,413 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x86.cab
[2009/03/16 13:36:38 | 000,916,422 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab
[2009/03/16 13:36:38 | 000,867,828 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x64.cab
[2009/03/16 13:36:38 | 000,867,604 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x64.cab
[2009/03/16 13:36:36 | 000,864,592 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab
[2009/03/16 13:36:36 | 000,852,278 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
[2009/03/16 13:36:36 | 000,849,919 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x86.cab
[2009/03/16 13:36:36 | 000,849,159 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x86.cab
[2009/03/16 13:36:34 | 000,844,884 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
[2009/03/16 13:36:34 | 000,818,252 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
[2009/03/16 13:36:34 | 000,803,884 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab
[2009/03/16 13:36:34 | 000,796,859 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
[2009/03/16 13:36:34 | 000,698,612 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
[2009/03/16 13:36:34 | 000,698,472 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
[2009/03/16 13:36:34 | 000,273,990 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x64.cab
[2009/03/16 13:36:32 | 000,699,036 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
[2009/03/16 13:36:32 | 000,695,857 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
[2009/03/16 13:36:32 | 000,273,203 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x86.cab
[2009/03/16 13:36:32 | 000,271,360 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x64.cab
[2009/03/16 13:36:32 | 000,269,842 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x86.cab
[2009/03/16 13:36:32 | 000,269,620 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x64.cab
[2009/03/16 13:36:32 | 000,269,016 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x86.cab
[2009/03/16 13:36:30 | 000,275,036 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x64.cab
[2009/03/16 13:36:30 | 000,273,010 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x86.cab
[2009/03/16 13:36:30 | 000,251,194 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x64.cab
[2009/03/16 13:36:30 | 000,226,242 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x86.cab
[2009/03/16 13:36:30 | 000,212,799 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
[2009/03/16 13:36:30 | 000,191,720 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
[2009/03/16 13:36:28 | 000,198,088 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab
[2009/03/16 13:36:28 | 000,197,122 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab
[2009/03/16 13:36:28 | 000,196,754 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x64.cab
[2009/03/16 13:36:28 | 000,182,361 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab
[2009/03/16 13:36:28 | 000,180,777 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab
[2009/03/16 13:36:28 | 000,179,125 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab
[2009/03/16 13:36:28 | 000,178,351 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab
[2009/03/16 13:36:26 | 000,195,758 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab
[2009/03/16 13:36:26 | 000,194,675 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab
[2009/03/16 13:36:26 | 000,192,475 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab
[2009/03/16 13:36:26 | 000,182,895 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab
[2009/03/16 13:36:26 | 000,151,225 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab
[2009/03/16 13:36:24 | 000,153,004 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab
[2009/03/16 13:36:24 | 000,152,909 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab
[2009/03/16 13:36:24 | 000,147,975 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab
[2009/03/16 13:36:22 | 000,148,264 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x86.cab
[2009/03/16 13:36:22 | 000,145,591 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab
[2009/03/16 13:36:22 | 000,138,017 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab
[2009/03/16 13:36:22 | 000,137,227 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab
[2009/03/16 13:36:20 | 000,133,663 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab
[2009/03/16 13:36:20 | 000,133,095 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab
[2009/03/16 13:36:20 | 000,132,409 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab
[2009/03/16 13:36:20 | 000,122,328 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x64.cab
[2009/03/16 13:36:20 | 000,121,824 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x64.cab
[2009/03/16 13:36:20 | 000,121,746 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x64.cab
[2009/03/16 13:36:20 | 000,121,498 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x64.cab
[2009/03/16 13:36:20 | 000,121,046 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x64.cab
[2009/03/16 13:36:20 | 000,096,817 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab
[2009/03/16 13:36:20 | 000,093,726 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x86.cab
[2009/03/16 13:36:20 | 000,093,120 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x86.cab
[2009/03/16 13:36:20 | 000,093,004 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x86.cab
[2009/03/16 13:36:18 | 000,095,296 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2009/03/16 13:36:18 | 000,092,688 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x86.cab
[2009/03/16 13:36:16 | 000,092,732 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x86.cab
[2009/03/16 13:36:16 | 000,087,134 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab
[2009/03/16 13:36:16 | 000,087,093 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab
[2009/03/16 13:36:16 | 000,086,029 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab
[2009/03/16 13:36:14 | 000,055,154 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x64.cab
[2009/03/16 13:36:14 | 000,055,058 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
[2009/03/16 13:36:14 | 000,053,302 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab
[2009/03/16 13:36:12 | 000,055,110 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x64.cab
[2009/03/16 13:36:12 | 000,054,592 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x64.cab
[2009/03/16 13:36:12 | 000,046,144 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
[2009/03/16 13:36:12 | 000,046,050 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab
[2009/03/16 13:36:12 | 000,046,002 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab
[2009/03/16 13:36:12 | 000,045,359 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab
[2009/03/16 13:36:12 | 000,044,444 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2009/03/16 13:36:12 | 000,021,897 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x86.cab
[2009/03/16 13:36:12 | 000,021,867 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
[2009/03/16 13:36:12 | 000,021,836 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x86.cab
[2009/03/16 13:36:12 | 000,018,488 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
[2009/03/16 13:36:10 | 000,021,298 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x86.cab
[2009/01/07 18:32:32 | 000,000,680 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\d3d9caps.dat
[2009/01/07 18:31:34 | 000,000,732 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\d3d9caps64.dat
[2008/11/28 14:46:17 | 000,159,744 | ---- | C] () -- C:\Users\Ian Young\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/08 02:06:35 | 000,007,662 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/08/08 01:43:58 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/08 01:43:58 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/04/27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
< End of report >
now what should i do?
Lets run Combofix, after you download it to your desktop right click on the icon and select RUN AS ADMINISTRATOR
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
here is the log:
ComboFix 11-01-20.03 - Ian Young 01/21/2011 8:01.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6186 [GMT -6:00]
Running from: c:\users\Ian Young\Saved Games\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\hp\KBD\KbdStub.EXE
c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
c:\program files (x86)\iTunes\iTunesHelper.exe
c:\program files (x86)\Java\jre1.6.0_03\bin\jusched.exe
c:\program files (x86)\QuickTime\QTTask.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\program files (x86)\whitesmoketoolbar
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\about.xml
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\external.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsspreview.html
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsswin.xml
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsswin.xsl
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\whitesmoketoolbar\chrome\content\modules\datastore.jsm
c:\program files (x86)\whitesmoketoolbar\chrome\content\neterror.xhtml
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\newtab.html
c:\program files (x86)\whitesmoketoolbar\chrome\content\preferences.xml
c:\program files (x86)\whitesmoketoolbar\chrome\content\toolbar.htm
c:\program files (x86)\whitesmoketoolbar\chrome\content\toolbar.xul
c:\program files (x86)\whitesmoketoolbar\chrome\content\vmncode.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\vmnrsswin.xml
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css\dialog.css
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\bg.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\default.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\transparent.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-left.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-mdl.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right-resize.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\main.html
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts\defscript.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\tb_icon.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.jsw
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.xml
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget_version.txt
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\Thumbs.db
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\Thumbs.db
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\Thumbs.db
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\index.html
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt
c:\program files (x86)\whitesmoketoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\whitesmoketoolbar\chrome\data\rss\rss.xml
c:\program files (x86)\whitesmoketoolbar\chrome\data\search\engines.xml
c:\program files (x86)\whitesmoketoolbar\chrome\data\search\search.xsl
c:\program files (x86)\whitesmoketoolbar\chrome\data\weather\icons.xml
c:\program files (x86)\whitesmoketoolbar\chrome\skin\634017460871087500_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\about.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\babylon_logo.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_16x16.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\blank_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bluelite.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bluesky.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-search-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-search.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-settings-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-settings.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-widgets.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn_settings.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\ca.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\checkMyText_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\checkMyText_png_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dictionary.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\Dictionary_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\Dictionary_png_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\divider.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\downloadcom.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxlogo.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics\folder.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\email.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\email_on.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\eteacher_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\facebook.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\feed_icon_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\feed_icon2_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\france_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\games.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\games_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\gamesIcon_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred0.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred0_5.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred1.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred1_5.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred2.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred2_5.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred3.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred3_5.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred4.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred4_5.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred5.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphredna.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\grey.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\ico-shield.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\images.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\italy_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\add.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\aol.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\blank.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\checkmark.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\chevron.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\collapse.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\comcast.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\dtx.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\edit-back.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\expand.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\found.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\gmail.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\hotmail.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\ico-check.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\imap.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\lock.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\mailcom.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\modify.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\move.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\movetarget.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\pop.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\reload.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\remove.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rename.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rss.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\search-go.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\search.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\throbber.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\yahoo.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lichen.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo-about.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo-separator.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\mail.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\modify-save.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\modify.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\modifyhot.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\music.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\namespacetoolbar.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\networkIcons_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\news.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-main.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-search.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-weather.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-widgets.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\orange.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\pixsy.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\protect-id.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\relatedlinks.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-collapse.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-delete.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-expand.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-feed.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-folder.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-found.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-reload.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-subscribe.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss_feed_icon_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rssback.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rsstopback.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\search-over.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\search.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\settings.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\shopping.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\siteinfo.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-bluelite.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-bluesky.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-grey.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-lichen.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-orange.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-yellow.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin.xml
c:\program files (x86)\whitesmoketoolbar\chrome\skin\spain_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\technorati.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\throbber.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\translate.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\Translate_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\Translate_png_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\TRUSTe_about.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\TV_icon3_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\tvicon_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\tvIcons_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\usa_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\vmn.css
c:\program files (x86)\whitesmoketoolbar\chrome\skin\vmn.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\web.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\wikipedia.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\yahoosearch.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\yellow.gif
c:\program files (x86)\whitesmoketoolbar\chrome\skin\youtube.png
c:\program files (x86)\whitesmoketoolbar\chrome\skin\zoom.png
c:\program files (x86)\whitesmoketoolbar\components\windowmediator.js
c:\program files (x86)\whitesmoketoolbar\manifest.xml
c:\program files (x86)\whitesmoketoolbar\toolbar.xml
c:\program files (x86)\whitesmoketoolbar\uninstall.exe
c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbar.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\System Tool
c:\programdata\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\programdata\V7IFM37E.exe
c:\programdata\vlc-1.0.0-win32.exe
c:\programdata\vlc-1.0.1-win32.exe
c:\programdata\vlc-1.0.3-win32.exe
c:\users\Ian Young\AppData\Local\{9727A106-0AB1-4EFA-955D-4DE0558A883B}
c:\users\Ian Young\AppData\Local\{9727A106-0AB1-4EFA-955D-4DE0558A883B}\chrome.manifest
c:\users\Ian Young\AppData\Local\{9727A106-0AB1-4EFA-955D-4DE0558A883B}\chrome\content\_cfg.js
c:\users\Ian Young\AppData\Local\{9727A106-0AB1-4EFA-955D-4DE0558A883B}\chrome\content\overlay.xul
c:\users\Ian Young\AppData\Local\{9727A106-0AB1-4EFA-955D-4DE0558A883B}\install.rdf
c:\users\Ian Young\AppData\Roaming\.#
c:\users\Ian Young\AppData\Roaming\Adobe\AdobeUpdate .exe
c:\users\Ian Young\AppData\Roaming\Adobe\plugs
c:\users\Ian Young\AppData\Roaming\install
c:\users\Ian Young\AppData\Roaming\sdhkryu.bat
c:\users\Ian Young\AppData\Roaming\WhiteSmokeTranslator
c:\users\Ian Young\AppData\Roaming\WhiteSmokeTranslator\stat.log
C:\whtsmk.exe
c:\windows\system32\FastUv32.dll
c:\windows\system32\jusched.exe
c:\windows\SysWow64\audition.dll
c:\windows\SysWow64\FastUv32.dll
c:\windows\SysWow64\jusched.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
G:\Autorun.inf
<pre>
c:\hp\KBD\KbdStub .exe ---^> c:\hp\KBD\KbdStub.exe
c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl .exe ---^> c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe ---^> c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth .exe ---^> c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe ---^> c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
c:\program files (x86)\HP\HP Software Update\HPWuSchd2 .exe ---^> c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
c:\program files (x86)\iTunes\iTunesHelper .exe ---^> c:\program files (x86)\iTunes\iTunesHelper.exe
</pre>
.
.
((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.
2011-01-21 15:33 . 2011-01-21 15:35 -------- d-----w- c:\users\Ian Young\AppData\Local\temp
2011-01-21 13:59 . 2011-01-21 13:59 -------- d-----w- C:\32788R22FWJFW
2011-01-20 22:10 . 2011-01-20 22:10 -------- d-----w- C:\_OTL
2011-01-17 14:47 . 2011-01-17 14:53 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-01-02 05:23 . 2011-01-02 05:23 -------- d-----w- c:\program files (x86)\ERUNT
2011-01-02 05:02 . 2010-11-02 06:29 660760 ----a-w- c:\program files\Internet Explorer\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 22:13 . 2010-11-11 15:15 0 ----a-w- c:\users\Ian Young\AppData\Local\Cmetuxeg.bin
2009-03-16 19:36 . 2009-03-16 19:36 1691464 ----a-w- c:\program files\dsetup32.dll
2009-03-16 19:35 . 2009-03-16 19:35 525128 ----a-w- c:\program files\DXSETUP.exe
2009-03-16 19:35 . 2009-03-16 19:35 94024 ----a-w- c:\program files\DSETUP.dll
.
<pre>
c:\program files (x86)\Java\jre1.6.0_03\bin\jusched .exe
c:\program files (x86)\QuickTime\QTTask .exe
c:\program files (x86)\QuickTime\QTTask .exe
c:\program files (x86)\QuickTime\QTTask .exe
c:\program files (x86)\Steam\steam .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"AROReminder"="c:\program files (x86)\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"Steam"="c:\program files (x86)\steam\steam.exe" [2011-01-02 37384]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask .exe -atboottime" [X]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_03\bin\jusched.exe" [N/A]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-30 231888]
c:\users\Ian Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 136176]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-06-11 35840]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Normandy;Normandy SR2; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-04-29 335288]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-12-04 1686528]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2008-06-09 459776]
.
Contents of the 'Scheduled Tasks' folder
2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 19:55]
2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 19:55]
2011-01-21 c:\windows\Tasks\User_Feed_Synchronization-{2B569909-EA70-4117-81A1-F0AA99D8121D}.job
- c:\windows\system32\msfeedssync.exe [2011-01-02 04:25]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 203288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 167448]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 16141344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 82464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://photos1.walmart.com/WalmartActivia3.cab
FF - ProfilePath - c:\users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/showthread.php?t=288
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-College Algebra (Fall 2008 Student Version) - c:\programdata\{5D3C5359-F33F-42F1-8622-B0965B17163F}\COL-Student-Setup.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-TubeDownloader - c:\program files (x86)\TubeDownloader\Uninstall.exe
AddRemove-BitTorrent DNA - c:\program files (x86)\DNA\btdna.exe
AddRemove-GeoGebra WebStart - c:\windows\system32\javaws.exe
AddRemove-PowerTeacher Gradebook - c:\windows\system32\javaws.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,ce,b1,6b,19,6e,d1,49,9c,38,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,ce,b1,6b,19,6e,d1,49,9c,38,11,\
[HKEY_USERS\S-1-5-21-2015652920-1189781164-2704344669-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:f2,29,d3,52,f6,70,cc,00
DUMPHIVE0.003 (REGF)
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\java.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
.
**************************************************************************
.
Completion time: 2011-01-21 09:44:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-21 15:44
Pre-Run: 379,619,356,672 bytes free
Post-Run: 380,106,809,344 bytes free
- - End Of File - - 922085C60354F7003F7290019134AFCA
now what can i do?
Combofix removed a ton of bad stuff, it also shows your infected with the Vundo File Infector, we are going to attempt to fix them , the ones that cant be fixed will have to be uninstalled and reinstalled
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above RenV::
RenV::
c:\program files (x86)\Java\jre1.6.0_03\bin\jusched .exe
c:\program files (x86)\QuickTime\QTTask .exe
c:\program files (x86)\QuickTime\QTTask .exe
c:\program files (x86)\QuickTime\QTTask .exe
c:\program files (x86)\Steam\steam .exe
Folder::
C:\32788R22FWJFW
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
i left it on wating for your reply and then it restarted and know it is "runing startup Repair" is running. i hit restore but what should i do?
Let it finish and we will go from there. Those programs in the blue code box are infected and maybe causing some problems
now my computer is not working at all....i let it Finish... now after the blue boot up screen where you can hit F8 the get in to safe mode.....there noting.....or should i just let it run....:confused:
WHAT SHOULD I DO?!?!?!?!?
Give it a few minutes to finish what its doing,
Then shut it down by using the power button, then restart it press F8 and at the menu use your arrow keys and go back up to LAST KNOWN GOOD CONFIGURATION
when i hit F8
LAST KNOWN GOOD CONFIGURATION is not an opptions
i have
launch startup repair
start windown normally
what should i do
:eek:i did the combo fix and here is the log:
ComboFix 11-01-20.04 - Ian Young 01/21/2011 15:02:44.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6495 [GMT -6:00]
Running from: c:\users\Ian Young\Saved Games\Desktop\ComboFix.exe
Command switches used :: c:\users\Ian Young\Saved Games\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\32788R22FWJFW
c:\32788r22fwjfw\EN-US\cmd.cfxxe.mui
c:\hp\KBD\KbdStub.EXE
c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
c:\program files (x86)\iTunes\iTunesHelper.exe
c:\program files (x86)\Java\jre1.6.0_03\bin\jusched.exe
c:\program files (x86)\QuickTime\QTTask.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\program files (x86)\whitesmoketoolbar
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\external.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\vmncode.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts\defscript.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\whitesmoketoolbar\components\windowmediator.js
c:\program files (x86)\whitesmoketoolbar\uninstall.exe
c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbar.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\System Tool
c:\programdata\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\programdata\V7IFM37E.exe
c:\programdata\vlc-1.0.0-win32.exe
c:\programdata\vlc-1.0.1-win32.exe
c:\programdata\vlc-1.0.3-win32.exe
c:\users\Ian Young\AppData\Roaming\Adobe\AdobeUpdate .exe
c:\users\Ian Young\AppData\Roaming\sdhkryu.bat
C:\whtsmk.exe
c:\windows\system32\FastUv32.dll
c:\windows\system32\jusched.exe
c:\windows\SysWow64\audition.dll
c:\windows\SysWow64\FastUv32.dll
c:\windows\SysWow64\jusched.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
<pre>
c:\hp\KBD\KbdStub .exe --->c:\hp\KBD\KbdStub.exe
c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl .exe --->c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe --->c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth .exe --->c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe --->c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
</pre>
.
.
((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.
2011-01-21 21:12 . 2011-01-21 21:12 -------- d-----w- c:\users\Ian Young\AppData\Local\temp
2011-01-21 21:12 . 2011-01-21 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-21 15:44 . 2011-01-21 16:27 -------- d-----w- c:\users\Ian Young\AppData\Local\Temp(21)
2011-01-20 22:10 . 2011-01-20 22:10 -------- d-----w- C:\_OTL
2011-01-17 14:47 . 2011-01-17 14:53 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-01-02 05:23 . 2011-01-02 05:23 -------- d-----w- c:\program files (x86)\ERUNT
2011-01-02 05:02 . 2010-11-02 06:29 660760 ----a-w- c:\program files\Internet Explorer\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 22:13 . 2010-11-11 15:15 0 ----a-w- c:\users\Ian Young\AppData\Local\Cmetuxeg.bin
2009-03-16 19:36 . 2009-03-16 19:36 1691464 ----a-w- c:\program files\dsetup32.dll
2009-03-16 19:35 . 2009-03-16 19:35 525128 ----a-w- c:\program files\DXSETUP.exe
2009-03-16 19:35 . 2009-03-16 19:35 94024 ----a-w- c:\program files\DSETUP.dll
.
<pre>
c:\program files (x86)\HP\HP Software Update\HPWuSchd2 .exe
c:\program files (x86)\iTunes\iTunesHelper .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"AROReminder"="c:\program files (x86)\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-20 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask .exe -atboottime" [X]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_03\bin\jusched.exe" [N/A]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [N/A]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-30 231888]
c:\users\Ian Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 136176]
R2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-06-11 35840]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Normandy;Normandy SR2; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-04-29 335288]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-12-04 1686528]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2008-06-09 459776]
.
Contents of the 'Scheduled Tasks' folder
2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 19:55]
2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 19:55]
2011-01-21 c:\windows\Tasks\User_Feed_Synchronization-{2B569909-EA70-4117-81A1-F0AA99D8121D}.job
- c:\windows\system32\msfeedssync.exe [2011-01-02 04:25]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 203288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 167448]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 16141344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 82464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://photos1.walmart.com/WalmartActivia3.cab
FF - ProfilePath - c:\users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/showthread.php?t=288
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,ce,b1,6b,19,6e,d1,49,9c,38,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,ce,b1,6b,19,6e,d1,49,9c,38,11,\
[HKEY_USERS\S-1-5-21-2015652920-1189781164-2704344669-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:f2,29,d3,52,f6,70,cc,00
DUMPHIVE0.003 (REGF)
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-01-21 15:14:09
ComboFix-quarantined-files.txt 2011-01-21 21:14
ComboFix2.txt 2011-01-21 15:44
Pre-Run: 379,807,338,496 bytes free
Post-Run: 379,759,349,760 bytes free
- - End Of File - - 2FF361540F76C7FFC8B1A169E24795C1
Hi,
Great, please understand that your system was heavily infected, this can cause all sorts of problems.
Hate to do this to you again but we need to run these through Combofix and see if it can repair them
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above RenV::
RenV::
C:\hp\KBD\KbdStub .exe
c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth .exe
c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe
c:\program files (x86)\HP\HP Software Update\HPWuSchd2 .exe
c:\program files (x86)\iTunes\iTunesHelper .exe
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
ComboFix 11-01-20.04 - Ian Young 01/21/2011 16:33:20.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6142 [GMT -6:00]
Running from: c:\users\Ian Young\Saved Games\Desktop\ComboFix.exe
Command switches used :: c:\users\Ian Young\Saved Games\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.
2011-01-21 22:37 . 2011-01-21 22:37 -------- d-----w- c:\users\Ian Young\AppData\Local\temp
2011-01-21 22:37 . 2011-01-21 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-21 15:44 . 2011-01-21 16:27 -------- d-----w- c:\users\Ian Young\AppData\Local\Temp(21)
2011-01-20 22:10 . 2011-01-20 22:10 -------- d-----w- C:\_OTL
2011-01-17 14:47 . 2011-01-17 14:53 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-01-02 05:23 . 2011-01-02 05:23 -------- d-----w- c:\program files (x86)\ERUNT
2011-01-02 05:02 . 2010-11-02 06:29 660760 ----a-w- c:\program files\Internet Explorer\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 22:13 . 2010-11-11 15:15 0 ----a-w- c:\users\Ian Young\AppData\Local\Cmetuxeg.bin
2009-03-16 19:36 . 2009-03-16 19:36 1691464 ----a-w- c:\program files\dsetup32.dll
2009-03-16 19:35 . 2009-03-16 19:35 525128 ----a-w- c:\program files\DXSETUP.exe
2009-03-16 19:35 . 2009-03-16 19:35 94024 ----a-w- c:\program files\DSETUP.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFre0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"AROReminder"="c:\program files (x86)\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-20 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask .exe -atboottime" [X]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-30 231888]
c:\users\Ian Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 136176]
R2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-06-11 35840]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Normandy;Normandy SR2; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-04-29 335288]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-12-04 1686528]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2008-06-09 459776]
.
Contents of the 'Scheduled Tasks' folder
2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 19:55]
2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 19:55]
2011-01-21 c:\windows\Tasks\User_Feed_Synchronization-{2B569909-EA70-4117-81A1-F0AA99D8121D}.job
- c:\windows\system32\msfeedssync.exe [2011-01-02 04:25]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 203288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 167448]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 16141344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 82464]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://photos1.walmart.com/WalmartActivia3.cab
FF - ProfilePath - c:\users\Ian Young\AppData\Roaming\Mozilla\Firefox\Profiles\ocaw0gfp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/showthread.php?t=288
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
.
- - - - ORPHANS REMOVED - - - -
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre1.6.0_03\bin\jusched.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,ce,b1,6b,19,6e,d1,49,9c,38,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,ce,b1,6b,19,6e,d1,49,9c,38,11,\
[HKEY_USERS\S-1-5-21-2015652920-1189781164-2704344669-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:f2,29,d3,52,f6,70,cc,00
DUMPHIVE0.003 (REGF)
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-01-21 16:39:18
ComboFix-quarantined-files.txt 2011-01-21 22:39
ComboFix2.txt 2011-01-21 21:14
ComboFix3.txt 2011-01-21 15:44
Pre-Run: 379,290,836,992 bytes free
Post-Run: 379,251,830,784 bytes free
- - End Of File - - C5F19E255FBA94FC7008359FD4A88C28
Looking good, the programs that where infected with the Vundo File Infector appear to have been fixed
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
Post the log and let me know how your system is behaving now ?
it took almost 2 hours...is that normal?
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=3a1f2b46add93a4ea85b0b0b9184ef6c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-22 02:26:24
# local_time=2011-01-21 08:26:24 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 56 5449766 132255665 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=311148
# found=44
# cleaned=44
# scan_time=6224
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_8_5p83tu.exe a variant of Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\whtsmk.exe.vir a variant of Win32/TrojanDownloader.Agent.QLI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\hp\KBD\KbdStub.EXE.vir a variant of Win32/Kryptik.JGL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe.vir a variant of Win32/Kryptik.JGL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe.vir a variant of Win32/Kryptik.JGL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe.vir a variant of Win32/Kryptik.JGL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe.vir a variant of Win32/Kryptik.JGL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe.vir a variant of Win32/Kryptik.JGL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\iTunes\iTunesHelper.exe.vir a variant of Win32/Kryptik.JGL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\QuickTime\QTTask.exe.vir a variant of Win32/Kryptik.JGL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\SysWOW64\audition.dll.vir a variant of Win32/Kryptik.ICS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\SysWOW64\FastUv32.dll.vir a variant of Win32/Wimpixo.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\CARSON 1\1\clean sheets endo.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\CARSON 1\1\Earshot - Headstrong.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\CARSON 1\1\feel ear shot.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\CARSON 1\1\rape otep.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\CARSON 1\1\remember us endo.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\CARSON 1\1\wait ear shot.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\CARSON 2\epidemic.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\CARSON 2\Pillar - Epidemic.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\CARSON 2\Shifty 250 - (03) The Covenant (we gone die) .mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\lime wire\8-9-08\Compilation - Ashes Divide - The stone.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\lime wire\8-9-08\them vs you.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\lime wire 7-18-08\another black day sexy girl has shaking orgasm during sex.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Music\Ian's Music\lime wire 7-18-08\i smell sex nirvana.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian Young\Vuze\.install4j\i4j_extf_8_5p83tu.exe a variant of Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\Installer\254ea809.msi a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\MSASCui.exe a variant of Win32/Kryptik.ICF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\pw.exe a variant of Win32/Kryptik.ICF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01202011_161052\C_Program Files (x86)\DNA\btdna.exe a variant of Win32/Kryptik.JGL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Vuze\.install4j\i4j_extf_8_5p83tu.exe a variant of Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\CARSON 1\1\clean sheets endo.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\CARSON 1\1\Earshot - Headstrong.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\CARSON 1\1\feel ear shot.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\CARSON 1\1\rape otep.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\CARSON 1\1\remember us endo.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\CARSON 1\1\wait ear shot.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\CARSON 2\epidemic.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\CARSON 2\Pillar - Epidemic.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\CARSON 2\Shifty 250 - (03) The Covenant (we gone die) .mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\lime wire\8-9-08\Compilation - Ashes Divide - The stone.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\lime wire\8-9-08\them vs you.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\lime wire 7-18-08\another black day sexy girl has shaking orgasm during sex.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
G:\Ian's Music\lime wire 7-18-08\i smell sex nirvana.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Hi,
I have seen ESET take a half hour and I have seen it take all day, depends on your system.
Most of what it found where back ups of what Combofix removed, we will address that in a bit.
It also found infected copies of music you downloaded , some illegally :sad:
You need to stay away from any File Sharing , your downloading that file from an unknown source, malware writers are in tune to this and using File Sharing to infect your computer.
Advanced Registry Optimizer <--You need to stay away from Registry Cleaners also unless your a windows expert and know exactly what there removing, even the better ones make mistakes at time. Remove unwanted items and you will see no difference in system performance, remove the wrong entry or entries and you can make your system unbootable. You can uninstall it via Programs and Features in the Control Panel.
How are things running now ?
:laugh:
my computer is running much better…thank you…..it boots up in under a min, the 20 windows that said something not working after it buts up are not there anymore, and the internet seems to be running much better….I have some external hard drives I back my computer up on, should I reformat those? it's been a few months since I moved stuff over. I'm taking your hints and staying away from peer to peer anything… is a site called Bear share peer to peer/legal? My fiancé is a dance teacher and needs to be able to down load music…I will wait for the CD…..what would you recommend
also I asked you to make me a believer in this site, and you have…I will recommend this site to everyone and expect some type of gift from me….thank you so much
Hi,
Bear Share in a P2P site, not recommended. Not to worry about Limewire, a judge shut them down a few months ago.
As far as your fiance needing music, you can download music legitimately, you can even download them from Walmart for a small cost
http://mp3.walmart.com/store/home
http://www.buy.com/dept/Music_CDs_/109.html
http://www.apple.com/itunes/affiliates/download/
If you can it would be a good idea to format the other external drives
Keep Java up to date
Download JavaRa (http://prm753.bchea.org/click/click.php?id=9) to your desktop and unzip it to its own folder
Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Open up OTL and click on Cleanup and it will remove the tools we used to clean your systems along with there back ups. Qoobox will be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.