View Full Version : root kit

2011-08-10, 01:50
my computer has been running slow. I have bean using little registry cleaner and disk cleanup almost every day. then i down loaded the new spy bot and did a root kit scan. the only fix shown was to delete them so i hit delete and it said it could crash I did not delete.while I was reading be for you start my computer shut down and restarted. I lost my defrag and disk clean up. I even tried the program search for them no record found. Then I down loaded ERUNT backed up my registry then down loaded dds and could not get a log. So what do I do now thank You

2011-08-14, 10:52

What happens when you try to run dds?

2011-08-15, 18:22
When I run DDS it looks like its running then it looks like its going down to my task bar. I don't get any thing in note pad

2011-08-15, 23:37

Please download and run this (http://download.bleepingcomputer.com/sUBs/Beta/dds.exe) (with default settings). If it still fails try in safe mode.

2011-08-16, 20:00
Hi. I down loaded dds exe and ran it. It took me to a red page. The text box came up DDS settings.I hit ok it blinks up a text box the brings me back here.
I tried it on scan it when down to my tool bar said it was running for 1.5 min then just goes away and stops. I also try it in safe mode got the result

2011-08-16, 20:22
I also try it in safe mode got the result
I assume you mean that DDS failed to work in safe mode too.

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

2011-08-16, 21:01
OTL logfile created on: 8/16/2011 10:42:21 AM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Dk & TJ\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 52.26% Memory free
3.99 Gb Paging File | 2.82 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 361.95 Gb Total Space | 265.61 Gb Free Space | 73.38% Space Free | Partition Type: NTFS
Drive D: | 10.66 Gb Total Space | 3.18 Gb Free Space | 29.78% Space Free | Partition Type: NTFS

Computer Name: STORE | User Name: Dk & TJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dk & TJ\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5e58f10757c91da0ac05161ca8e11e8b\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccd064df52eb5479bf745ec2a7b74952\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d6ae6d71281689587705eaed351b01d4\System.Data.SqlXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\81bc126ce60194c5af7e6d4b1b03f6c1\Microsoft.VisualC.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\\System.Data.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.Web.Services2\\Microsoft.Web.Services2.dll ()
MOD - C:\Program Files\Spare Backup\System.Data.SQLite.DLL ()
MOD - C:\Program Files\Spare Backup\UberCrypto.dll ()

========== Win32 Services (SafeList) ==========

SRV - (SDHookService) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDWSCService) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

========== Driver Services (SafeList) ==========

DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys ()
DRV - (SDHookDriver) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (elagopro) -- C:\Windows\System32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\Windows\System32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T5246
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T5246
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T5246

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://redding.craigslist.org/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {69D30031-F4A8-452a-A5B3-5D6787C3C5CF}:3.6
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.6
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4dd7e153&v="
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dk & TJ\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/10 09:44:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/04 08:46:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 17:17:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 17:17:10 | 000,000,000 | ---D | M]

[2009/05/14 07:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Extensions
[2011/08/15 16:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions
[2008/05/21 15:54:11 | 000,000,000 | ---D | M] (glowyred) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{0e4e4920-1412-11db-ac5d-0800200c9a66}
[2010/07/26 09:02:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/05/18 07:30:00 | 000,000,000 | ---D | M] (BloodFire) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1}
[2009/05/14 07:34:28 | 000,000,000 | ---D | M] (Foxkeh Theme) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{57407AE0-868F-11DC-AD21-49A755D89593}
[2010/07/26 09:02:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/26 09:02:48 | 000,000,000 | ---D | M] (OldFactory Black) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2009/05/14 07:34:27 | 000,000,000 | ---D | M] (Abstract Zune) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2008/05/21 15:53:35 | 000,000,000 | ---D | M] ("glowyblue") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{86b1f2a0-1790-11db-ac5d-0800200c9a66}
[2008/05/18 07:33:27 | 000,000,000 | ---D | M] (BlackJapanMAX) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}
[2008/05/21 15:51:03 | 000,000,000 | ---D | M] ("glowygreen") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{a909b230-17c6-11db-ac5d-0800200c9a66}
[2008/05/21 15:57:09 | 000,000,000 | ---D | M] (rubyFox) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{b31ac1df-926d-44b1-aeeb-8c732e0b9b1e}
[2008/05/21 15:53:59 | 000,000,000 | ---D | M] ("glowygold") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{ba264dc0-3752-11db-a98b-0800200c9a66}
[2009/08/17 08:25:31 | 000,000,000 | ---D | M] (HalloFF) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}
[2009/05/14 07:34:28 | 000,000,000 | ---D | M] (Miint) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
[2010/07/26 09:02:52 | 000,000,000 | ---D | M] (Scribblies Brite) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}
[2008/05/21 15:54:22 | 000,000,000 | ---D | M] ("glowywine") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{f9e9aa30-1842-11db-ac5d-0800200c9a66}
[2011/03/28 09:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\yyginstantplay@yoyogames.com-trash
[2008/02/06 11:02:12 | 000,001,878 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Mozilla\Firefox\Profiles\avzn3j3y.default\searchplugins\aolsearch.xml
[2010/09/27 10:23:51 | 000,001,196 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Mozilla\Firefox\Profiles\avzn3j3y.default\searchplugins\winamp-search.xml
[2011/06/15 09:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 09:11:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 08:42:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 08:37:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/15 09:26:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/04 08:46:31 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/08/10 09:44:53 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/08 16:34:42 | 000,436,209 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: www.007guard.com
O1 - Hosts: 007guard.com
O1 - Hosts: 008i.com
O1 - Hosts: www.008k.com
O1 - Hosts: 008k.com
O1 - Hosts: www.00hq.com
O1 - Hosts: 00hq.com
O1 - Hosts: 010402.com
O1 - Hosts: www.032439.com
O1 - Hosts: 032439.com
O1 - Hosts: www.1001-search.info
O1 - Hosts: 1001-search.info
O1 - Hosts: www.100888290cs.com
O1 - Hosts: 100888290cs.com
O1 - Hosts: www.100sexlinks.com
O1 - Hosts: 100sexlinks.com
O1 - Hosts: www.10sek.com
O1 - Hosts: 10sek.com
O1 - Hosts: www.123topsearch.com
O1 - Hosts: 123topsearch.com
O1 - Hosts: www.132.com
O1 - Hosts: 132.com
O1 - Hosts: www.136136.net
O1 - Hosts: 15020 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
F3 - HKCU WinNT: Load - (C:\Users\DK&TJ~1\AppData\Local\Temp\dwm.exe) - File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKCU Winlogon: Shell - (C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\shell.exe) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found
O24 - Desktop WallPaper: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2047d8c1-ffc9-11df-bdc3-001c256863d4}\Shell - "" = AutoRun
O33 - MountPoints2\{2047d8c1-ffc9-11df-bdc3-001c256863d4}\Shell\AutoRun\command - "" = L:\TL-Bootstrap.exe
O33 - MountPoints2\{8213ce80-52af-11df-9753-001c256863d4}\Shell - "" = AutoRun
O33 - MountPoints2\{8213ce80-52af-11df-9753-001c256863d4}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{b9be25ee-b28e-11de-a8e1-001c256863d4}\Shell - "" = AutoRun
O33 - MountPoints2\{b9be25ee-b28e-11de-a8e1-001c256863d4}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{cf017fb9-2136-11df-9c2e-001c256863d4}\Shell - "" = AutoRun
O33 - MountPoints2\{cf017fb9-2136-11df-9c2e-001c256863d4}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{f0b1d035-19ad-11e0-b613-001c256863d4}\Shell - "" = AutoRun
O33 - MountPoints2\{f0b1d035-19ad-11e0-b613-001c256863d4}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 03:15:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 03:15:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 03:15:01 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 03:15:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 03:14:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:53:16 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:52:59 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:52:58 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 09:46:41 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2011/08/10 08:54:31 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011/08/09 17:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/08/09 17:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\SDistTest
[2011/08/09 13:51:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/09 13:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/09 13:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/28 10:54:12 | 000,000,000 | ---D | C] -- C:\Users\Dk & TJ\AppData\Roaming\FileZilla
[2011/07/28 10:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/07/28 10:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client

========== Files - Modified Within 30 Days ==========

[2011/08/16 09:28:59 | 128,246,709 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/16 09:25:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/16 09:25:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/16 09:25:43 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/08/16 09:25:39 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/16 09:25:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/16 08:58:42 | 000,334,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/15 21:00:00 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/08/15 18:02:46 | 000,000,129 | ---- | M] () -- C:\Users\Dk & TJ\jagex_runescape_preferences2.dat
[2011/08/15 18:02:46 | 000,000,046 | ---- | M] () -- C:\Users\Dk & TJ\jagex_runescape_preferences.dat
[2011/08/14 12:49:06 | 000,013,806 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\wklnhst.dat
[2011/08/12 13:30:29 | 000,026,112 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\bof and outside inventory.xlr
[2011/08/11 03:03:47 | 000,642,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/11 03:03:47 | 000,119,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/10 12:27:09 | 008,586,406 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110810-122646.cab
[2011/08/10 12:26:47 | 000,354,534 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110810-122646.png
[2011/08/09 13:49:41 | 000,000,873 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/09 13:49:05 | 000,000,674 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\ERUNT.lnk
[2011/08/09 09:39:01 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/06 17:17:14 | 001,386,086 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110806-171712.cab
[2011/08/06 17:17:14 | 001,378,552 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110806-171712.png
[2011/07/25 15:09:48 | 000,073,728 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/25 15:06:50 | 000,180,224 | ---- | M] () -- C:\Windows\System32\WinVd32.sys
[2011/07/21 19:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/21 19:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/21 19:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/21 19:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/21 19:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/07/21 17:43:44 | 000,369,194 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

========== Files Created - No Company Name ==========

[2011/08/10 12:27:09 | 008,586,406 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110810-122646.cab
[2011/08/10 12:26:46 | 000,354,534 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110810-122646.png
[2011/08/09 13:49:41 | 000,000,873 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/09 13:49:05 | 000,000,674 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\ERUNT.lnk
[2011/08/06 17:17:14 | 001,386,086 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110806-171712.cab
[2011/08/06 17:17:12 | 001,378,552 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110806-171712.png
[2011/07/25 15:06:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2011/06/28 14:54:45 | 000,000,172 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/06/28 14:53:29 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2009/10/01 16:00:41 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009/09/17 02:14:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 02:14:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/08 10:51:24 | 000,000,680 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\d3d9caps.dat
[2009/05/14 09:23:24 | 000,000,095 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\fusioncache.dat
[2009/04/26 03:16:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/23 16:20:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/05/23 16:20:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/05/23 16:20:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/02/06 09:54:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/05 01:48:16 | 000,073,728 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 01:43:14 | 000,013,806 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Roaming\wklnhst.dat
[2006/11/22 15:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,334,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,642,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,119,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 17:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:52B72A7C

< End of report >
OTL Extras logfile created on: 8/16/2011 10:42:21 AM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Dk & TJ\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 52.26% Memory free
3.99 Gb Paging File | 2.82 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 361.95 Gb Total Space | 265.61 Gb Free Space | 73.38% Space Free | Partition Type: NTFS
Drive D: | 10.66 Gb Total Space | 3.18 Gb Free Space | 29.78% Space Free | Partition Type: NTFS

Computer Name: STORE | User Name: Dk & TJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

"DisableNotifications" = 0
"EnableFirewall" = 1

"DisableNotifications" = 0
"EnableFirewall" = 1

"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

"{0F2B9C2F-22D3-4817-B20E-47EA3A8A63F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{12020F0B-15D3-4363-9B57-763BAD4304AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{141B31B8-D7DE-4C5B-8850-DA5CF18F09A1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1B69D257-42D5-4E61-AFAD-2A493D2A51B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{2063FDA2-ED85-42CA-B98B-688271F998A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F4FC01A-9806-47D6-9924-B129247BFE17}" = lport=445 | protocol=6 | dir=in | app=system |
"{654DB90B-DCDA-4958-B6CF-C1B2FE39EAD8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7A0D4531-7AD4-4BAF-9F89-438371C88051}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89BB62D9-E187-458B-9B36-7D12DAF7BD80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CF7FD82-F3A0-4745-B442-4911D39AC8C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{90B70C0F-D054-4E63-B3FF-D3B858A6113C}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0276F5E-C0EF-4D9A-9302-31ACB05A3C5D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A08B9C6D-D36C-476E-8954-22CA40FDFCD0}" = lport=138 | protocol=17 | dir=in | app=system |
"{B6BB4335-5AD5-4221-8259-8FF95DE325F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C010DF87-A177-4DA1-B907-E8E51DF7C18C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C090AF7C-3E23-4C70-B7AF-E5817DEEFF3A}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6CB8361-37D8-4E16-AB0F-0657006DFD91}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D76B6829-F225-48CC-BB6B-DE19BB877255}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE2F2EBD-CC12-4353-82F2-9C828D859608}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

"{0555FC82-B899-4252-A43C-18AA73C58A26}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A2828E5-5240-4C75-9092-69C9AD2A2175}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1298887F-8657-49FA-A236-E8C376FED8AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{28C0AF2A-F612-4E1B-BD63-7B32FC1783B6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{28E507A9-8FE1-4CA1-9F56-72DE0A098A60}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{29669B19-1EE6-4F33-84E8-70576E234CFF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{2A44FEEA-DA7B-4446-8406-562A3FCC93DA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{2BDD266F-8383-44FC-AE71-F87E3C488023}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{40D6ACF2-8BFC-4A2D-98B9-428F469F5595}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{433099B4-1079-4BD1-AE05-76E952901369}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F3AC5FA-35BF-46EE-A55F-8A0B3587142A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5423005E-5862-4BE5-AE9E-5D19A05E8AF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E5B62C0-0FD8-4EA0-BF3B-2956D07D3346}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{5F73947C-D4C8-4235-8D19-8381CD468618}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F9E8CEA-8C2C-4991-980E-072527878B90}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{6861781E-54E5-466E-BDCD-BC70D218FF77}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{6EC0CA15-A6B7-4F2F-9E5A-2D423C3A03A8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{704CCA4A-439E-4CDB-97B3-CA0C32DE032C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{72C568D6-EFA2-4E62-8855-B912E0825E44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7CA6AA9F-3C7E-46EF-9A45-7A4BA5CD1B29}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8D5C9867-86A4-42FC-B7B3-B68F99172729}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99065B80-27B4-4030-95C6-E6F96860A121}" = protocol=6 | dir=out | app=system |
"{9E1F4906-D35E-423B-84AC-7D2BF28AA8A4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{A8C9F26B-BE1E-4197-A50B-D55CAB009E56}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{AF6B8A82-E30A-4286-9489-077A5A68B532}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B66914E2-A5E3-4342-B2D4-AC8F8B3E8D87}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE8FACC8-3AAA-4A01-88A3-F50F43D3E22A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CA7D2778-C779-4CF1-822E-C92BE0E4BAD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CE3CCC9C-ABDF-4D72-9702-B4153FA514FF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D7531AD6-68C2-43B0-8E87-FF2E54D7BCA7}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DE761225-628D-47D2-9228-FEF1BFC23804}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED5D34AA-A97A-413F-A414-A6E8FEB10C8D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{2A09D9F9-BB4A-4849-B4C0-38445C93B9C0}C:\program files\spybot - search & destroy 2\sdtray.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdtray.exe |
"UDP Query User{DC190AFA-7CB0-47AD-95A8-25F6360EAC22}C:\program files\spybot - search & destroy 2\sdtray.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdtray.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{341A5362-88DB-484B-97A6-A57F535074CA}_is1" = Spybot-S&D Distributed Testing Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-emachines" = WildTangent Games App (eMachines Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Alexey's Dwice_is1" = Alexey's Dwice version 1.0
"AVG" = AVG 2011
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"ERUNT_is1" = ERUNT 1.1j
"Family Tree Builder" = MyHeritage Family Tree Builder
"FileZilla Client" = FileZilla Client 3.5.0
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Little Registry Cleaner" = Little Registry Cleaner
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NVIDIA Drivers" = NVIDIA Drivers
"Royal RegisterLink" = Royal RegisterLink
"WildTangent emachines Master Uninstall" = eMachines Games

========== HKEY_CURRENT_USER Uninstall List ==========

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2011 12:36:55 PM | Computer Name = Store | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version, time
stamp 0x4df86355, faulting module ntdll.dll, version 6.0.6002.18327, time stamp
0x4cb73436, exception code 0xc0000005, fault offset 0x00048822, process id 0xd3c,
application start time 0x01cc4f170c2141d0.

Error - 8/3/2011 5:44:52 PM | Computer Name = Store | Source = Application Hang | ID = 1002
Description = The program qbw32.exe version 16.0.4003.513 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12f0 Start Time: 01cc51f405c972a0 Termination Time: 844

Error - 8/3/2011 5:54:56 PM | Computer Name = Store | Source = VSS | ID = 8194
Description =

Error - 8/3/2011 5:56:13 PM | Computer Name = Store | Source = VSS | ID = 8194
Description =

Error - 8/4/2011 5:54:32 PM | Computer Name = Store | Source = VSS | ID = 8194
Description =

Error - 8/4/2011 5:55:40 PM | Computer Name = Store | Source = VSS | ID = 8194
Description =

Error - 8/6/2011 7:23:18 PM | Computer Name = Store | Source = VSS | ID = 8194
Description =

Error - 8/6/2011 7:24:14 PM | Computer Name = Store | Source = VSS | ID = 8194
Description =

Error - 8/7/2011 3:34:32 PM | Computer Name = Store | Source = VSS | ID = 8194
Description =

Error - 8/7/2011 3:35:34 PM | Computer Name = Store | Source = VSS | ID = 8194
Description =

[ Media Center Events ]
Error - 6/9/2009 11:53:14 AM | Computer Name = Jane | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/3/2009 9:59:44 PM | Computer Name = Jane | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 4:48:12 PM | Computer Name = Jane | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 7:32:46 PM | Computer Name = Jane | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2010 8:35:54 PM | Computer Name = Store | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

2011-08-17, 07:32

Please visit this webpage for download links, and instructions for running ComboFix tool:


Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

New dds log (if the tool runs otherwise fresh OTL.txt).

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

2011-08-17, 21:47
Hi I ran combo fix and tried to run dds log still could not get that. so I am giving you combo log report ComboFix 11-08-17.02 - Dk & TJ 08/17/2011 10:54:10.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1919.1010 [GMT -7:00]
Running from: c:\users\Dk & TJ\Downloads\ComboFix.exe
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
---- Previous Run -------
-- Previous Run --
c:\windows\system32\userinit.exe . . . is infected!!
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
2011-08-17 18:07 . 2011-08-17 18:08 -------- d-----w- c:\users\Dk & TJ\AppData\Local\temp
2011-08-17 18:07 . 2011-08-17 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-11 10:15 . 2011-07-22 02:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-11 10:15 . 2011-07-22 03:00 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-08-11 10:15 . 2011-07-22 02:46 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-08-11 10:15 . 2011-07-22 02:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-08-11 10:15 . 2011-07-22 02:48 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-08-11 00:53 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 00:53 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 00:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-11 00:52 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 00:52 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 00:52 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 16:46 . 2011-08-10 16:46 -------- d-----w- C:\SpybotBootCD
2011-08-10 15:54 . 2011-08-10 15:54 -------- d-----w- C:\ProcAlyzer Dumps
2011-08-10 00:23 . 2011-08-10 00:23 -------- d-----w- c:\program files\SDistTest
2011-08-09 20:49 . 2011-08-09 20:49 -------- d-----w- c:\program files\ERUNT
2011-07-28 17:54 . 2011-07-29 02:08 -------- d-----w- c:\users\Dk & TJ\AppData\Roaming\FileZilla
2011-07-28 17:53 . 2011-07-28 17:54 -------- d-----w- c:\program files\FileZilla FTP Client
2011-07-25 22:06 . 2011-07-25 22:06 180224 ----a-w- c:\windows\system32\WinVd32.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-07-03 17:12 . 2011-07-03 17:12 161792 ----a-w- c:\windows\system32\msls31.dll
2011-07-03 17:12 . 2011-07-03 17:12 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-03 17:12 . 2011-07-03 17:12 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-07-03 17:12 . 2011-07-03 17:12 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-07-03 17:12 . 2011-07-03 17:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-03 17:12 . 2011-07-03 17:12 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-07-03 17:12 . 2011-07-03 17:12 367104 ----a-w- c:\windows\system32\html.iec
2011-07-03 17:12 . 2011-07-03 17:12 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-07-03 17:12 . 2011-07-03 17:12 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-03 17:12 . 2011-07-03 17:12 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-03 17:12 . 2011-07-03 17:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-07-03 17:12 . 2011-07-03 17:12 152064 ----a-w- c:\windows\system32\wextract.exe
2011-07-03 17:12 . 2011-07-03 17:12 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-07-03 17:12 . 2011-07-03 17:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-03 17:12 . 2011-07-03 17:12 11776 ----a-w- c:\windows\system32\mshta.exe
2011-07-03 17:12 . 2011-07-03 17:12 101888 ----a-w- c:\windows\system32\admparse.dll
2011-07-03 17:12 . 2011-07-03 17:12 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-07-03 17:12 . 2011-07-03 17:12 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-29 15:55 . 2011-06-15 00:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 21:23 . 2011-06-21 21:23 389136 ----a-w- c:\windows\system32\FTBSaver.scr
2011-06-02 13:34 . 2011-07-13 04:29 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-12 05:57 . 2011-08-17 17:29 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-06-21 225280]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV&inst=NzctNjMxNjY2MzYyLUJBKzEtS1YzKzctWEwrMS1UMS1VQ0FMTCsxLUJBUjhHKzEtVUNBTEwyKzItVEI4KzItRkwrOC1GOE0xMUMrMS1VUEcrMjAxMS1GTDEwKzEtVFVHKzMtTElDKzk5LVNQMSsxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsw&prod=90&ver=10.0.1392" [?]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]
c:\users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-8 811008]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Contents of the 'Scheduled Tasks' folder
------- Supplementary Scan -------
uStart Page = hxxp://msn.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T5246
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{2191638E-8B70-4175-B316-EF3EA1098A5F}: NameServer =,
FF - ProfilePath - c:\users\Dk & TJ\AppData\Roaming\Mozilla\Firefox\Profiles\avzn3j3y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://redding.craigslist.org/
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 2
FF - user.js: yahoo.homepage.dontask - true
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-17 11:08
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------- LOCKED REGISTRY KEYS ---------------------
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
Completion time: 2011-08-17 11:18:29
ComboFix-quarantined-files.txt 2011-08-17 18:18
Pre-Run: 287,877,177,344 bytes free
Post-Run: 286,840,553,472 bytes free
- - End Of File - - 658612331A9DB6368AAF7AABA46E7EB4

2011-08-17, 23:18

Upload c:\windows\system32\userinit.exe file to http://www.virustotal.com (select reanalyse if prompted) and post back a link to the results. Post also fresh OTL.txt log.

2011-08-18, 19:23
Hi Iran virus total her is the report and a fresh OTL Thank You
VT Community Sign in ▼ Languages ▼
Virus Total
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
1 VT Community user(s) with a total of 8195 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
Submission date:
2011-08-18 15:16:53 (UTC)
Current status:
0/ 44 (0.0%)

VT Community

Safety score: 100.0%
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.08.18.00 2011.08.18 -
AntiVir 2011.08.18 -
Antiy-AVL 2011.08.18 -
Avast 4.8.1351.0 2011.08.18 -
Avast5 5.0.677.0 2011.08.18 -
AVG 2011.08.18 -
BitDefender 7.2 2011.08.18 -
ByteHero 2011.08.18 -
CAT-QuickHeal 11.00 2011.08.18 -
ClamAV 2011.08.18 -
Commtouch 2011.08.18 -
Comodo 9790 2011.08.18 -
DrWeb 2011.08.18 -
Emsisoft 2011.08.18 -
eSafe 2011.08.18 -
eTrust-Vet 36.1.8508 2011.08.18 -
F-Prot 2011.08.18 -
F-Secure 9.0.16440.0 2011.08.18 -
Fortinet 2011.08.18 -
GData 22 2011.08.18 -
Ikarus T3. 2011.08.18 -
Jiangmin 13.0.900 2011.08.18 -
K7AntiVirus 9.109.5026 2011.08.17 -
Kaspersky 2011.08.18 -
McAfee 5.400.0.1158 2011.08.18 -
McAfee-GW-Edition 2010.1D 2011.08.18 -
Microsoft 1.7604 2011.08.18 -
NOD32 6389 2011.08.18 -
Norman 6.07.10 2011.08.18 -
nProtect 2011-08-18.01 2011.08.18 -
Panda 2011.08.18 -
PCTools 2011.08.18 -
Prevx 3.0 2011.08.18 -
Rising 2011.08.18 -
Sophos 4.68.0 2011.08.18 -
SUPERAntiSpyware 2011.08.17 -
Symantec 20111.2.0.82 2011.08.18 -
TheHacker 2011.08.18 -
TrendMicro 9.500.0.1008 2011.08.17 -
TrendMicro-HouseCall 9.500.0.1008 2011.08.18 -
VBA32 2011.08.17 -
VIPRE 10200 2011.08.18 -
ViRobot 2011.8.18.4626 2011.08.18 -
VirusBuster 2011.08.18 -
Additional information
MD5 : 0e135526e9785d085bcd9aede6fbcbf9
SHA1 : d15244d41efddbab08d53fe032aedff39091d3af
SHA256: 75eea7e5ae90d857b777361a0166f9a82e354f229fd5250af8738364e6fb45db

VT Community

8195 credits
Comment date:
2010-12-21 03:33:11 (UTC)
Tags: Goodware,

Was this comment helpful? Yes (2) | No (0) | Report abuse

Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
Spam attachment/link

P2P download
Propagating via IM
Network worm


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com - TOS & Privacy Policy
OTL logfile created on: 8/18/2011 9:01:09 AM - Run 3
OTL by OldTimer - Version Folder = C:\Users\Dk & TJ\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 44.16% Memory free
3.99 Gb Paging File | 2.45 Gb Available in Paging File | 61.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 361.95 Gb Total Space | 266.08 Gb Free Space | 73.51% Space Free | Partition Type: NTFS
Drive D: | 10.66 Gb Total Space | 3.20 Gb Free Space | 30.03% Space Free | Partition Type: NTFS

Computer Name: STORE | User Name: Dk & TJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dk & TJ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Java\jre6\bin\jp2native.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\\System.Windows.Forms.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Web\\System.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Security\\System.Security.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Services\\System.Web.Services.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\\System.Runtime.Remoting.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\\System.Data.SqlXml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\\System.DirectoryServices.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\\System.Management.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\\System.EnterpriseServices.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\\System.DirectoryServices.Protocols.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\\Accessibility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\\Microsoft.VisualC.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.Web.Services2\\Microsoft.Web.Services2.dll ()
MOD - C:\Program Files\Spare Backup\System.Data.SQLite.DLL ()
MOD - C:\Program Files\Spare Backup\UberCrypto.dll ()

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SDHookService) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDWSCService) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

========== Driver Services (SafeList) ==========

DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SDHookDriver) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (elagopro) -- C:\Windows\System32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\Windows\System32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T5246

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://redding.craigslist.org/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {69D30031-F4A8-452a-A5B3-5D6787C3C5CF}:3.6
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.6
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dk & TJ\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 10:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 10:24:07 | 000,000,000 | ---D | M]

[2009/05/14 07:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Extensions
[2011/08/17 10:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions
[2008/05/21 15:54:11 | 000,000,000 | ---D | M] (glowyred) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{0e4e4920-1412-11db-ac5d-0800200c9a66}
[2010/07/26 09:02:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/05/18 07:30:00 | 000,000,000 | ---D | M] (BloodFire) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1}
[2009/05/14 07:34:28 | 000,000,000 | ---D | M] (Foxkeh Theme) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{57407AE0-868F-11DC-AD21-49A755D89593}
[2010/07/26 09:02:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/14 07:34:27 | 000,000,000 | ---D | M] (Abstract Zune) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2008/05/21 15:53:35 | 000,000,000 | ---D | M] ("glowyblue") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{86b1f2a0-1790-11db-ac5d-0800200c9a66}
[2008/05/18 07:33:27 | 000,000,000 | ---D | M] (BlackJapanMAX) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}
[2008/05/21 15:51:03 | 000,000,000 | ---D | M] ("glowygreen") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{a909b230-17c6-11db-ac5d-0800200c9a66}
[2008/05/21 15:57:09 | 000,000,000 | ---D | M] (rubyFox) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{b31ac1df-926d-44b1-aeeb-8c732e0b9b1e}
[2008/05/21 15:53:59 | 000,000,000 | ---D | M] ("glowygold") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{ba264dc0-3752-11db-a98b-0800200c9a66}
[2009/08/17 08:25:31 | 000,000,000 | ---D | M] (HalloFF) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}
[2009/05/14 07:34:28 | 000,000,000 | ---D | M] (Miint) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
[2008/05/21 15:54:22 | 000,000,000 | ---D | M] ("glowywine") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{f9e9aa30-1842-11db-ac5d-0800200c9a66}
[2008/02/06 11:02:12 | 000,001,878 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Mozilla\Firefox\Profiles\avzn3j3y.default\searchplugins\aolsearch.xml
[2010/09/27 10:23:51 | 000,001,196 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Mozilla\Firefox\Profiles\avzn3j3y.default\searchplugins\winamp-search.xml
[2011/08/17 10:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 09:11:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 08:42:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 08:37:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/15 09:26:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/11 22:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/17 09:51:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found
O24 - Desktop WallPaper: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 08:47:02 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Dk & TJ\Desktop\OTL.exe
[2011/08/17 13:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/08/17 13:11:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/08/17 13:11:21 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/17 13:11:21 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/17 13:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/17 13:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/17 12:07:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/17 11:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/08/17 11:49:50 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2011/08/17 11:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/08/17 11:18:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/17 11:18:42 | 000,000,000 | ---D | C] -- C:\Users\Dk & TJ\AppData\Local\temp
[2011/08/17 11:16:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/17 09:35:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/17 09:35:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/17 09:35:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/17 09:23:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/11 03:15:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 03:15:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 03:15:01 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 03:15:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 03:14:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:53:16 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:52:59 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:52:58 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 09:46:41 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2011/08/10 08:54:31 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011/08/09 17:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/08/09 17:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\SDistTest
[2011/08/09 13:51:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/09 13:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/09 13:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/28 10:54:12 | 000,000,000 | ---D | C] -- C:\Users\Dk & TJ\AppData\Roaming\FileZilla
[2011/07/28 10:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/07/28 10:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client

========== Files - Modified Within 30 Days ==========

[2011/08/18 08:47:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Dk & TJ\Desktop\OTL.exe
[2011/08/18 08:22:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 08:22:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 16:28:55 | 000,000,129 | ---- | M] () -- C:\Users\Dk & TJ\jagex_runescape_preferences2.dat
[2011/08/17 16:28:55 | 000,000,046 | ---- | M] () -- C:\Users\Dk & TJ\jagex_runescape_preferences.dat
[2011/08/17 13:11:30 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/17 12:22:57 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/08/17 12:22:54 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/17 12:22:54 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/08/17 12:22:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 12:08:06 | 000,642,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/17 12:08:06 | 000,119,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/17 11:49:58 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/08/17 10:29:59 | 000,000,830 | ---- | M] () -- C:\Users\Dk & TJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/17 10:29:59 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/17 09:51:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/17 09:34:58 | 000,000,546 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\ComboFix - Shortcut.lnk
[2011/08/16 08:58:42 | 000,334,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/14 12:49:06 | 000,013,806 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\wklnhst.dat
[2011/08/12 13:30:29 | 000,026,112 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\bof and outside inventory.xlr
[2011/08/10 12:27:09 | 008,586,406 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110810-122646.cab
[2011/08/10 12:26:47 | 000,354,534 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110810-122646.png
[2011/08/09 13:49:41 | 000,000,873 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/09 13:49:05 | 000,000,674 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\ERUNT.lnk
[2011/08/06 17:17:14 | 001,386,086 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110806-171712.cab
[2011/08/06 17:17:14 | 001,378,552 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110806-171712.png
[2011/07/25 15:09:48 | 000,073,728 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/25 15:06:50 | 000,180,224 | ---- | M] () -- C:\Windows\System32\WinVd32.sys
[2011/07/21 19:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/21 19:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/21 19:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/21 19:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/21 19:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/07/20 11:30:49 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/07/20 11:30:49 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2011/08/17 13:11:30 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/17 11:50:06 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/08/17 11:50:06 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/17 11:50:06 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/08/17 11:49:58 | 000,001,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/08/17 11:49:58 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/08/17 10:29:59 | 000,000,830 | ---- | C] () -- C:\Users\Dk & TJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/17 10:29:59 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/17 10:29:59 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/17 09:35:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/17 09:35:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/17 09:35:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/17 09:35:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/17 09:35:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/17 09:34:58 | 000,000,546 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\ComboFix - Shortcut.lnk
[2011/08/10 12:27:09 | 008,586,406 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110810-122646.cab
[2011/08/10 12:26:46 | 000,354,534 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110810-122646.png
[2011/08/09 13:49:41 | 000,000,873 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/09 13:49:05 | 000,000,674 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\ERUNT.lnk
[2011/08/06 17:17:14 | 001,386,086 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110806-171712.cab
[2011/08/06 17:17:12 | 001,378,552 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110806-171712.png
[2011/07/25 15:06:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2011/06/28 14:54:45 | 000,000,172 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/06/28 14:53:29 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2009/10/01 16:00:41 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009/09/17 02:14:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 02:14:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/08 10:51:24 | 000,000,680 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\d3d9caps.dat
[2009/05/14 09:23:24 | 000,000,095 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\fusioncache.dat
[2009/04/26 03:16:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/23 16:20:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/05/23 16:20:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/05/23 16:20:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/02/06 09:54:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/05 01:48:16 | 000,073,728 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 01:43:14 | 000,013,806 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Roaming\wklnhst.dat
[2006/11/22 15:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,334,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,642,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,119,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 17:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:52B72A7C

< End of report >

2011-08-18, 19:36
Hi I ran virus total and a fresh otl her are the reports THANKS
VT Community Sign in ▼ Languages ▼
Virus Total
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
1 VT Community user(s) with a total of 8195 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
Submission date:
2011-08-18 15:16:53 (UTC)
Current status:
0/ 44 (0.0%)

VT Community

Safety score: 100.0%
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.08.18.00 2011.08.18 -
AntiVir 2011.08.18 -
Antiy-AVL 2011.08.18 -
Avast 4.8.1351.0 2011.08.18 -
Avast5 5.0.677.0 2011.08.18 -
AVG 2011.08.18 -
BitDefender 7.2 2011.08.18 -
ByteHero 2011.08.18 -
CAT-QuickHeal 11.00 2011.08.18 -
ClamAV 2011.08.18 -
Commtouch 2011.08.18 -
Comodo 9790 2011.08.18 -
DrWeb 2011.08.18 -
Emsisoft 2011.08.18 -
eSafe 2011.08.18 -
eTrust-Vet 36.1.8508 2011.08.18 -
F-Prot 2011.08.18 -
F-Secure 9.0.16440.0 2011.08.18 -
Fortinet 2011.08.18 -
GData 22 2011.08.18 -
Ikarus T3. 2011.08.18 -
Jiangmin 13.0.900 2011.08.18 -
K7AntiVirus 9.109.5026 2011.08.17 -
Kaspersky 2011.08.18 -
McAfee 5.400.0.1158 2011.08.18 -
McAfee-GW-Edition 2010.1D 2011.08.18 -
Microsoft 1.7604 2011.08.18 -
NOD32 6389 2011.08.18 -
Norman 6.07.10 2011.08.18 -
nProtect 2011-08-18.01 2011.08.18 -
Panda 2011.08.18 -
PCTools 2011.08.18 -
Prevx 3.0 2011.08.18 -
Rising 2011.08.18 -
Sophos 4.68.0 2011.08.18 -
SUPERAntiSpyware 2011.08.17 -
Symantec 20111.2.0.82 2011.08.18 -
TheHacker 2011.08.18 -
TrendMicro 9.500.0.1008 2011.08.17 -
TrendMicro-HouseCall 9.500.0.1008 2011.08.18 -
VBA32 2011.08.17 -
VIPRE 10200 2011.08.18 -
ViRobot 2011.8.18.4626 2011.08.18 -
VirusBuster 2011.08.18 -
Additional information
MD5 : 0e135526e9785d085bcd9aede6fbcbf9
SHA1 : d15244d41efddbab08d53fe032aedff39091d3af
SHA256: 75eea7e5ae90d857b777361a0166f9a82e354f229fd5250af8738364e6fb45db

VT Community

8195 credits
Comment date:
2010-12-21 03:33:11 (UTC)
Tags: Goodware,

Was this comment helpful? Yes (2) | No (0) | Report abuse

Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
Spam attachment/link

P2P download
Propagating via IM
Network worm


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com - TOS & Privacy Policy
OTL logfile created on: 8/18/2011 9:01:09 AM - Run 3
OTL by OldTimer - Version Folder = C:\Users\Dk & TJ\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 44.16% Memory free
3.99 Gb Paging File | 2.45 Gb Available in Paging File | 61.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 361.95 Gb Total Space | 266.08 Gb Free Space | 73.51% Space Free | Partition Type: NTFS
Drive D: | 10.66 Gb Total Space | 3.20 Gb Free Space | 30.03% Space Free | Partition Type: NTFS

Computer Name: STORE | User Name: Dk & TJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dk & TJ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Java\jre6\bin\jp2native.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\\System.Windows.Forms.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Web\\System.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Security\\System.Security.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Services\\System.Web.Services.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\\System.Runtime.Remoting.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\\System.Data.SqlXml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\\System.DirectoryServices.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\\System.Management.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\\System.EnterpriseServices.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\\System.DirectoryServices.Protocols.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\\Accessibility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\\Microsoft.VisualC.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.Web.Services2\\Microsoft.Web.Services2.dll ()
MOD - C:\Program Files\Spare Backup\System.Data.SQLite.DLL ()
MOD - C:\Program Files\Spare Backup\UberCrypto.dll ()

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SDHookService) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDWSCService) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

========== Driver Services (SafeList) ==========

DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SDHookDriver) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (elagopro) -- C:\Windows\System32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\Windows\System32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T5246

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://redding.craigslist.org/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {69D30031-F4A8-452a-A5B3-5D6787C3C5CF}:3.6
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.6
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dk & TJ\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 10:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 10:24:07 | 000,000,000 | ---D | M]

[2009/05/14 07:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Extensions
[2011/08/17 10:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions
[2008/05/21 15:54:11 | 000,000,000 | ---D | M] (glowyred) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{0e4e4920-1412-11db-ac5d-0800200c9a66}
[2010/07/26 09:02:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/05/18 07:30:00 | 000,000,000 | ---D | M] (BloodFire) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1}
[2009/05/14 07:34:28 | 000,000,000 | ---D | M] (Foxkeh Theme) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{57407AE0-868F-11DC-AD21-49A755D89593}
[2010/07/26 09:02:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/14 07:34:27 | 000,000,000 | ---D | M] (Abstract Zune) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2008/05/21 15:53:35 | 000,000,000 | ---D | M] ("glowyblue") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{86b1f2a0-1790-11db-ac5d-0800200c9a66}
[2008/05/18 07:33:27 | 000,000,000 | ---D | M] (BlackJapanMAX) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}
[2008/05/21 15:51:03 | 000,000,000 | ---D | M] ("glowygreen") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{a909b230-17c6-11db-ac5d-0800200c9a66}
[2008/05/21 15:57:09 | 000,000,000 | ---D | M] (rubyFox) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{b31ac1df-926d-44b1-aeeb-8c732e0b9b1e}
[2008/05/21 15:53:59 | 000,000,000 | ---D | M] ("glowygold") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{ba264dc0-3752-11db-a98b-0800200c9a66}
[2009/08/17 08:25:31 | 000,000,000 | ---D | M] (HalloFF) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}
[2009/05/14 07:34:28 | 000,000,000 | ---D | M] (Miint) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
[2008/05/21 15:54:22 | 000,000,000 | ---D | M] ("glowywine") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{f9e9aa30-1842-11db-ac5d-0800200c9a66}
[2008/02/06 11:02:12 | 000,001,878 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Mozilla\Firefox\Profiles\avzn3j3y.default\searchplugins\aolsearch.xml
[2010/09/27 10:23:51 | 000,001,196 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Mozilla\Firefox\Profiles\avzn3j3y.default\searchplugins\winamp-search.xml
[2011/08/17 10:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 09:11:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 08:42:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 08:37:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/15 09:26:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/11 22:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/17 09:51:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found
O24 - Desktop WallPaper: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 08:47:02 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Dk & TJ\Desktop\OTL.exe
[2011/08/17 13:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/08/17 13:11:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/08/17 13:11:21 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/17 13:11:21 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/17 13:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/17 13:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/17 12:07:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/17 11:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/08/17 11:49:50 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2011/08/17 11:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/08/17 11:18:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/17 11:18:42 | 000,000,000 | ---D | C] -- C:\Users\Dk & TJ\AppData\Local\temp
[2011/08/17 11:16:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/17 09:35:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/17 09:35:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/17 09:35:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/17 09:23:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/11 03:15:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 03:15:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 03:15:01 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 03:15:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 03:14:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:53:16 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:52:59 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:52:58 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 09:46:41 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2011/08/10 08:54:31 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011/08/09 17:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/08/09 17:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\SDistTest
[2011/08/09 13:51:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/09 13:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/09 13:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/28 10:54:12 | 000,000,000 | ---D | C] -- C:\Users\Dk & TJ\AppData\Roaming\FileZilla
[2011/07/28 10:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/07/28 10:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client

========== Files - Modified Within 30 Days ==========

[2011/08/18 08:47:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Dk & TJ\Desktop\OTL.exe
[2011/08/18 08:22:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 08:22:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 16:28:55 | 000,000,129 | ---- | M] () -- C:\Users\Dk & TJ\jagex_runescape_preferences2.dat
[2011/08/17 16:28:55 | 000,000,046 | ---- | M] () -- C:\Users\Dk & TJ\jagex_runescape_preferences.dat
[2011/08/17 13:11:30 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/17 12:22:57 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/08/17 12:22:54 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/17 12:22:54 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/08/17 12:22:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 12:08:06 | 000,642,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/17 12:08:06 | 000,119,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/17 11:49:58 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/08/17 10:29:59 | 000,000,830 | ---- | M] () -- C:\Users\Dk & TJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/17 10:29:59 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/17 09:51:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/17 09:34:58 | 000,000,546 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\ComboFix - Shortcut.lnk
[2011/08/16 08:58:42 | 000,334,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/14 12:49:06 | 000,013,806 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\wklnhst.dat
[2011/08/12 13:30:29 | 000,026,112 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\bof and outside inventory.xlr
[2011/08/10 12:27:09 | 008,586,406 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110810-122646.cab
[2011/08/10 12:26:47 | 000,354,534 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110810-122646.png
[2011/08/09 13:49:41 | 000,000,873 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/09 13:49:05 | 000,000,674 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\ERUNT.lnk
[2011/08/06 17:17:14 | 001,386,086 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110806-171712.cab
[2011/08/06 17:17:14 | 001,378,552 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110806-171712.png
[2011/07/25 15:09:48 | 000,073,728 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/25 15:06:50 | 000,180,224 | ---- | M] () -- C:\Windows\System32\WinVd32.sys
[2011/07/21 19:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/21 19:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/21 19:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/21 19:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/21 19:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/07/20 11:30:49 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/07/20 11:30:49 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2011/08/17 13:11:30 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/17 11:50:06 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/08/17 11:50:06 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/17 11:50:06 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/08/17 11:49:58 | 000,001,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/08/17 11:49:58 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/08/17 10:29:59 | 000,000,830 | ---- | C] () -- C:\Users\Dk & TJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/17 10:29:59 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/17 10:29:59 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/17 09:35:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/17 09:35:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/17 09:35:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/17 09:35:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/17 09:35:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/17 09:34:58 | 000,000,546 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\ComboFix - Shortcut.lnk
[2011/08/10 12:27:09 | 008,586,406 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110810-122646.cab
[2011/08/10 12:26:46 | 000,354,534 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110810-122646.png
[2011/08/09 13:49:41 | 000,000,873 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/09 13:49:05 | 000,000,674 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\ERUNT.lnk
[2011/08/06 17:17:14 | 001,386,086 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110806-171712.cab
[2011/08/06 17:17:12 | 001,378,552 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110806-171712.png
[2011/07/25 15:06:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2011/06/28 14:54:45 | 000,000,172 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/06/28 14:53:29 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2009/10/01 16:00:41 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009/09/17 02:14:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 02:14:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/08 10:51:24 | 000,000,680 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\d3d9caps.dat
[2009/05/14 09:23:24 | 000,000,095 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\fusioncache.dat
[2009/04/26 03:16:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/23 16:20:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/05/23 16:20:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/05/23 16:20:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/02/06 09:54:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/05 01:48:16 | 000,073,728 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 01:43:14 | 000,013,806 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Roaming\wklnhst.dat
[2006/11/22 15:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,334,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,642,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,119,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 17:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:52B72A7C

< End of report >

2011-08-18, 22:25
Hi again,

Let's run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 2

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Post back the results.

Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).

Uninstall this old Java:
Java(TM) SE Runtime Environment 6 Update 1

* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.

Post back its report & fresh OTL.txt log. How's system running?

2011-08-19, 18:26
Hi here are the logs you asked for exept ESET.I closed to whith out saving it
no theats found.I also unistalled adobe andjava and reinstalled, systym doesseem to be runnig better although at restart i get an erunt error saying erunt can not back up registry atomaticly
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "" removed from network.proxy.http
Prefs.js: 50370 removed from network.proxy.http_port
Prefs.js: 2 removed from network.proxy.type
========== COMMANDS ==========

OTL by OldTimer - Version log created on 08182011_134737
OTL logfile created on: 8/19/2011 8:07:46 AM - Run 5
OTL by OldTimer - Version Folder = C:\Users\Dk & TJ\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 43.96% Memory free
3.99 Gb Paging File | 2.49 Gb Available in Paging File | 62.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 361.95 Gb Total Space | 266.19 Gb Free Space | 73.54% Space Free | Partition Type: NTFS
Drive D: | 10.66 Gb Total Space | 3.20 Gb Free Space | 29.99% Space Free | Partition Type: NTFS

Computer Name: STORE | User Name: Dk & TJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Users\Dk & TJ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5e58f10757c91da0ac05161ca8e11e8b\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccd064df52eb5479bf745ec2a7b74952\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d6ae6d71281689587705eaed351b01d4\System.Data.SqlXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\81bc126ce60194c5af7e6d4b1b03f6c1\Microsoft.VisualC.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\\System.Data.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.Web.Services2\\Microsoft.Web.Services2.dll ()
MOD - C:\Program Files\Spare Backup\System.Data.SQLite.DLL ()
MOD - C:\Program Files\Spare Backup\UberCrypto.dll ()

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SDHookService) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDWSCService) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys ()
DRV - (SDHookDriver) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (elagopro) -- C:\Windows\System32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\Windows\System32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T5246

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://redding.craigslist.org/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {69D30031-F4A8-452a-A5B3-5D6787C3C5CF}:3.6
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.6

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dk & TJ\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 10:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 14:58:25 | 000,000,000 | ---D | M]

[2009/05/14 07:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Extensions
[2011/08/17 10:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions
[2008/05/21 15:54:11 | 000,000,000 | ---D | M] (glowyred) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{0e4e4920-1412-11db-ac5d-0800200c9a66}
[2010/07/26 09:02:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/05/18 07:30:00 | 000,000,000 | ---D | M] (BloodFire) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1}
[2009/05/14 07:34:28 | 000,000,000 | ---D | M] (Foxkeh Theme) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{57407AE0-868F-11DC-AD21-49A755D89593}
[2010/07/26 09:02:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/14 07:34:27 | 000,000,000 | ---D | M] (Abstract Zune) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2008/05/21 15:53:35 | 000,000,000 | ---D | M] ("glowyblue") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{86b1f2a0-1790-11db-ac5d-0800200c9a66}
[2008/05/18 07:33:27 | 000,000,000 | ---D | M] (BlackJapanMAX) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}
[2008/05/21 15:51:03 | 000,000,000 | ---D | M] ("glowygreen") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{a909b230-17c6-11db-ac5d-0800200c9a66}
[2008/05/21 15:57:09 | 000,000,000 | ---D | M] (rubyFox) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{b31ac1df-926d-44b1-aeeb-8c732e0b9b1e}
[2008/05/21 15:53:59 | 000,000,000 | ---D | M] ("glowygold") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{ba264dc0-3752-11db-a98b-0800200c9a66}
[2009/08/17 08:25:31 | 000,000,000 | ---D | M] (HalloFF) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}
[2009/05/14 07:34:28 | 000,000,000 | ---D | M] (Miint) -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
[2008/05/21 15:54:22 | 000,000,000 | ---D | M] ("glowywine") -- C:\Users\Dk & TJ\AppData\Roaming\mozilla\Firefox\Profiles\avzn3j3y.default\extensions\{f9e9aa30-1842-11db-ac5d-0800200c9a66}
[2008/02/06 11:02:12 | 000,001,878 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Mozilla\Firefox\Profiles\avzn3j3y.default\searchplugins\aolsearch.xml
[2010/09/27 10:23:51 | 000,001,196 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Mozilla\Firefox\Profiles\avzn3j3y.default\searchplugins\winamp-search.xml
[2011/08/17 10:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 09:11:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 08:42:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 08:37:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/15 09:26:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/11 22:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/17 09:51:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found
O24 - Desktop WallPaper: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 16:23:48 | 000,000,000 | ---D | C] -- C:\Users\Dk & TJ\AppData\Roaming\Avira
[2011/08/18 15:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/18 14:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/18 14:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/18 13:47:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/18 08:47:02 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Dk & TJ\Desktop\OTL.exe
[2011/08/17 13:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/08/17 13:11:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/08/17 13:11:21 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/17 13:11:21 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/17 13:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/17 13:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/17 12:07:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/17 11:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/08/17 11:49:50 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2011/08/17 11:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/08/17 11:18:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/17 11:18:42 | 000,000,000 | ---D | C] -- C:\Users\Dk & TJ\AppData\Local\temp
[2011/08/17 11:16:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/17 09:35:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/17 09:35:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/17 09:35:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/17 09:23:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/16 07:41:34 | 000,491,916 | R--- | C] (Swearware) -- C:\Users\Dk & TJ\Desktop\dds(2).exe
[2011/08/11 03:15:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 03:15:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 03:15:01 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 03:15:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 03:14:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:53:16 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:52:59 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:52:58 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 09:46:41 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2011/08/10 08:54:31 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011/08/09 17:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/08/09 17:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\SDistTest
[2011/08/09 13:51:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/09 13:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/09 13:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/28 10:54:12 | 000,000,000 | ---D | C] -- C:\Users\Dk & TJ\AppData\Roaming\FileZilla
[2011/07/28 10:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/07/28 10:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client

========== Files - Modified Within 30 Days ==========

[2011/08/19 07:28:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 07:28:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 14:58:25 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/18 13:29:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/08/18 13:28:56 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/18 13:28:56 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/08/18 13:28:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/18 13:25:22 | 000,000,129 | ---- | M] () -- C:\Users\Dk & TJ\jagex_runescape_preferences2.dat
[2011/08/18 13:25:22 | 000,000,046 | ---- | M] () -- C:\Users\Dk & TJ\jagex_runescape_preferences.dat
[2011/08/18 13:14:31 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/18 13:14:31 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/18 08:47:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Dk & TJ\Desktop\OTL.exe
[2011/08/17 13:11:30 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/17 12:08:06 | 000,642,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/17 12:08:06 | 000,119,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/17 11:49:58 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/08/17 10:29:59 | 000,000,830 | ---- | M] () -- C:\Users\Dk & TJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/17 10:29:59 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/17 09:51:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/17 09:34:58 | 000,000,546 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\ComboFix - Shortcut.lnk
[2011/08/16 08:58:42 | 000,334,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/16 07:41:37 | 000,491,916 | R--- | M] (Swearware) -- C:\Users\Dk & TJ\Desktop\dds(2).exe
[2011/08/14 12:49:06 | 000,013,806 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\wklnhst.dat
[2011/08/12 13:30:29 | 000,026,112 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\bof and outside inventory.xlr
[2011/08/10 12:27:09 | 008,586,406 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110810-122646.cab
[2011/08/10 12:26:47 | 000,354,534 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110810-122646.png
[2011/08/09 13:49:41 | 000,000,873 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/09 13:49:05 | 000,000,674 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\ERUNT.lnk
[2011/08/06 17:17:14 | 001,386,086 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110806-171712.cab
[2011/08/06 17:17:14 | 001,378,552 | ---- | M] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110806-171712.png
[2011/07/25 15:09:48 | 000,073,728 | ---- | M] () -- C:\Users\Dk & TJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/25 15:06:50 | 000,180,224 | ---- | M] () -- C:\Windows\System32\WinVd32.sys
[2011/07/21 19:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/21 19:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/21 19:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/21 19:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/21 19:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

========== Files Created - No Company Name ==========

[2011/08/18 14:58:25 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/18 14:58:25 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/17 13:11:30 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/17 11:50:06 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/08/17 11:50:06 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/17 11:50:06 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/08/17 11:49:58 | 000,001,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/08/17 11:49:58 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/08/17 10:29:59 | 000,000,830 | ---- | C] () -- C:\Users\Dk & TJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/17 10:29:59 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/17 10:29:59 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/17 09:35:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/17 09:35:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/17 09:35:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/17 09:35:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/17 09:35:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/17 09:34:58 | 000,000,546 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\ComboFix - Shortcut.lnk
[2011/08/10 12:27:09 | 008,586,406 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110810-122646.cab
[2011/08/10 12:26:46 | 000,354,534 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110810-122646.png
[2011/08/09 13:49:41 | 000,000,873 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/09 13:49:05 | 000,000,674 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\ERUNT.lnk
[2011/08/06 17:17:14 | 001,386,086 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\TeamSpybot-20110806-171712.cab
[2011/08/06 17:17:12 | 001,378,552 | ---- | C] () -- C:\Users\Dk & TJ\Desktop\Desktop-20110806-171712.png
[2011/07/25 15:06:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2011/06/28 14:54:45 | 000,000,172 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/06/28 14:53:29 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2009/10/01 16:00:41 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009/09/17 02:14:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 02:14:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/08 10:51:24 | 000,000,680 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\d3d9caps.dat
[2009/05/14 09:23:24 | 000,000,095 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\fusioncache.dat
[2009/04/26 03:16:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/23 16:20:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/05/23 16:20:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/05/23 16:20:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/02/06 09:54:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/05 01:48:16 | 000,073,728 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 01:43:14 | 000,013,806 | ---- | C] () -- C:\Users\Dk & TJ\AppData\Roaming\wklnhst.dat
[2006/11/22 15:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,334,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,642,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,119,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 17:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:52B72A7C

< End of report >

2011-08-19, 19:05

i get an erunt error saying erunt can not back up registry atomaticly
Yes, that's normal with Vista/Windows 7. You may uninstall ERUNT now.

If no issues left, it's time to secure your system to prevent against further intrusions.


Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.

Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

2011-08-20, 00:42
[QUOTE]while I was reading be for you start my computer shut down and restarted. I lost my defrag and disk clean up. I even tried the program search for them no record found.

I thank YOU very much for you help I have learned allot. Can please show me how to get them back

2011-08-20, 00:48
Sorry but I didn't quite understand. What is missing?

2011-08-20, 01:36
Hi sorry for no being clear My disc clean up and De-frag That you normally find in system tools

2011-08-20, 12:44

If you right click hard drive icon in Computer window (click start->computer) and select properties do you see disk cleanup button on general tab and defragment now button on tools tab?

2011-08-20, 18:57
thank You very much for all you're help:thanks:

2011-08-20, 19:31
You're welcome :)

Were you able to locate those two items there?

2011-08-27, 18:56
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.