PDA

View Full Version : click.giftload



saminblueridge
2011-05-19, 23:21
Hi,

I hope I've complied with all the instructions sufficiently.... Tried to follow them all! Thanks in advance for any assistance

the problem:

resources being used by srvhost.exe and bogging down computer
redirecting of web browser (firefox) in search engine (google)

things I've done:
run spybot s&d
run adaware
windows defender
running avira

looked at a lot of other things, using tools I've found, but haven't delved into trying to fix things other than by using the clean up feature of the utilities mentioned above.

dds log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Family at 16:09:21.73 on Thu 05/19/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.108 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1127877835\ee\AOLSoftware.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Microsoft\RATTV3\RATT.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Registry Mechanic\upgrade.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Family\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.intuit.com/support/quicken/survey/qknsurvey.html?lastarea=kb&kb=true&cs=yes&hc=false&ver=archive&phone=false&updates=false&chat=false&chatver=false
uInternet Settings,ProxyServer = 0.0.0.0:80
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} -
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: MasterCook Bar: {c92041c1-6d22-4069-ba0e-66246aa752b0} - c:\windows\system32\shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VTTimer] VTTimer.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.0\SetHook.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [HostManager] c:\program files\common files\aol\1127877835\ee\AOLSoftware.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [R8388QA8U8] c:\windows\temp\Dx0.exe
StartupFolder: c:\docume~1\family\startm~1\programs\startup\imstart.lnk - c:\program files\intermute\IMStart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ratt.lnk - c:\program files\microsoft\rattv3\RATT.exe
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: MasterCook: Select Image - c:\program files\mastercook 9\web\MCIEContext.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {E6EF5071-7647-4E85-9785-87B6CF5CB561} - {C92041C1-6D22-4069-BA0E-66246AA752B0} - c:\windows\system32\shdocvw.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.onlinegis.net/download/MgViewer6.0CAB/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119728275187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1119728048812
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Notify: igfxcui - igfxsrvc.dll
Notify: itlntfy - itlnfw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\family\applic~1\mozilla\firefox\profiles\9d9eo1sn.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - plugin: c:\documents and settings\family\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\family\application data\mozilla\firefox\profiles\9d9eo1sn.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-14 64512]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-9 11608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-4-29 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-9 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-9 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-9 56816]
S2 Ias;Network Security;c:\windows\system32\svchost.exe -k netsvcs [2004-4-29 14336]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-12-2 17792]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-12-2 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-12-2 21504]
.
=============== Created Last 30 ================
.
2011-05-16 21:01:22 -------- d-----w- C:\8b70df9cc4eccc2620a90a0c
2011-05-16 12:23:29 -------- d-----w- c:\docume~1\family\applic~1\Malwarebytes
2011-05-16 12:23:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 12:23:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-16 12:23:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-16 12:23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 00:00:28 -------- d-----w- c:\program files\X-Setup Pro
2011-05-15 03:16:13 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{379d10a3-9c0b-4c35-88e3-a1828708a61f}\mpengine.dll
2011-05-14 20:23:18 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-14 04:42:03 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-14 04:26:05 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-14 04:25:57 -------- d-----w- c:\program files\Lavasoft
2011-04-21 17:12:46 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-05-16 15:53:51 26112 ----a-w- c:\windows\system32\userinit.exe
2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120022A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A71C4D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7227f0]; MOV EAX, [0x8a72286c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A7ACAB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000065[0x8A7629E8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A734940]
\Driver\atapi[0x8A7B5370] -> IRP_MJ_CREATE -> 0x8A71C4D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A71C31B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16:12:30.14 ===============



Spybot S&D results



Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

Right Media: Tracking cookie (Internet Explorer: Family) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-07-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-05-09 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-05-09 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-05-10 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-05-11 Includes\TrojansC-04.sbi (*)
2011-05-11 Includes\TrojansC-05.sbi (*)
2011-05-11 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

ken545
2011-05-21, 04:13
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Besides Click. Giftload your infected with a nasty ROOTKIT






REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-




Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg




Then run this scan

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

saminblueridge
2011-05-21, 05:43
Created the Regfix file and merged it. Ran aswMBR

Here's a copy of the log from aswMBR:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-20 22:39:15
-----------------------------
22:39:15.872 OS Version: Windows 5.1.2600 Service Pack 3
22:39:15.872 Number of processors: 1 586 0xA00
22:39:15.872 ComputerName: COMPY UserName:
22:39:16.513 Initialize success
22:39:18.216 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b
22:39:18.232 Disk 0 Vendor: ST3120022A 8.01 Size: 114473MB BusType: 3
22:39:18.247 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000072
22:39:18.247 Disk 1 Vendor: Size: 114473MB BusType: 0
22:39:18.263 Disk 2 \Device\Harddisk2\DR4 -> \Device\00000073
22:39:18.279 Disk 2 Vendor: Size: 114473MB BusType: 0
22:39:18.294 Disk 3 \Device\Harddisk3\DR5 -> \Device\00000074
22:39:18.310 Disk 3 Vendor: Size: 114473MB BusType: 0
22:39:18.341 Device \Driver\atapi -> DriverStartIo 8a71c31b
22:39:20.357 Disk 0 MBR read successfully
22:39:20.372 Disk 0 MBR scan
22:39:20.388 Disk 0 TDL4@MBR code has been found
22:39:20.419 Disk 0 MBR hidden
22:39:20.435 Disk 0 MBR [TDL4] **ROOTKIT**
22:39:20.466 Disk 0 trace - called modules:
22:39:20.497 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a71c4d0]<<
22:39:20.513 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7acab8]
22:39:20.544 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a7629e8]
22:39:20.576 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a734940]
22:39:20.607 \Driver\atapi[0x8a7b5370] -> IRP_MJ_CREATE -> 0x8a71c4d0
22:39:20.638 Scan finished successfully
22:39:59.092 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Family\Desktop\MBR.dat"
22:39:59.123 The log file has been saved successfully to "C:\Documents and Settings\Family\Desktop\aswMBR.txt"

ken545
2011-05-21, 13:05
Good Morning


Re-Run aswMBR

Click Scan

On completion of the scan

Click Fix

http://public.avast.com/~gmerek/aswMBR3.png



Save the log as before and post in your next reply

saminblueridge
2011-05-21, 15:06
OK, I ran scan and just to be safe, saved a log after that ... before using "fix".... (probably not needed, but I have it if it is)

I ran fix and it said something about repairing the master boot record, but before I could do anything, the screen went black and then to the BSOD. I restarted the computer... during the restart, Avira came up with several trojans... I clicked OK when it defaulted to "deny access."

It's still doing that as I type this... occasionally popping up with another trojan... might be the same one repeatedly... not sure.

Anyway, I ran the scan on aswMBR again. Here are the results from that scan:

07:58:30.984 Disk 0 Vendor: ST3120022A 8.01 Size: 114473MB BusType: 3
07:58:31.000 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000071
07:58:31.015 Disk 1 Vendor: Size: 114473MB BusType: 0
07:58:31.031 Disk 2 \Device\Harddisk2\DR4 -> \Device\00000072
07:58:31.046 Disk 2 Vendor: Size: 114473MB BusType: 0
07:58:31.093 Disk 3 \Device\Harddisk3\DR5 -> \Device\00000073
07:58:31.109 Disk 3 Vendor: Size: 114473MB BusType: 0
07:58:33.156 Disk 0 MBR read successfully
07:58:33.171 Disk 0 MBR scan
07:58:33.187 Disk 0 unknown MBR code
07:58:35.203 Disk 0 scanning sectors +234420480
07:58:35.250 Disk 0 scanning C:\WINDOWS\system32\drivers
07:58:48.218 Service scanning
07:58:49.515 Disk 0 trace - called modules:
07:58:49.546 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
07:58:49.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7acab8]
07:58:49.593 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a8019e8]
07:58:49.625 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1b[0x8a732940]
07:58:49.656 Scan finished successfully
07:59:25.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Family\Desktop\MBR.dat"
07:59:25.343 The log file has been saved successfully to "C:\Documents and Settings\Family\Desktop\aswMBR3.txt"

ken545
2011-05-21, 15:21
Looks like the Rootkit is gone but to be on the safeside run this scan

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

saminblueridge
2011-05-21, 15:34
good morning again.

Ran TDS, nothing malicious found. Here's the log:
So we have been working on the rootkit.... gift.click next? I will be away from computer for an hour or so....


2011/05/21 08:30:04.0406 1908 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/21 08:30:04.0781 1908 ================================================================================
2011/05/21 08:30:04.0781 1908 SystemInfo:
2011/05/21 08:30:04.0781 1908
2011/05/21 08:30:04.0781 1908 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/21 08:30:04.0781 1908 Product type: Workstation
2011/05/21 08:30:04.0781 1908 ComputerName: COMPY
2011/05/21 08:30:04.0781 1908 UserName: Family
2011/05/21 08:30:04.0781 1908 Windows directory: C:\WINDOWS
2011/05/21 08:30:04.0781 1908 System windows directory: C:\WINDOWS
2011/05/21 08:30:04.0781 1908 Processor architecture: Intel x86
2011/05/21 08:30:04.0781 1908 Number of processors: 1
2011/05/21 08:30:04.0781 1908 Page size: 0x1000
2011/05/21 08:30:04.0781 1908 Boot type: Normal boot
2011/05/21 08:30:04.0781 1908 ================================================================================
2011/05/21 08:30:06.0125 1908 Initialize success
2011/05/21 08:30:12.0031 0956 ================================================================================
2011/05/21 08:30:12.0031 0956 Scan started
2011/05/21 08:30:12.0031 0956 Mode: Manual;
2011/05/21 08:30:12.0031 0956 ================================================================================
2011/05/21 08:30:14.0531 0956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/21 08:30:14.0718 0956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/21 08:30:15.0062 0956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/21 08:30:15.0218 0956 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/21 08:30:15.0468 0956 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/21 08:30:15.0796 0956 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/05/21 08:30:16.0203 0956 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/05/21 08:30:17.0250 0956 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/05/21 08:30:17.0625 0956 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/21 08:30:18.0140 0956 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/05/21 08:30:18.0578 0956 AR5211 (4c085d506129550e38fdf1611431b9ea) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/05/21 08:30:18.0765 0956 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/21 08:30:19.0609 0956 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/05/21 08:30:19.0906 0956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/21 08:30:20.0406 0956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/21 08:30:21.0640 0956 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
2011/05/21 08:30:22.0375 0956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/21 08:30:22.0890 0956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/21 08:30:23.0031 0956 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/21 08:30:23.0250 0956 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/21 08:30:23.0437 0956 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/21 08:30:23.0640 0956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/21 08:30:24.0218 0956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/21 08:30:24.0781 0956 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/21 08:30:26.0031 0956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/21 08:30:26.0578 0956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/21 08:30:26.0859 0956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/21 08:30:29.0125 0956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/21 08:30:29.0484 0956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/21 08:30:30.0109 0956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/21 08:30:31.0218 0956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/21 08:30:31.0687 0956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/21 08:30:32.0390 0956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/21 08:30:33.0078 0956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/21 08:30:33.0609 0956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/21 08:30:33.0828 0956 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2011/05/21 08:30:34.0062 0956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/21 08:30:34.0296 0956 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/05/21 08:30:34.0515 0956 FETNDISB (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2011/05/21 08:30:34.0718 0956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/21 08:30:34.0953 0956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/21 08:30:35.0140 0956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/21 08:30:35.0531 0956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/21 08:30:35.0750 0956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/21 08:30:36.0000 0956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/21 08:30:36.0218 0956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/21 08:30:36.0421 0956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/21 08:30:36.0593 0956 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/05/21 08:30:36.0859 0956 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/21 08:30:37.0406 0956 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/21 08:30:37.0859 0956 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/21 08:30:38.0218 0956 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/21 08:30:39.0156 0956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/21 08:30:40.0484 0956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/21 08:30:41.0187 0956 ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/21 08:30:42.0281 0956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/21 08:30:43.0015 0956 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/21 08:30:43.0187 0956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/21 08:30:43.0390 0956 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/21 08:30:43.0609 0956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/21 08:30:44.0703 0956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/21 08:30:45.0218 0956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/21 08:30:45.0671 0956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/21 08:30:46.0125 0956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/21 08:30:46.0484 0956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/21 08:30:46.0968 0956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/21 08:30:47.0578 0956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/21 08:30:47.0953 0956 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/05/21 08:30:48.0468 0956 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/05/21 08:30:49.0328 0956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/21 08:30:49.0859 0956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/21 08:30:50.0546 0956 motccgp (e5e1c5fe66694909509b8ce7043194e2) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/05/21 08:30:51.0171 0956 motccgpfl (aad6191a4daa519f04ab12b2af73e356) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/05/21 08:30:51.0578 0956 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/05/21 08:30:52.0375 0956 motport (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motport.sys
2011/05/21 08:30:53.0125 0956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/21 08:30:53.0828 0956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/21 08:30:54.0156 0956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/21 08:30:54.0500 0956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/21 08:30:54.0703 0956 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/21 08:30:54.0937 0956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/21 08:30:55.0281 0956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/21 08:30:55.0640 0956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/21 08:30:56.0015 0956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/21 08:30:56.0296 0956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/21 08:30:56.0671 0956 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/21 08:30:56.0953 0956 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/21 08:30:57.0328 0956 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/21 08:30:57.0656 0956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/21 08:30:57.0937 0956 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/21 08:30:58.0125 0956 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/21 08:30:58.0343 0956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/21 08:30:58.0625 0956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/21 08:30:58.0937 0956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/21 08:30:59.0218 0956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/21 08:30:59.0546 0956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/21 08:30:59.0968 0956 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/21 08:31:00.0500 0956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/21 08:31:01.0375 0956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/21 08:31:01.0890 0956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/21 08:31:02.0671 0956 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/21 08:31:03.0109 0956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/21 08:31:03.0296 0956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/21 08:31:03.0515 0956 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/21 08:31:03.0734 0956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/21 08:31:03.0937 0956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/21 08:31:04.0171 0956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/21 08:31:04.0390 0956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/21 08:31:04.0781 0956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/21 08:31:04.0968 0956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/21 08:31:06.0953 0956 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/05/21 08:31:07.0359 0956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/21 08:31:07.0625 0956 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/21 08:31:07.0875 0956 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/05/21 08:31:08.0187 0956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/21 08:31:08.0484 0956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/21 08:31:08.0765 0956 PxHelp20 (352cf968df88760fef225c3fbe7184a7) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/05/21 08:31:10.0531 0956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/21 08:31:10.0781 0956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/21 08:31:11.0109 0956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/21 08:31:11.0406 0956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/21 08:31:11.0687 0956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/21 08:31:11.0953 0956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/21 08:31:12.0140 0956 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/21 08:31:12.0328 0956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/21 08:31:12.0531 0956 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/21 08:31:12.0937 0956 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/05/21 08:31:13.0312 0956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/21 08:31:13.0765 0956 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/21 08:31:14.0140 0956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/21 08:31:14.0484 0956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/21 08:31:15.0031 0956 SiS315 (c10865ab0a1fd9f4ec7db70a1b8425d1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/05/21 08:31:15.0359 0956 SiSkp (837d26f79a1647066d75c5c811887475) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/05/21 08:31:15.0656 0956 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/21 08:31:16.0062 0956 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/21 08:31:16.0687 0956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/21 08:31:17.0156 0956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/21 08:31:17.0531 0956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/21 08:31:17.0812 0956 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/21 08:31:18.0078 0956 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/21 08:31:18.0265 0956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/21 08:31:18.0437 0956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/21 08:31:19.0640 0956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/21 08:31:20.0078 0956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/21 08:31:20.0437 0956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/21 08:31:20.0703 0956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/21 08:31:21.0046 0956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/21 08:31:21.0328 0956 tmcomm (0de65bb8cb3452f3043bae8dd0af09f0) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/05/21 08:31:21.0875 0956 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/05/21 08:31:22.0093 0956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/21 08:31:22.0687 0956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/21 08:31:23.0062 0956 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/21 08:31:23.0390 0956 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/21 08:31:23.0656 0956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/21 08:31:23.0953 0956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/21 08:31:24.0343 0956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/21 08:31:24.0671 0956 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/21 08:31:24.0968 0956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/21 08:31:25.0296 0956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/21 08:31:25.0640 0956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/21 08:31:26.0046 0956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/21 08:31:26.0343 0956 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/21 08:31:26.0625 0956 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/05/21 08:31:26.0890 0956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/21 08:31:27.0093 0956 viagfx (949f86f5a8e493574bbb830c3d18e4a9) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/05/21 08:31:27.0281 0956 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/21 08:31:27.0453 0956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/21 08:31:27.0859 0956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/21 08:31:28.0140 0956 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/05/21 08:31:28.0593 0956 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/21 08:31:29.0296 0956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/21 08:31:29.0906 0956 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/21 08:31:30.0218 0956 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/21 08:31:30.0515 0956 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/21 08:31:30.0937 0956 ================================================================================
2011/05/21 08:31:30.0937 0956 Scan finished
2011/05/21 08:31:30.0937 0956 ================================================================================

ken545
2011-05-21, 16:45
The reg fix that I posted in my first reply should have removed Click.Giftload, scan with Spybot and make sure its gone.



Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

saminblueridge
2011-05-21, 18:30
I reran spybot and it shows that gift.click is still there.

Was the restart the problem?

I'll get the malwarebytes run now... wanted to let you know the spybot s&d results asap.

Sam

Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

Right Media: Tracking cookie (Internet Explorer: Family) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-07-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-05-09 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-05-09 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-05-10 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-05-11 Includes\TrojansC-04.sbi (*)
2011-05-11 Includes\TrojansC-05.sbi (*)
2011-05-11 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

saminblueridge
2011-05-21, 19:12
I ran malwarebytes... As I read the log, I see that it will delete at least one of them on reboot. I'll post the log and then do that.

What next?

Here's the log from malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6634

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/21/2011 12:10:22 PM
mbam-log-2011-05-21 (12-10-22).txt

Scan type: Quick scan
Objects scanned: 183221
Time elapsed: 33 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\itlnfw32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlnfw32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\itlnfw32.dll (Trojan.Agent) -> Delete on reboot.

ken545
2011-05-21, 22:49
Lets do this

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

saminblueridge
2011-05-23, 16:02
It appears that everything is fixed now. I haven't seen the excessive usage of svchost.exe in a few days and the browser is no longer redirecting. I read some of the info on how to avoid getting these kinds of infections, but couldn't really pinpoint anything that had been done.

My daughter did move back from college at the beginning of the month and she and friends have been on the computer a lot, so it may be something they have done... not sure.

Thanks again for your help.

ken545
2011-05-23, 19:05
Your call but I would run OTL and let me take a final look

saminblueridge
2011-05-24, 00:36
I apologize... I didn't notice that we were up to a second page of posts and I thought you hadn't replied. I'll re-read your latest and run that as well. Sorry!

ken545
2011-05-24, 00:56
Sam,

Not a problem, where here to help you , not to hinder you, go ahead and run OTL and let me make sure there is nothing else to remove

saminblueridge
2011-05-24, 01:00
I'll put each of the files in the next two posts. During the scan, at one point, a box came up with a red circle and an X in it that said "Windows- No Disk" It also said Exception Processing Message and c0000013 Parameters 75b6bf7c 4 and then repeated the 75b6bf7c a few more times. It had buttons for cancel [/B[B]]try again and continue. Neither the continue or try again buttons did anything... just back to the box, so I hit cancel and then the scan continued.

One other comment... I noticed something about the Windows Image Acquisition service hanging in the extras.txt file. I had some trouble with LOOONG boot times and I think some networking problems as well... a year or more ago, and it seemed that the WIA service was causing the problems. I disabled this in startup... it hasn't seemed to create a problem being disabled since that time and everything seemed to be running right, but I did disable the service. Don't know it that info will help or not, but I thought I'd pass it along.

OTL.txt

OTL logfile created on: 5/23/2011 5:40:12 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.55% Memory free
2.51 Gb Paging File | 1.93 Gb Available in Paging File | 76.74% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.70 Gb Total Space | 53.60 Gb Free Space | 49.77% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.84 Gb Free Space | 20.57% Space Free | Partition Type: FAT32

Computer Name: COMPY | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Registry Mechanic\Upgrade.exe (PC Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\AOL\1127877835\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\AOL 9.1\shellmon.exe (AOL, LLC.)
PRC - C:\Program Files\AOL 9.1\waol.exe (AOL, LLC.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Microsoft\RATTV3\RATT.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Family\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\X-Setup Pro\bin\MSScript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (itlperf) -- File not found
SRV - (Ias) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (6to4) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtaa) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "http://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/23 08:58:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 19:21:50 | 000,000,000 | ---D | M]

[2008/09/06 19:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Extensions
[2011/05/20 22:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\9d9eo1sn.default\extensions
[2011/01/06 13:40:03 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\9d9eo1sn.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 11:28:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\9d9eo1sn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/20 22:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/04 20:21:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/15 23:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2010/06/04 20:20:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/07/03 19:40:33 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127877835\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [R8388QA8U8] File not found
O4 - HKU\S-1-5-18..\Run: [R8388QA8U8] File not found
O4 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RATT.lnk = C:\Program Files\Microsoft\RATTV3\RATT.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\IMStart.lnk = C:\Program Files\InterMute\IMStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add To Compaq Organize... - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\core.hp.main\SendTo.html ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.onlinegis.net/download/MgViewer6.0CAB/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119728275187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1119728048812 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/29 19:21:42 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/04/02 04:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2ea44ad2-e1cc-11df-a46a-00038a000015}\Shell\AutoRun\command - "" = H:\rcaDVM_setup.exe
O33 - MountPoints2\{2ea44ad2-e1cc-11df-a46a-00038a000015}\Shell\install\command - "" = H:\rcaDVM_setup.exe
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\AutoRun\command - "" = I:\Autorun.exe /run
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\Shell00\Command - "" = I:\Autorun.exe /run
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\Shell01\Command - "" = I:\Autorun.exe /action
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\Shell02\Command - "" = I:\Autorun.exe /uninstall
O33 - MountPoints2\{a99649a4-4f0c-11de-a350-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{a99649a4-4f0c-11de-a350-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a99649a4-4f0c-11de-a350-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 17:36:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/05/22 22:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/05/21 11:35:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/21 11:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/21 11:35:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/21 11:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/21 08:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\tdsskiller
[2011/05/20 22:37:55 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Family\Desktop\aswMBR.exe
[2011/05/16 21:12:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/16 21:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/16 21:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/16 17:01:22 | 000,000,000 | ---D | C] -- C:\8b70df9cc4eccc2620a90a0c
[2011/05/16 11:23:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Family\Recent
[2011/05/16 08:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\Malwarebytes
[2011/05/16 08:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/16 00:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/15 23:28:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/15 23:28:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/15 23:28:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/15 20:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\X-Setup Pro
[2011/05/15 18:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/05/15 17:46:34 | 008,588,616 | ---- | C] (Mozilla) -- C:\Documents and Settings\Family\Desktop\Firefox.exe
[2011/05/15 09:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/05/14 21:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\iPad
[2011/05/14 20:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\IFR PILOT CLUB
[2011/05/14 00:42:03 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/14 00:26:05 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/05/14 00:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/05/14 00:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/05/14 00:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/05/12 20:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/12 12:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/12 12:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/05/12 12:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/11 18:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/11 17:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/11 17:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/05/23 17:36:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/05/23 17:31:08 | 000,001,491 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/05/23 03:08:48 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/23 03:08:44 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/23 03:08:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/23 03:08:28 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/23 03:07:32 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/23 03:05:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 03:19:01 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2011/05/21 11:35:06 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/21 07:59:25 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\MBR.dat
[2011/05/21 07:30:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/20 22:38:14 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Family\Desktop\aswMBR.exe
[2011/05/20 22:37:10 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Regfix.reg
[2011/05/20 14:56:26 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Homeschool Tracker Plus.lnk
[2011/05/17 00:29:01 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/17 00:29:01 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/16 21:16:37 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\dds.scr
[2011/05/16 21:12:09 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\ERUNT.lnk
[2011/05/15 22:34:22 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2011/05/15 18:27:19 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/15 17:54:13 | 000,101,606 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\setup.jpg
[2011/05/15 17:47:30 | 008,588,616 | ---- | M] (Mozilla) -- C:\Documents and Settings\Family\Desktop\Firefox.exe
[2011/05/14 23:23:28 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/14 22:45:39 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2011/05/14 00:42:02 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/14 00:42:00 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/05/09 16:57:48 | 000,437,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/09 16:57:48 | 000,069,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/05 22:07:03 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
[2011/05/05 12:21:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/05/21 11:35:06 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 22:39:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\MBR.dat
[2011/05/20 22:37:10 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\Regfix.reg
[2011/05/17 00:29:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/17 00:29:01 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/16 21:16:21 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\dds.scr
[2011/05/16 21:12:09 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\ERUNT.lnk
[2011/05/15 20:00:42 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\X-Setup Pro.lnk
[2011/05/15 18:27:19 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/15 17:54:12 | 000,101,606 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\setup.jpg
[2011/05/14 23:23:28 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/14 16:23:18 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/05/14 00:26:57 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/11 17:54:15 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 17:07:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2011/03/18 11:33:28 | 000,294,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/06 14:02:47 | 000,123,780 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/09 16:46:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVM.INI
[2010/10/17 22:56:46 | 000,000,785 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2009/09/27 17:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/07/08 18:17:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/02/28 20:49:53 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2009/02/28 20:49:53 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2009/02/28 20:49:53 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2009/02/23 10:05:22 | 000,003,588 | ---- | C] () -- C:\WINDOWS\Eq98.ini
[2009/01/05 18:52:12 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\$_hpcst$.hpc
[2008/11/24 14:29:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\JSUMUpdater.ini
[2008/10/16 07:17:09 | 000,000,053 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/15 19:40:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/12/25 17:07:45 | 000,001,087 | ---- | C] () -- C:\WINDOWS\UnitConverter.INI
[2007/09/10 15:45:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\notepad.INI
[2007/03/14 16:00:23 | 000,001,092 | ---- | C] () -- C:\WINDOWS\UnitConverter[1].INI
[2007/03/14 15:43:20 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll
[2007/03/14 15:43:20 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll
[2007/03/14 15:43:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll
[2007/03/14 15:43:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll
[2007/03/14 15:43:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll
[2007/03/14 15:43:19 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll
[2007/03/14 15:43:19 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll
[2007/03/14 15:43:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll
[2007/03/14 15:43:19 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll
[2007/03/14 15:43:19 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll
[2007/03/14 15:43:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll
[2007/03/14 15:43:19 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll
[2007/03/14 15:43:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll
[2007/03/14 15:43:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll
[2007/03/14 15:43:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll
[2007/03/14 15:43:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll
[2007/03/14 15:43:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll
[2007/03/14 15:43:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll
[2007/03/14 15:43:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll
[2007/03/14 15:43:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll
[2007/03/14 15:43:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll
[2007/03/06 00:28:04 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/03/02 16:03:22 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/08 13:25:26 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/02/27 21:07:25 | 000,000,015 | ---- | C] () -- C:\WINDOWS\ACROEXCH.ini
[2005/09/27 12:23:32 | 000,000,496 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/06/03 21:31:33 | 000,000,362 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2005/04/26 18:12:11 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2005/04/26 18:12:11 | 000,029,567 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2005/02/22 13:58:29 | 000,000,132 | ---- | C] () -- C:\WINDOWS\mediachk.ini
[2005/02/22 13:58:29 | 000,000,040 | ---- | C] () -- C:\WINDOWS\sndcheck.ini
[2005/02/22 13:56:37 | 000,000,550 | ---- | C] () -- C:\WINDOWS\MCOMPOS.INI
[2005/02/22 13:56:37 | 000,000,474 | ---- | C] () -- C:\WINDOWS\MHISTORY.INI
[2005/02/19 21:13:01 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2005/02/12 17:36:40 | 000,000,298 | ---- | C] () -- C:\WINDOWS\pib.ini
[2005/01/04 14:44:39 | 000,000,723 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/12/15 13:44:43 | 000,000,026 | ---- | C] () -- C:\WINDOWS\wb00d1se.INI
[2004/11/24 23:31:45 | 000,000,505 | ---- | C] () -- C:\WINDOWS\label.ini
[2004/11/24 23:31:44 | 000,219,168 | ---- | C] () -- C:\WINDOWS\IMGMAN2.DLL
[2004/11/22 19:51:06 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/22 19:40:28 | 000,000,625 | ---- | C] () -- C:\WINDOWS\QAWRITE.INI
[2004/11/22 19:40:05 | 000,000,289 | ---- | C] () -- C:\WINDOWS\QAWIN.INI
[2004/11/22 10:57:51 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ahd3.ini
[2004/11/18 10:10:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/18 10:10:25 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/11/12 20:04:22 | 000,000,097 | ---- | C] () -- C:\WINDOWS\MSINSTR.INI
[2004/11/12 20:04:21 | 000,011,264 | ---- | C] () -- C:\WINDOWS\CATSTUB.EXE
[2004/11/06 12:49:11 | 000,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/10/19 15:54:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2004/10/15 23:03:51 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2004/10/15 07:44:03 | 000,001,491 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/10/15 07:44:00 | 000,005,776 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2004/10/14 10:05:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QFNONL.ini
[2004/10/14 10:05:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/10/14 10:05:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/10/14 09:56:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/10/14 09:54:05 | 000,000,666 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/10/13 21:14:42 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/04/29 19:03:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/04/29 19:03:10 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/04/29 19:02:18 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/04/29 19:02:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/29 17:06:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/04/29 17:06:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/04/29 17:06:39 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/04/29 17:06:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/04/29 17:06:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/03 04:18:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/03 03:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/03 03:36:39 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 20:19:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/04/02 20:18:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/04/02 20:18:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/04/02 20:15:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/02 20:03:59 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66L.exe
[2004/04/02 20:00:40 | 000,027,752 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/02 20:00:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/02 06:01:01 | 000,000,996 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 05:14:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/02 05:08:00 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/04/02 05:04:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/04/02 05:04:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/04/02 05:04:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/04/02 04:43:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 04:34:53 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/02 04:34:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/02 04:34:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/02 04:08:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/02 04:05:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/04/02 04:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/04/02 02:52:53 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/02 02:52:18 | 000,437,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/04/02 02:52:18 | 000,069,352 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/04/01 19:57:08 | 000,005,652 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/04/01 19:56:18 | 000,567,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2004/01/24 03:33:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/08/12 12:59:04 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\zip.exe
[2003/08/12 12:58:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/08/12 12:58:32 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/08/12 12:58:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/08/12 12:58:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/27 13:27:14 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1997/11/11 02:00:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/06/27 13:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2004/10/15 22:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2004/10/15 22:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/12/11 17:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/12 22:12:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/31 13:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2004/12/21 11:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2008/12/03 22:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2011/05/23 03:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/17 00:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TGHomesoft
[2009/07/10 07:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/08 12:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2004/04/02 21:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2009/01/23 20:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Autodesk
[2009/10/09 16:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Canon
[2011/05/14 21:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Facebook
[2011/01/06 13:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\GARMIN
[2010/12/16 14:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Gleim
[2005/09/15 19:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\InterVideo
[2009/07/26 22:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\IObit
[2004/10/15 20:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Leadertech
[2009/05/05 12:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Publish Providers
[2004/04/02 21:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\SampleView
[2009/01/05 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Smith Micro
[2009/05/05 12:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Sony
[2009/05/05 08:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Sony Setup
[2007/03/12 00:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Viewpoint
[2004/04/02 21:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2011/05/23 03:07:32 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/22 03:19:01 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2011/05/23 03:08:28 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

saminblueridge
2011-05-24, 01:02
Extras.Txt

OTL Extras logfile created on: 5/23/2011 5:40:12 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.55% Memory free
2.51 Gb Paging File | 1.93 Gb Available in Paging File | 76.74% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.70 Gb Total Space | 53.60 Gb Free Space | 49.77% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.84 Gb Free Space | 20.57% Space Free | Partition Type: FAT32

Computer Name: COMPY | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\RingtoneExpress\RingtoneExpress.exe" = C:\Program Files\RingtoneExpress\RingtoneExpress.exe:*:Enabled:RingtoneExpress

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe" = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Enabled:BackWeb-1940576 -- (Hewlett-Packard)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1127877835\ee\AOLHostManager.exe" = C:\Program Files\Common Files\AOL\1127877835\ee\AOLHostManager.exe:*:Enabled:AOLHostManager -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\AOL\1127877835\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1127877835\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1127877835\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1127877835\ee\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
"{2C78229E-69AE-4BE4-8C31-99183EAF2E67}" = e-Sword
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3DD1FE66-5536-41E3-B786-70068887B3F4}" = The Print Shop 12
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51563D56-0EB4-428E-846C-A29E0CD4467D}" = Homeschool Tracker Plus
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75CDF2CA-5F89-4BC8-9556-CF70782CBD17}" = Motorola Phone Tools
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{79F86C69-2B17-4368-9234-472A23639E16}" = Ad-Aware
"{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{BF0F5955-FC76-4F85-A13D-C9A8A9A5E067}" = iLumina Bible
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C276708C-8773-48FF-B9D3-2CF797C6DB12}" = Homeschool Tracker Plus
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C59E019B-0952-4B72-A382-68A72224F88F}" = GNS400W-500W Trainer
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D0F6C165-7D23-4AC5-ACF2-0211C6A3BF64}" = ZIP Reader 8.00.0010
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Akamai" = Akamai NetSession Interface
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"AVIConverter" = AVIConverter 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BackWeb-1940576 Uninstaller" = Compaq Connections
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner (remove only)
"Cessna NAVIII G1000 Trainer v8.20" = Cessna NAVIII G1000 Trainer v8.20
"CleanUp!" = CleanUp!
"comcastDD" = Desktop Doctor
"Destination Direct" = Destination Direct
"DTC DUAT" = DTC DUAT
"DVDPe 2.3_is1" = DVDPe 2.3
"Encyclopaedia Britannica 2005 Deluxe Edition CD-ROM" = Encyclopaedia Britannica 2005 Deluxe Edition CD-ROM
"EQ4" = EQ4
"ERUNT_is1" = ERUNT 1.1j
"FAATPWSUEW411" = Gleim FAA Test Prep 4.11 WebDeploy
"GARMIN 500 Series Trainer" = GARMIN 500 Series Trainer
"History Explorer" = History Explorer
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library
"InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"Java Media Framework 2.1.1c" = Java Media Framework 2.1.1c
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Peterson North American Birds" = Peterson North American Birds
"Quicken Basic 98" = Quicken Basic 98
"RATTV3" = Microsoft Corporation RATTV3
"Registry Mechanic_is1" = Registry Mechanic 8.0
"S3" = VIA/S3G Display Driver
"ServiWin" = ServiWin
"Shockwave" = Shockwave
"Smart Defrag_is1" = Smart Defrag 1.20
"TurboTax 2010" = TurboTax 2010
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"xqdcXSP_is1" = Xteq-dotec X-Setup Pro 6.6.300.Final1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2011 8:12:59 AM | Computer Name = COMPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/16/2011 9:20:11 PM | Computer Name = COMPY | Source = CSWA | ID = 3
Description =

Error - 5/19/2011 4:14:12 PM | Computer Name = COMPY | Source = CSWA | ID = 3
Description =

Error - 5/20/2011 10:31:34 PM | Computer Name = COMPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/20/2011 10:31:34 PM | Computer Name = COMPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/20/2011 10:39:12 PM | Computer Name = COMPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/20/2011 10:39:12 PM | Computer Name = COMPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/21/2011 12:38:19 AM | Computer Name = COMPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/21/2011 12:38:19 AM | Computer Name = COMPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/21/2011 10:39:49 PM | Computer Name = COMPY | Source = CSWA | ID = 3
Description =

[ System Events ]
Error - 5/21/2011 12:14:39 PM | Computer Name = COMPY | Source = Service Control Manager | ID = 7000
Description = The WebClient service failed to start due to the following error:
%%1290

Error - 5/21/2011 12:14:39 PM | Computer Name = COMPY | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 5/21/2011 12:14:39 PM | Computer Name = COMPY | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 5/21/2011 12:14:39 PM | Computer Name = COMPY | Source = Service Control Manager | ID = 7023
Description = The Intel CPU service terminated with the following error: %%126

Error - 5/21/2011 12:14:55 PM | Computer Name = COMPY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
fasttx2k IntelIde

Error - 5/23/2011 3:05:41 AM | Computer Name = COMPY | Source = Service Control Manager | ID = 7000
Description = The WebClient service failed to start due to the following error:
%%1290

Error - 5/23/2011 3:05:41 AM | Computer Name = COMPY | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 5/23/2011 3:05:41 AM | Computer Name = COMPY | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 5/23/2011 3:05:41 AM | Computer Name = COMPY | Source = Service Control Manager | ID = 7023
Description = The Intel CPU service terminated with the following error: %%126

Error - 5/23/2011 3:07:18 AM | Computer Name = COMPY | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.


< End of report >

ken545
2011-05-24, 01:44
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe







Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
SRV - (itlperf) -- File not found
SRV - (Ias) -- File not found
O4 - HKU\.DEFAULT..\Run: [R8388QA8U8] File not found
O4 - HKU\S-1-5-18..\Run: [R8388QA8U8] File not found


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

saminblueridge
2011-05-24, 05:24
Here's the log... running the scan again now:

All processes killed
========== PROCESSES ==========
========== OTL ==========
Service itlperf stopped successfully!
Service itlperf deleted successfully!
File File not found not found.
Service Ias stopped successfully!
Service Ias deleted successfully!
File File not found not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\R8388QA8U8 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\R8388QA8U8 not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\Family\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Family\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Belkin
IP Address. . . . . . . . . . . . : 192.168.2.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
C:\Documents and Settings\Family\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Family\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Family\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Family\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 35 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Family
->Temp folder emptied: 1583891 bytes
->Temporary Internet Files folder emptied: 61291985 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98032525 bytes
->Flash cache emptied: 7462 bytes

User: LocalService
->Temp folder emptied: 448 bytes
->Temporary Internet Files folder emptied: 13207345 bytes
->Java cache emptied: 836 bytes
->Flash cache emptied: 18907 bytes

User: NetworkService
->Temp folder emptied: 10272 bytes
->Temporary Internet Files folder emptied: 320420132 bytes
->Java cache emptied: 2273 bytes
->Flash cache emptied: 38254 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 300 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 631018 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23938404 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 402 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 495.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05232011_221008

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_758.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat not found!

Registry entries deleted on Reboot...

ken545
2011-05-24, 11:15
:bigthumb:

Everything running ok ?

saminblueridge
2011-05-24, 14:18
I had already downloaded and ran ERUNT before starting this, as part of the "before you post" instructions, so I just ran it again before starting this latest procdure.

When I ran the scan again after posting the "fix" log, it stopped and gave that box with all the numbers again. It took several times of hitting several buttons before it continued with the scan.

Also, since I had just re-booted, a few windows opened up on their own during the scan... things that bug me during reboot, like Compaq connections and such. Hope that didn't throw things off.

Here's the log from the latest scan:

OTL logfile created on: 5/23/2011 10:25:48 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.47% Memory free
2.51 Gb Paging File | 1.94 Gb Available in Paging File | 77.48% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.70 Gb Total Space | 54.10 Gb Free Space | 50.23% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.84 Gb Free Space | 20.57% Space Free | Partition Type: FAT32

Computer Name: COMPY | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\AOL\1127877835\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\AOL 9.1\shellmon.exe (AOL, LLC.)
PRC - C:\Program Files\AOL 9.1\waol.exe (AOL, LLC.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Microsoft\RATTV3\RATT.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Family\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\AOL\ACS\WLHook.dll (America Online)
MOD - C:\Program Files\X-Setup Pro\bin\MSScript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (6to4) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtaa) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "http://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/23 08:58:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 19:21:50 | 000,000,000 | ---D | M]

[2008/09/06 19:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Extensions
[2011/05/23 18:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\9d9eo1sn.default\extensions
[2011/01/06 13:40:03 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\9d9eo1sn.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 11:28:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\9d9eo1sn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/23 18:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/04 20:21:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/15 23:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2010/06/04 20:20:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/07/03 19:40:33 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2011/05/23 22:10:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127877835\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RATT.lnk = C:\Program Files\Microsoft\RATTV3\RATT.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\IMStart.lnk = C:\Program Files\InterMute\IMStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add To Compaq Organize... - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\core.hp.main\SendTo.html ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.onlinegis.net/download/MgViewer6.0CAB/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119728275187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1119728048812 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/29 19:21:42 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/04/02 04:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2ea44ad2-e1cc-11df-a46a-00038a000015}\Shell\AutoRun\command - "" = H:\rcaDVM_setup.exe
O33 - MountPoints2\{2ea44ad2-e1cc-11df-a46a-00038a000015}\Shell\install\command - "" = H:\rcaDVM_setup.exe
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\AutoRun\command - "" = I:\Autorun.exe /run
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\Shell00\Command - "" = I:\Autorun.exe /run
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\Shell01\Command - "" = I:\Autorun.exe /action
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\Shell02\Command - "" = I:\Autorun.exe /uninstall
O33 - MountPoints2\{a99649a4-4f0c-11de-a350-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{a99649a4-4f0c-11de-a350-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a99649a4-4f0c-11de-a350-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 22:10:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/23 17:36:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/05/22 22:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/05/21 11:35:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/21 11:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/21 11:35:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/21 11:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/21 08:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\tdsskiller
[2011/05/20 22:37:55 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Family\Desktop\aswMBR.exe
[2011/05/16 21:12:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/16 21:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/16 21:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/16 17:01:22 | 000,000,000 | ---D | C] -- C:\8b70df9cc4eccc2620a90a0c
[2011/05/16 11:23:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Family\Recent
[2011/05/16 08:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\Malwarebytes
[2011/05/16 08:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/16 00:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/15 23:28:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/15 23:28:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/15 23:28:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/15 20:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\X-Setup Pro
[2011/05/15 18:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/05/15 17:46:34 | 008,588,616 | ---- | C] (Mozilla) -- C:\Documents and Settings\Family\Desktop\Firefox.exe
[2011/05/15 09:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/05/14 21:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\iPad
[2011/05/14 20:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\IFR PILOT CLUB
[2011/05/14 00:42:03 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/14 00:26:05 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/05/14 00:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/05/14 00:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/05/14 00:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/05/12 20:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/12 12:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/12 12:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/05/12 12:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/11 18:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/11 17:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/11 17:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/05/23 22:20:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/23 22:20:07 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/23 22:20:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/23 22:20:03 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/23 22:19:27 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/23 22:17:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/23 22:10:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/23 17:36:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/05/23 17:31:08 | 000,001,491 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/05/22 03:19:01 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2011/05/21 11:35:06 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/21 07:59:25 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\MBR.dat
[2011/05/21 07:30:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/20 22:38:14 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Family\Desktop\aswMBR.exe
[2011/05/20 22:37:10 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Regfix.reg
[2011/05/20 14:56:26 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Homeschool Tracker Plus.lnk
[2011/05/17 00:29:01 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/17 00:29:01 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/16 21:16:37 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\dds.scr
[2011/05/16 21:12:09 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\ERUNT.lnk
[2011/05/15 22:34:22 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2011/05/15 18:27:19 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/15 17:54:13 | 000,101,606 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\setup.jpg
[2011/05/15 17:47:30 | 008,588,616 | ---- | M] (Mozilla) -- C:\Documents and Settings\Family\Desktop\Firefox.exe
[2011/05/14 23:23:28 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/14 22:45:39 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2011/05/14 00:42:02 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/14 00:42:00 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/05/09 16:57:48 | 000,437,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/09 16:57:48 | 000,069,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/05 22:07:03 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
[2011/05/05 12:21:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/05/21 11:35:06 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 22:39:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\MBR.dat
[2011/05/20 22:37:10 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\Regfix.reg
[2011/05/17 00:29:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/17 00:29:01 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/16 21:16:21 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\dds.scr
[2011/05/16 21:12:09 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\ERUNT.lnk
[2011/05/15 20:00:42 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\X-Setup Pro.lnk
[2011/05/15 18:27:19 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/15 17:54:12 | 000,101,606 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\setup.jpg
[2011/05/14 23:23:28 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/14 16:23:18 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/05/14 00:26:57 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/11 17:54:15 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 17:07:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2011/03/18 11:33:28 | 000,294,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/06 14:02:47 | 000,123,780 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/09 16:46:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVM.INI
[2010/10/17 22:56:46 | 000,000,785 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2009/09/27 17:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/07/08 18:17:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/02/28 20:49:53 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2009/02/28 20:49:53 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2009/02/28 20:49:53 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2009/02/23 10:05:22 | 000,003,588 | ---- | C] () -- C:\WINDOWS\Eq98.ini
[2009/01/05 18:52:12 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\$_hpcst$.hpc
[2008/11/24 14:29:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\JSUMUpdater.ini
[2008/10/16 07:17:09 | 000,000,053 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/15 19:40:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/12/25 17:07:45 | 000,001,087 | ---- | C] () -- C:\WINDOWS\UnitConverter.INI
[2007/09/10 15:45:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\notepad.INI
[2007/03/14 16:00:23 | 000,001,092 | ---- | C] () -- C:\WINDOWS\UnitConverter[1].INI
[2007/03/14 15:43:20 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll
[2007/03/14 15:43:20 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll
[2007/03/14 15:43:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll
[2007/03/14 15:43:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll
[2007/03/14 15:43:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll
[2007/03/14 15:43:19 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll
[2007/03/14 15:43:19 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll
[2007/03/14 15:43:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll
[2007/03/14 15:43:19 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll
[2007/03/14 15:43:19 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll
[2007/03/14 15:43:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll
[2007/03/14 15:43:19 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll
[2007/03/14 15:43:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll
[2007/03/14 15:43:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll
[2007/03/14 15:43:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll
[2007/03/14 15:43:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll
[2007/03/14 15:43:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll
[2007/03/14 15:43:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll
[2007/03/14 15:43:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll
[2007/03/14 15:43:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll
[2007/03/14 15:43:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll
[2007/03/06 00:28:04 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/03/02 16:03:22 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/08 13:25:26 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/02/27 21:07:25 | 000,000,015 | ---- | C] () -- C:\WINDOWS\ACROEXCH.ini
[2005/09/27 12:23:32 | 000,000,496 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/06/03 21:31:33 | 000,000,362 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2005/04/26 18:12:11 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2005/04/26 18:12:11 | 000,029,567 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2005/02/22 13:58:29 | 000,000,132 | ---- | C] () -- C:\WINDOWS\mediachk.ini
[2005/02/22 13:58:29 | 000,000,040 | ---- | C] () -- C:\WINDOWS\sndcheck.ini
[2005/02/22 13:56:37 | 000,000,550 | ---- | C] () -- C:\WINDOWS\MCOMPOS.INI
[2005/02/22 13:56:37 | 000,000,474 | ---- | C] () -- C:\WINDOWS\MHISTORY.INI
[2005/02/19 21:13:01 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2005/02/12 17:36:40 | 000,000,298 | ---- | C] () -- C:\WINDOWS\pib.ini
[2005/01/04 14:44:39 | 000,000,723 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/12/15 13:44:43 | 000,000,026 | ---- | C] () -- C:\WINDOWS\wb00d1se.INI
[2004/11/24 23:31:45 | 000,000,505 | ---- | C] () -- C:\WINDOWS\label.ini
[2004/11/24 23:31:44 | 000,219,168 | ---- | C] () -- C:\WINDOWS\IMGMAN2.DLL
[2004/11/22 19:51:06 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/22 19:40:28 | 000,000,625 | ---- | C] () -- C:\WINDOWS\QAWRITE.INI
[2004/11/22 19:40:05 | 000,000,289 | ---- | C] () -- C:\WINDOWS\QAWIN.INI
[2004/11/22 10:57:51 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ahd3.ini
[2004/11/18 10:10:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/18 10:10:25 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/11/12 20:04:22 | 000,000,097 | ---- | C] () -- C:\WINDOWS\MSINSTR.INI
[2004/11/12 20:04:21 | 000,011,264 | ---- | C] () -- C:\WINDOWS\CATSTUB.EXE
[2004/11/06 12:49:11 | 000,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/10/19 15:54:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2004/10/15 23:03:51 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2004/10/15 07:44:03 | 000,001,491 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/10/15 07:44:00 | 000,005,776 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2004/10/14 10:05:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QFNONL.ini
[2004/10/14 10:05:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/10/14 10:05:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/10/14 09:56:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/10/14 09:54:05 | 000,000,666 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/10/13 21:14:42 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/04/29 19:03:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/04/29 19:03:10 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/04/29 19:02:18 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/04/29 19:02:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/29 17:06:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/04/29 17:06:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/04/29 17:06:39 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/04/29 17:06:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/04/29 17:06:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/03 04:18:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/03 03:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/03 03:36:39 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 20:19:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/04/02 20:18:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/04/02 20:18:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/04/02 20:15:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/02 20:03:59 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66L.exe
[2004/04/02 20:00:40 | 000,027,752 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/02 20:00:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/02 06:01:01 | 000,000,996 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 05:14:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/02 05:08:00 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/04/02 05:04:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/04/02 05:04:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/04/02 05:04:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/04/02 04:43:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 04:34:53 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/02 04:34:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/02 04:34:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/02 04:08:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/02 04:05:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/04/02 04:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/04/02 02:52:53 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/02 02:52:18 | 000,437,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/04/02 02:52:18 | 000,069,352 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/04/01 19:57:08 | 000,005,652 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/04/01 19:56:18 | 000,567,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2004/01/24 03:33:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/08/12 12:59:04 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\zip.exe
[2003/08/12 12:58:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/08/12 12:58:32 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/08/12 12:58:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/08/12 12:58:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/27 13:27:14 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1997/11/11 02:00:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

saminblueridge
2011-05-24, 14:24
Oh, and yes, everything seems to be running fine. I know you don't have time for a tutorial, since you are busy helping others, but I'm curious to understand more in the logs I'm reading and to really understand more of what we are doing. Any good, clear explanations on the web?

ken545
2011-05-24, 19:38
Well, kind of hard to explain it all, i have about 8 years of this in my head. If you look at the initial DDS log you posted , at the bottom under ROOTKIT, that pretty much told me what them main problem was. After awhile you can sort of pick out the bad files and they may lead you to another infection that has to be dealt with. All the info I have are on the malware forums and there not accessible to the public, reason being is the bad guys read these forums to see what we are up to in the cleaning and then try to throw a monkey wrench into it, its a never ending game of cat and mouse.


Lets update your Java to make your system more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 25, if not proceed with the instructions.

Download the latest version Here (http://java.sun.com/javase/downloads/index.jsp) save it, do not install it yet.

Java SE Runtime Environment (JRE)JRE 6 Update 25 <--The wording is confusing but this is what you need


Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version

You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)




System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.


Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.





Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

saminblueridge
2011-05-24, 21:28
I have version 6, update 25 already installed, but I have some of the older ones as well. A few questions... I assume I should still delete all of the older versions? Should I delete only older versions, or both older versions and older updates? I was going to paste a screen shot of the various versions and updates of Java I have installed, but I can't seem to get it to paste in.

Basically, I've got:
Java Media Framework 2.1.1c
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SEv1.4.2_06
Java(TM)6 Update 2
Java(TM)6 Update 25
Java(TM)6 Update 3
Java(TM)6 Update 5
Java(TM)6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

I'm thinking I should remove all except possibly the Media Framework and Vers. 6 Update 25, since there are multitudes of updates that appear missing. Bad or incomplete removal on installation?

And, I'll wait to hear back from you before messing with the system restore... just in case I need to do the Java stuff first.

Thanks for the links. I like to have at least a little bit of understanding of what I'm doing!

ken545
2011-05-25, 01:11
Go ahead an uninstall these, my understanding with the new updates is that it will scan your system and remove old versions, cant hurt to leave them but there taking up disk space on your hard drive


Java(TM)6 Update 3
Java(TM)6 Update 5
Java(TM)6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SEv1.4.2_06

Let me know how it went and how your system is doing ?

saminblueridge
2011-05-25, 06:29
I removed the old Java versions, set a new restore point and cleaned off all the old points. Used the OTL cleanup as well.

The computer seems to be doing great. I haven't experienced any re-directs on Firefox and a quick look at task manager doesn't show any resources being hogged by svchost.exe.... seems to be operating a decent speed. The CPU Usage History tends to spike high on the performance tab when I do just about anything, but I don't look at it while I'm doing tasks that much, so I suppose it might be fairly common.

I'll let it run all night to be sure, but it looked in good shape after running the past few nights. Before, the memory usage on one of the svchost files would be sky high and it was acting real doggy.

All of this happened, probably quite by coincidence, about the time I let Firefox upgrade to version 4.xx. One of the first things I did was to delete it and install a previous version. The new version seemed to run so much slower. I guess I shouldn't have taken that panic move!

I'm curious about boot up speed now... Might see how that goes... and I guess it's okay to leave the Windows Image Acquisition service off at startup?

Thanks again for the links.

Sam

ken545
2011-05-25, 11:33
Good Morning,

I just installed Firefox 4 about a week ago and its running a bit faster then the previous version.

May want to read this
http://msdn.microsoft.com/en-us/library/ms630368(v=vs.85).aspx


If you need help with that you can post here
http://forums.whatthetech.com/index.php?showforum=119


Use your computer for a few days and post back and let me know how its going

saminblueridge
2011-05-25, 14:18
Use your computer for a few days and post back and let me know how its going

Thanks. I'll do that.

saminblueridge
2011-05-27, 06:38
Everything seems to be working normal. Thank you again for all the help... clear instructions and patience.

Sam

ken545
2011-05-27, 12:50
Your very welcome Sam

Take care,

Ken :)