View Full Version : resolved
I had several trojans which I cleaned from my system which is running Windows XP Pro, SP3. The main one was a Fraud Security Program. I cleaned them by running Malwarebyte, Spybot, MS Virus Scan, and DTSSKiller. I've also run ATF-Cleaner, SecurityCheck, OLToldtimer, and Hijackthis (logs available).
I continue to have a red shield come up in my systray at each boot up that informs me that Automatic Updates is off. When I restore it with winmgmt stop and start commands, I can re-activate Auto Updates, but everytime shutdown and boot up again, I get the same warning. There must be some residual malware still on my system, but it is not being detected by the suite of virus scans that I listed at the top. Any suggestions?
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by jkusano at 14:24:56 on 2011-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1274 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\jkusano\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [EPSON Stylus C62 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\jkusano\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{A2CD19BA-5024-472C-875F-C75ADBB5B1EC} : DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jkusano\application data\mozilla\firefox\profiles\koivs1g4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=f4sbqg7rr3qop|http://groups.yahoo.com/group/HerndonRestonVAFreecycle/messages?o=1|http://washingtondc.craigslist.org/nva/zip/|http://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=421&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53677
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\jkusano\application data\mozilla\firefox\profiles\koivs1g4.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\jkusano\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\jkusano\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\jkusano\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\jkusano\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Names Dictionary for rikaichan: {566D6332-1439-43bf-857E-7AD5F137AD0C} - %profile%\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\jkusano\application data\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-1-18 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-23 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-1-10 309848]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2009-8-17 9600]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2008-10-27 759072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-10 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-3 42184]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 151552]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S2 gupdate1c9afe93b2de8b8;Google Update Service (gupdate1c9afe93b2de8b8);c:\program files\google\update\GoogleUpdate.exe [2009-3-28 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-5-28 1527900]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-28 133104]
.
=============== Created Last 30 ================
.
2011-07-31 20:25:40 0 ----a-w- c:\documents and settings\jkusano\local settings\application data\bqpp.exe
2011-07-31 20:25:40 0 ----a-w- c:\documents and settings\jkusano\local settings\application data\aqic.exe
2011-07-31 20:25:40 0 ----a-w- c:\documents and settings\all users\application data\tffl.exe
2011-07-31 20:25:40 0 ----a-w- c:\documents and settings\all users\application data\ctoe.exe
2011-07-31 20:25:39 0 ----a-w- c:\documents and settings\jkusano\local settings\application data\vslr.exe
2011-07-31 20:25:39 0 ----a-w- c:\documents and settings\jkusano\local settings\application data\hdwf.exe
2011-07-31 20:25:39 0 ----a-w- c:\documents and settings\all users\application data\polt.exe
2011-07-31 20:25:39 0 ----a-w- c:\documents and settings\all users\application data\gnle.exe
2011-07-31 15:02:05 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-07-31 14:10:23 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2011-07-31 12:52:43 -------- d-----w- c:\program files\Free Easy CD DVD Burner
2011-07-31 12:52:43 -------- d-----w- c:\documents and settings\jkusano\application data\FreeBurner
2011-07-31 00:55:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-31 00:55:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-30 18:53:35 -------- d-sha-r- C:\cmdcons
2011-07-30 18:47:59 98816 ----a-w- c:\windows\sed.exe
2011-07-30 18:47:59 518144 ----a-w- c:\windows\SWREG.exe
2011-07-30 18:47:59 256000 ----a-w- c:\windows\PEV.exe
2011-07-30 18:47:59 208896 ----a-w- c:\windows\MBR.exe
2011-07-30 14:14:54 -------- d-----w- c:\documents and settings\jkusano\local settings\application data\Innovative Solutions
2011-07-30 14:14:54 -------- d-----w- c:\documents and settings\all users\application data\Innovative Solutions
2011-07-30 14:14:47 -------- d-----w- c:\program files\Innovative Solutions
2011-07-29 21:18:49 -------- d-----w- c:\windows\system32\wbem\repository_bad\FS
2011-07-29 21:18:49 -------- d-----w- c:\windows\system32\wbem\Repository_bad
2011-07-24 20:48:47 0 ----a-w- c:\documents and settings\jkusano\local settings\application data\wjgm.exe
2011-07-24 20:48:47 0 ----a-w- c:\documents and settings\jkusano\local settings\application data\vkqx.exe
2011-07-24 20:48:47 0 ----a-w- c:\documents and settings\jkusano\local settings\application data\klvu.exe
2011-07-24 20:48:47 0 ----a-w- c:\documents and settings\all users\application data\gvnt.exe
2011-07-24 20:48:47 0 ----a-w- c:\documents and settings\all users\application data\dppg.exe
2011-07-24 20:48:47 0 ----a-w- c:\documents and settings\all users\application data\djpk.exe
2011-07-24 20:48:46 0 ----a-w- c:\documents and settings\jkusano\local settings\application data\iytg.exe
2011-07-24 20:48:46 0 ----a-w- c:\documents and settings\all users\application data\oxhi.exe
2011-07-23 18:56:23 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-23 18:56:20 40112 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-15 00:16:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:27:30.20 ===============
redcar92
2011-08-14, 01:39
Hello jkusano and :snwelcome:.
I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.
Please observe these rules while we work: Read the entire procedure It is important to perform ALL actions in sequence. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it. Remember, absence of symptoms does not mean the infection is all gone. Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.
Please bear with me, I will post back to you as soon as I can.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.
Stay with this topic until I give you the all clean post.
redcar92
2011-08-14, 17:21
Greetings jkusano
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Next
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
Logs to post:
aswMBR.txt
OTL.txt
Extras.txt
Bill: Thanks for taking this on for me. I've been away so sorry for the late reply. Here's an update on my situation:
Since my original post I have fixed the Windows Update problem using:
Register the file wuaueng.dll:
Click Start, select Run
Type: regsvr32 wuaueng.dll
Press OK.
FROM: http://www.tomshardware.com/forum/135685-45-automatic-update-disabled
This seemed to do the trick. However, I still think I have some remnants of the original malware. When I run SuperAntiSypware Free Edition, I'm getting a virus called System.Broken.File Association (HKCR\exe). Even though I try to eliminate it, it's back every time I run SAS. So if you can help track this down, I would appreciate it. I've attached the logs you asked for below:
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-16 21:10:54
-----------------------------
21:10:54.062 OS Version: Windows 5.1.2600 Service Pack 3
21:10:54.062 Number of processors: 2 586 0x6B01
21:10:54.062 ComputerName: DAD-NEW UserName: jkusano
21:10:55.375 Initialize success
21:10:56.000 AVAST engine defs: 11081601
21:11:08.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:11:08.750 Disk 0 Vendor: WDC_WD5000AAKS-00YGA0 12.01C02 Size: 476940MB BusType: 3
21:11:10.765 Disk 0 MBR read successfully
21:11:10.781 Disk 0 MBR scan
21:11:10.828 Disk 0 Windows XP default MBR code
21:11:10.843 Disk 0 scanning sectors +976768065
21:11:10.906 Disk 0 scanning C:\WINDOWS\system32\drivers
21:11:20.921 Service scanning
21:11:22.062 Modules scanning
21:11:26.437 Disk 0 trace - called modules:
21:11:26.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:11:26.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a842ab8]
21:11:26.468 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a86f510]
21:11:26.468 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a86e940]
21:11:27.312 AVAST engine scan C:\WINDOWS
21:11:40.703 AVAST engine scan C:\WINDOWS\system32
21:13:08.296 AVAST engine scan C:\WINDOWS\system32\drivers
21:13:26.187 AVAST engine scan C:\Documents and Settings\jkusano
21:24:57.593 AVAST engine scan C:\Documents and Settings\All Users
21:27:11.812 Scan finished successfully
21:27:47.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jkusano\Desktop\Antivirus-Tools\MBR.dat"
21:27:47.515 The log file has been saved successfully to "C:\Documents and Settings\jkusano\Desktop\Antivirus-Tools\aswMBR.txt"
OTL logfile created on: 8/17/2011 10:12:41 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\jkusano\Desktop\Antivirus-Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.25% Memory free
3.35 Gb Paging File | 2.51 Gb Available in Paging File | 74.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 114.99 Gb Free Space | 24.69% Space Free | Partition Type: NTFS
Drive E: | 114.49 Gb Total Space | 101.02 Gb Free Space | 88.23% Space Free | Partition Type: NTFS
Drive F: | 298.08 Gb Total Space | 41.49 Gb Free Space | 13.92% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 177.05 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
Computer Name: DAD-NEW | User Name: jkusano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\jkusano\Desktop\Antivirus-Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
PRC - C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)
PRC - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11081700\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11081601\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11081700\aswRep.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11081601\aswRep.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\mmfinfo.dll ()
MOD - C:\WINDOWS\system32\mkunicode.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
========== Win32 Services (SafeList) ==========
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.)
========== Driver Services (SafeList) ==========
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (ISODisk) -- C:\WINDOWS\System32\drivers\ISODisk.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 A7 1F 02 59 3F 1B 49 88 92 43 7A F6 E3 DB E7 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50ie7&query="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ver"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ver"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch.co/?tmp=toolbar_FLVTube_results&prt=flvtubetb&clid=6423e0fea157460b93368a6e185c32e7&subid=1970&Keywords={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=f4sbqg7rr3qop|http://groups.yahoo.com/group/HerndonRestonVAFreecycle/messages?o=1|http://washingtondc.craigslist.org/nva/zip/|http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.10
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=421&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53677
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\jkusano\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\jkusano\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\jkusano\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\jkusano\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\jkusano\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 05:45:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/07 08:13:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\jkusano\Application Data\Move Networks [2010/02/27 21:01:05 | 000,000,000 | ---D | M]
[2011/07/31 10:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Extensions
[2011/08/16 20:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions
[2011/06/25 14:14:06 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/04/27 18:05:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/01 20:51:24 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2009/12/05 19:05:43 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2011/05/30 07:21:58 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/01/29 11:40:22 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2011/05/30 07:21:54 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\rikaichan-jpen@polarcloud.com
[2011/07/31 08:52:49 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\searchplugins\SearchResults.xml
[2011/08/16 20:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/07 08:13:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/02/27 21:01:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\JKUSANO\APPLICATION DATA\MOVE NETWORKS
[2011/08/07 08:12:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/11/06 19:44:40 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2008/11/06 19:44:46 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2008/11/06 19:46:28 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/01/26 14:23:08 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2008/11/06 19:44:58 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/08/07 08:12:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010/10/10 15:33:16 | 000,001,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\FLVTube.xml.bak
[2011/07/31 08:52:49 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O1 HOSTS File: ([2011/07/30 15:07:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\jkusano\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\jkusano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jkusano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/10 16:12:30 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/05 20:26:36 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011/08/16 21:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\Desktop\Antivirus-Tools
[2011/08/13 16:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\My Documents\My Library
[2011/08/13 16:32:24 | 000,057,436 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\DASShp.dll
[2011/08/13 16:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Reader
[2011/08/12 16:42:59 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/12 16:42:40 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/12 16:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\Application Data\SUPERAntiSpyware.com
[2011/08/12 16:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/12 16:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/12 16:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/07 08:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/08/07 08:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/07 08:13:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/08/07 08:13:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/07 08:13:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/07 08:13:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/07 08:13:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/06 14:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/08/06 14:53:37 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/08/06 14:53:37 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/08/06 14:53:34 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/06 14:53:34 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/08/06 14:53:33 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/06 14:53:32 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/06 14:53:32 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/06 14:53:32 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/06 14:53:20 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/06 14:53:19 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/06 14:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/06 14:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/06 11:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/08/06 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/04 20:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\Start Menu\Programs\Google Chrome
[2011/08/03 19:25:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/31 11:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate
[2011/07/31 11:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/07/31 10:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/07/31 08:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\Application Data\FreeBurner
[2011/07/31 08:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2011/07/31 08:14:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/30 14:53:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/30 14:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/30 10:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\My Documents\My Drivers
[2011/07/30 10:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\Local Settings\Application Data\Innovative Solutions
[2011/07/30 10:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/07/30 10:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
[2011/07/30 10:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2011/07/20 19:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate Dashboard
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2049/12/31 16:00:00 | 002,179,807 | ---- | M] () -- C:\Documents and Settings\jkusano\My Documents\Engagement_pictures.zip
[2049/12/31 16:00:00 | 002,115,837 | ---- | M] () -- C:\Documents and Settings\jkusano\My Documents\card.jpg
[2011/08/17 10:11:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003UA.job
[2011/08/17 09:47:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/17 09:10:03 | 000,241,152 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/17 06:52:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/17 06:51:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/17 06:51:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/08/17 06:51:34 | 000,206,824 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/17 06:51:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/17 06:51:07 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/16 20:11:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003Core.job
[2011/08/14 07:48:05 | 000,309,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/13 16:32:27 | 000,001,562 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Reader.lnk
[2011/08/13 14:18:48 | 012,081,326 | ---- | M] () -- C:\Documents and Settings\jkusano\My Documents\bikemap_side2.pdf
[2011/08/13 08:42:22 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\jkusano\NTUSER.bak
[2011/08/12 18:41:05 | 000,435,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/12 18:41:05 | 000,068,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/12 18:38:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/10 19:42:48 | 000,002,310 | ---- | M] () -- C:\Documents and Settings\jkusano\Desktop\Google Chrome.lnk
[2011/08/10 19:42:48 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\jkusano\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/07 08:12:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/08/07 08:12:54 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/07 08:12:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/07 08:12:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/07 08:12:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/06 15:23:47 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\jkusano\Desktop\OverDrive Media Console.lnk
[2011/08/06 14:53:38 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/06 14:53:33 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/06 14:33:43 | 000,005,000 | ---- | M] () -- C:\Documents and Settings\jkusano\My Documents\attach.zip
[2011/08/06 11:30:24 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\jkusano\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/31 17:26:07 | 000,016,224 | -HS- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\168175j0mnie0u75x283n507gj21bv81m4c1b
[2011/07/31 17:26:07 | 000,016,224 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\168175j0mnie0u75x283n507gj21bv81m4c1b
[2011/07/31 17:25:38 | 000,000,362 | RHS- | M] () -- C:\boot.ini
[2011/07/31 16:25:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\tffl.exe
[2011/07/31 16:25:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ctoe.exe
[2011/07/31 16:25:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\bqpp.exe
[2011/07/31 16:25:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\aqic.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\vslr.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\polt.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\hdwf.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gnle.exe
[2011/07/31 11:03:03 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2011/07/31 08:53:06 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\jkusano\Desktop\Free Easy Burner.lnk
[2011/07/30 15:07:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/30 15:00:34 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\jkusano\Desktop\Shortcut to ComboFix.exe.lnk
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\wjgm.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\vkqx.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\klvu.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gvnt.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dppg.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\djpk.exe
[2011/07/24 16:48:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\oxhi.exe
[2011/07/24 16:48:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\iytg.exe
[2011/07/23 17:30:38 | 005,898,333 | ---- | M] () -- C:\Documents and Settings\jkusano\My Documents\Chapt 17c.mp3
[2011/07/23 17:06:51 | 020,817,387 | ---- | M] () -- C:\Documents and Settings\jkusano\My Documents\Chpt17ab.mp3
[2011/07/20 19:20:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/13 16:32:27 | 000,001,562 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Reader.lnk
[2011/08/13 16:32:24 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Reader.lnk
[2011/08/13 14:18:47 | 012,081,326 | ---- | C] () -- C:\Documents and Settings\jkusano\My Documents\bikemap_side2.pdf
[2011/08/06 14:53:38 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/06 14:33:43 | 000,005,000 | ---- | C] () -- C:\Documents and Settings\jkusano\My Documents\attach.zip
[2011/08/06 11:30:24 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\jkusano\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/04 20:06:59 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\jkusano\Desktop\Google Chrome.lnk
[2011/08/04 20:06:59 | 000,002,288 | ---- | C] () -- C:\Documents and Settings\jkusano\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/04 20:06:29 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003UA.job
[2011/08/04 20:06:29 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003Core.job
[2011/07/31 16:25:40 | 000,016,224 | -HS- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\168175j0mnie0u75x283n507gj21bv81m4c1b
[2011/07/31 16:25:40 | 000,016,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\168175j0mnie0u75x283n507gj21bv81m4c1b
[2011/07/31 16:25:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tffl.exe
[2011/07/31 16:25:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ctoe.exe
[2011/07/31 16:25:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\bqpp.exe
[2011/07/31 16:25:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\aqic.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\vslr.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\polt.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\hdwf.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gnle.exe
[2011/07/31 11:03:03 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2011/07/30 15:00:34 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\jkusano\Desktop\Shortcut to ComboFix.exe.lnk
[2011/07/30 14:53:42 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2011/07/30 14:53:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/24 16:48:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\wjgm.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\vkqx.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\klvu.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gvnt.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dppg.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\djpk.exe
[2011/07/24 16:48:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oxhi.exe
[2011/07/24 16:48:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\iytg.exe
[2011/07/23 17:29:39 | 005,898,333 | ---- | C] () -- C:\Documents and Settings\jkusano\My Documents\Chapt 17c.mp3
[2011/07/23 17:04:19 | 020,817,387 | ---- | C] () -- C:\Documents and Settings\jkusano\My Documents\Chpt17ab.mp3
[2011/07/20 19:20:02 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
[2011/07/16 09:41:56 | 000,016,224 | -HS- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\78u2g53hy0743d083w3apg5b870o2m7iq
[2011/07/16 09:41:56 | 000,016,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\78u2g53hy0743d083w3apg5b870o2m7iq
[2011/07/16 09:41:51 | 000,004,224 | ---- | C] () -- C:\Documents and Settings\jkusano\Application Data\3B3A.6DF
[2011/07/09 09:39:16 | 000,016,900 | -HS- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\im5e62l026uv
[2011/07/09 09:39:16 | 000,016,900 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\im5e62l026uv
[2011/06/12 13:55:46 | 000,000,285 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/28 07:36:08 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21028644r
[2011/05/28 07:36:08 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21028644
[2011/05/28 07:35:52 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\21028644
[2011/02/18 21:17:22 | 000,069,812 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/13 15:45:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2011/02/13 15:45:00 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/01/22 13:13:08 | 000,881,968 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/27 13:38:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2010/11/25 10:26:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/06 23:06:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/11/06 21:49:03 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/11/06 21:48:34 | 000,000,841 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/11/06 21:48:34 | 000,000,462 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/11/06 21:48:34 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/11/06 21:48:34 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/11/06 21:48:34 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2010/11/06 21:47:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/11/06 21:45:06 | 000,027,513 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/12/12 09:24:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/10/19 14:25:08 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/23 07:17:30 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/08/17 15:30:23 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys
[2009/08/15 20:06:36 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2009/08/09 19:53:42 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/08/01 17:21:33 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/01 16:55:55 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/05/28 17:53:13 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/05/28 17:52:28 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/03/07 16:28:46 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/02/08 17:43:57 | 000,008,179 | ---- | C] () -- C:\WINDOWS\lviewp.ini
[2009/01/19 14:08:36 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/19 14:08:36 | 000,686,085 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2009/01/19 14:08:36 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/01/19 14:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009/01/19 14:08:36 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/01/19 14:08:36 | 000,054,919 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2009/01/11 16:09:47 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/01/10 22:02:34 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/01/10 21:37:15 | 000,241,152 | ---- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/10 18:10:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/10 18:10:43 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/01/10 18:10:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/01/10 16:18:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/10 16:14:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/10 16:09:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/10 10:45:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/10 10:36:29 | 000,309,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/28 12:59:44 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/28 11:51:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/28 11:50:50 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/12/28 11:49:08 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/26 01:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/26 01:08:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/12/26 01:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/26 01:08:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/12/26 01:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/26 01:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/12/26 01:08:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/12/26 01:08:00 | 000,432,672 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/12/12 12:57:38 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/12/09 14:57:26 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/12/09 14:57:18 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/12/09 14:57:02 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/12/09 14:56:34 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/12/08 09:37:04 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/08 08:53:40 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/08 08:53:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/26 15:55:22 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/11/26 14:49:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/11/15 14:02:26 | 001,866,670 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/07/09 04:05:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2008/04/05 13:53:24 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\avsfilter.dll
[2008/03/29 11:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 11:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 11:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 11:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 11:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 11:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 11:42:02 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2008/03/29 11:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 11:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 11:42:00 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2008/03/29 11:41:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2008/03/29 11:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 11:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 11:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2005/11/07 18:32:46 | 003,088,384 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-4.dll
[2005/11/04 22:57:14 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/09/12 23:09:34 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\AvsRecursion.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/30 00:44:56 | 001,627,136 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2004/01/23 22:35:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avisynth_c.dll
[2003/08/07 15:01:50 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/03/04 10:16:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
========== LOP Check ==========
[2010/02/03 20:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/06 14:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/01/10 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/07/31 10:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/07/30 10:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/06/21 11:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2011/04/05 19:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/01/17 16:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/11/06 21:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/04 09:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/08/15 11:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/02/14 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30}
[2011/02/12 13:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/22 07:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/18 22:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\.minecraft
[2011/08/17 10:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Azureus
[2011/05/30 09:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Canon
[2011/07/31 08:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\FreeBurner
[2009/11/27 17:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\GARMIN
[2009/02/14 18:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\ICAClient
[2011/02/15 21:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\InfraRecorder
[2010/11/26 07:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Leadertech
[2009/05/28 17:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\MAGIX
[2009/08/08 16:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Megaupload
[2009/11/22 07:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\OverDrive
[2011/01/22 11:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Research In Motion
[2009/08/15 11:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\ScanSoft
[2010/11/26 07:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Seagate
[2009/02/14 17:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Seven Zip
[2009/08/02 15:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Sony
[2009/08/02 15:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Sony Setup
[2010/12/27 13:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\TechWizard
[2009/01/26 14:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\webex
[2011/08/17 06:51:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/27 21:30:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/02/27 21:30:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/27 21:30:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/02/27 21:30:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/01/10 10:35:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/01/10 10:35:04 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/01/10 10:35:04 | 000,925,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< End of report > OLT Extras.txt will be posted separately
Bill: Here's the 3rd report you asked for.
OTL Extras logfile created on: 8/17/2011 10:12:41 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\jkusano\Desktop\Antivirus-Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.25% Memory free
3.35 Gb Paging File | 2.51 Gb Available in Paging File | 74.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 114.99 Gb Free Space | 24.69% Space Free | Partition Type: NTFS
Drive E: | 114.49 Gb Total Space | 101.02 Gb Free Space | 88.23% Space Free | Partition Type: NTFS
Drive F: | 298.08 Gb Total Space | 41.49 Gb Free Space | 13.92% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 177.05 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
Computer Name: DAD-NEW | User Name: jkusano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57945:TCP" = 57945:TCP:*:Enabled:Pando Media Booster
"57945:UDP" = 57945:UDP:*:Enabled:Pando Media Booster
"58281:TCP" = 58281:TCP:*:Enabled:Pando Media Booster
"58281:UDP" = 58281:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57945:TCP" = 57945:TCP:*:Enabled:Pando Media Booster
"57945:UDP" = 57945:UDP:*:Enabled:Pando Media Booster
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"58281:TCP" = 58281:TCP:*:Enabled:Pando Media Booster
"58281:UDP" = 58281:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe" = C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe" = C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe:*:Enabled:SeagateHipServAgent -- (Axentra Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1392DCA3-6331-4120-B58E-257F44949574}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8830 smartphone
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40A6C96D-808E-41DD-8716-617AB6B0F1F1}" = Brother MFL-Pro Suite
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{567C5FE9-17AC-4D5D-99FD-1AC0FC43977C}" = OverDrive Media Console
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AEC97C4-ACCF-4759-A524-8E15C478E43B}" = Media Go
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C9E636-4A53-482D-B42C-58D9CE758997}" = WebEx Meeting Manager for Firefox/Netscape/Chrome
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype 5.3
"{E088AC54-7379-4C8F-A8B6-D2381E5A1172}" = Manual CanoScan 3000,3000F
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"afreeCodecVT2" = afreeCodecVT
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Standard) 7.2.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Digital Editions" = Adobe Digital Editions
"DMX5_is1" = DriverMax 5
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 1443] [2007-08-29]
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition
"Free Easy Burner_is1" = Free Easy Burner V 5.0
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MediaJoin" = MediaJoin
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 3.4.0
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PCFriendly" = PCFriendly
"RealPlayer 12.0" = RealPlayer
"SMPlayer" = SMPlayer 0.6.7
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"VLC media player" = VLC media player 1.1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"XviD4PSP5" = XviD4PSP 5.0
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/12/2011 7:46:07 PM | Computer Name = DAD-NEW | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msxml3.dll, version 8.100.1052.0, fault address 0x000a1425.
Error - 8/13/2011 6:40:02 PM | Computer Name = DAD-NEW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/13/2011 6:40:02 PM | Computer Name = DAD-NEW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2015
Error - 8/13/2011 6:40:02 PM | Computer Name = DAD-NEW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2015
Error - 8/16/2011 8:32:24 PM | Computer Name = DAD-NEW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/16/2011 8:32:24 PM | Computer Name = DAD-NEW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1984
Error - 8/16/2011 8:32:24 PM | Computer Name = DAD-NEW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1984
Error - 8/16/2011 9:07:30 PM | Computer Name = DAD-NEW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/16/2011 9:07:30 PM | Computer Name = DAD-NEW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2108312
Error - 8/16/2011 9:07:30 PM | Computer Name = DAD-NEW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2108312
[ OSession Events ]
Error - 7/15/2011 9:09:30 AM | Computer Name = DAD-NEW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2592
seconds with 900 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 8/16/2011 2:41:45 PM | Computer Name = DAD-NEW | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {E367E1A1-E917-11D0-AF5F-00A02448799A}
as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE
-Embedding
Error - 8/16/2011 2:41:45 PM | Computer Name = DAD-NEW | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE
-Embedding
Error - 8/16/2011 3:12:11 PM | Computer Name = DAD-NEW | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {E367E1A1-E917-11D0-AF5F-00A02448799A}
as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE
-Embedding
Error - 8/16/2011 3:12:11 PM | Computer Name = DAD-NEW | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE
-Embedding
Error - 8/16/2011 9:07:43 PM | Computer Name = DAD-NEW | Source = PlugPlayManager | ID = 12
Description = The device 'MAXTOR STM3320620A' (IDE\DiskMAXTOR_STM3320620A______________________3.AAE___\5&3767b948&0&0.1.0)
disappeared from the system without first being prepared for removal.
Error - 8/16/2011 9:07:53 PM | Computer Name = DAD-NEW | Source = PlugPlayManager | ID = 12
Description = The device 'Maxtor 6Y120P0' (IDE\DiskMaxtor_6Y120P0__________________________YAR41BW0\335931323647454b202020202020202020202020)
disappeared from the system without first being prepared for removal.
Error - 8/17/2011 6:52:45 AM | Computer Name = DAD-NEW | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {E367E1A1-E917-11D0-AF5F-00A02448799A}
as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE
-Embedding
Error - 8/17/2011 6:52:45 AM | Computer Name = DAD-NEW | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE
-Embedding
Error - 8/17/2011 10:15:21 AM | Computer Name = DAD-NEW | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {E367E1A1-E917-11D0-AF5F-00A02448799A}
as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE
-Embedding
Error - 8/17/2011 10:15:21 AM | Computer Name = DAD-NEW | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE
-Embedding
< End of report >
redcar92
2011-08-18, 02:07
Greetings jkusano
I am glad to hear that you have fixed some of you woes.
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
FF - prefs.js..network.proxy.http - 127.0.0.1
FF - prefs.js..network.proxy.http_port - 53677
[2011/07/31 17:26:07 | 000,016,224 | -HS- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\168175j0mnie0u75x283n507gj21bv81m4c1b
[2011/07/31 17:26:07 | 000,016,224 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\168175j0mnie0u75x283n507gj21bv81m4c1b
[2011/07/31 16:25:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\tffl.exe
[2011/07/31 16:25:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ctoe.exe
[2011/07/31 16:25:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\bqpp.exe
[2011/07/31 16:25:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\aqic.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\vslr.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\polt.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\hdwf.exe
[2011/07/31 16:25:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gnle.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\wjgm.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\vkqx.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\klvu.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gvnt.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dppg.exe
[2011/07/24 16:48:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\djpk.exe
[2011/07/24 16:48:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\oxhi.exe
[2011/07/24 16:48:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\iytg.exe
[2011/07/16 09:41:56 | 000,016,224 | -HS- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\78u2g53hy0743d083w3apg5b870o2m7iq
[2011/07/16 09:41:56 | 000,016,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\78u2g53hy0743d083w3apg5b870o2m7iq
[2011/07/16 09:41:51 | 000,004,224 | ---- | C] () -- C:\Documents and Settings\jkusano\Application Data\3B3A.6DF
[2011/07/09 09:39:16 | 000,016,900 | -HS- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\im5e62l026uv
[2011/07/09 09:39:16 | 000,016,900 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\im5e62l026uv
[2011/05/28 07:36:08 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21028644r
[2011/05/28 07:36:08 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21028644
[2011/05/28 07:35:52 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\21028644
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
All processes killed
========== OTL ==========
Prefs.js: prefs.js..network.proxy.http - 127.0.0.1 removed from
Prefs.js: prefs.js..network.proxy.http_port - 53677 removed from
C:\Documents and Settings\jkusano\Local Settings\Application Data\168175j0mnie0u75x283n507gj21bv81m4c1b moved successfully.
C:\Documents and Settings\All Users\Application Data\168175j0mnie0u75x283n507gj21bv81m4c1b moved successfully.
C:\Documents and Settings\All Users\Application Data\tffl.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ctoe.exe moved successfully.
C:\Documents and Settings\jkusano\Local Settings\Application Data\bqpp.exe moved successfully.
C:\Documents and Settings\jkusano\Local Settings\Application Data\aqic.exe moved successfully.
C:\Documents and Settings\jkusano\Local Settings\Application Data\vslr.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\polt.exe moved successfully.
C:\Documents and Settings\jkusano\Local Settings\Application Data\hdwf.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\gnle.exe moved successfully.
C:\Documents and Settings\jkusano\Local Settings\Application Data\wjgm.exe moved successfully.
C:\Documents and Settings\jkusano\Local Settings\Application Data\vkqx.exe moved successfully.
C:\Documents and Settings\jkusano\Local Settings\Application Data\klvu.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\gvnt.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\dppg.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\djpk.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\oxhi.exe moved successfully.
C:\Documents and Settings\jkusano\Local Settings\Application Data\iytg.exe moved successfully.
C:\Documents and Settings\jkusano\Local Settings\Application Data\78u2g53hy0743d083w3apg5b870o2m7iq moved successfully.
C:\Documents and Settings\All Users\Application Data\78u2g53hy0743d083w3apg5b870o2m7iq moved successfully.
C:\Documents and Settings\jkusano\Application Data\3B3A.6DF moved successfully.
C:\Documents and Settings\jkusano\Local Settings\Application Data\im5e62l026uv moved successfully.
C:\Documents and Settings\All Users\Application Data\im5e62l026uv moved successfully.
C:\Documents and Settings\All Users\Application Data\~21028644r moved successfully.
C:\Documents and Settings\All Users\Application Data\~21028644 moved successfully.
C:\Documents and Settings\All Users\Application Data\21028644 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3457887 bytes
->Flash cache emptied: 41661 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: jkusano
->Temp folder emptied: 12250378 bytes
->Temporary Internet Files folder emptied: 35377785 bytes
->Java cache emptied: 7808416 bytes
->FireFox cache emptied: 127097845 bytes
->Google Chrome cache emptied: 337258889 bytes
->Flash cache emptied: 324424 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49714 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15803936 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3825262085 bytes
Total Files Cleaned = 4,165.00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 08192011_180305
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_4e8.dat moved successfully.
Registry entries deleted on Reboot...
redcar92
2011-08-20, 03:09
I apologize, I forgot to ask, how is your PC behaving now?
Bill: Seems to be fine. However, when I run SuperAntiSpyware, I still get a virus, HKCR\exe (System.Broken.File.Association). It appears that I am removing it or quarantining it, but it still comes back every time I run SAS. I'm thinking it's a false positive? Are you seeing anything a miss?...Thanks
redcar92
2011-08-20, 21:22
Greetings jkusano
Download SAS_fixexefile.com from here (http://www.superantispyware.com/downloads/SAS_FixEXEfile.com) to your desktop.
Double click to run the file.
When done let me know how it worked and we will continue.
Also you had mentioned earlier that you were having problems with MS updates. Do you still have that problem?
Bill: The SASfix ran successfully.
Since my original post I have fixed the Windows Update problem using:
Register the file wuaueng.dll:
Click Start, select Run
Type: regsvr32 wuaueng.dll
Press OK.
FROM: http://www.tomshardware.com/forum/13...pdate-disabled
Also I ran SAS after the SASfix, and I no longer have the System.Broken.File.Association (HKCR\exe) coming up. So I think I'm good. Thanks for all your help.
redcar92
2011-08-20, 22:47
Jkusno, please don't go yet, there is still more to do to make sure you are as clean as possible and we still need to clean up our tools.
redcar92
2011-08-21, 00:19
Greetings jkusano
You have done an awesome job so far, just a little bit more.
P2P - I see you have P2P software VUZE & Conduit installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation.
This page (http://p2p.malwareremoval.com/) will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/305923-perils-p2p-file-sharing.html).
I would strongly recommend that you uninstall this/these now. You can do so via Control Panel >> Add or Remove Programs.
Next
Your Adobe appears to be down level
Please visit this site (http://www.adobe.com/downloads/) Click on the Adobe Reader icon on the right side and you will be presented with the correct Adobe for your system.
Down load and install this Adobe please.
Next
I see in your logs that you have Malwarebytes installed on your system.
Double click on MalwareBytes, mbam.exe to run it.
If Malwarebytes asks to update click on yes, if you are not asked.
Click on the Update tab then click on Check for updates.
After updates finish, click on the Scanner tab. Select Perform quick scan.
Click on Scan button.
When finished copy/paste the contents of mbam.txt into your next post please.
Next
Please use Internet Explorer to download and run the following scan: Eset Online Scanner
(http://www.eset.com/onlinescan/)
Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button.
Click Start. The scanner engine will initialize and update.
Do Not place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes if there are any infections you will see a List of found threats.
Click Export to text file
Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
If no threats are found there will be no list, this is good, just tell me that no threats were found.
Logs to post:
mbam.txt
results of ESET scan.
Bill: Here's the 2 logs you requested:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7529
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/21/2011 4:47:39 PM
mbam-log-2011-08-21 (16-47-39).txt
Scan type: Quick scan
Objects scanned: 186543
Time elapsed: 4 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
EST Log
C:\Documents and Settings\jkusano\My Documents\My Downloads\Setup_FreeBurner.exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\jkusano\My Documents\Setup Files\Setup_FreeBurnerN.exe Win32/Adware.Toolbar.Dealio application
F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetSpeedMonitor.zip Win32/Bagle.gen.zip worm
F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamyy.zip Win32/Bagle.gen.zip worm
redcar92
2011-08-22, 02:13
Greetings jkusano
There are a couple of file that there may still be a problem, so we shall continue.
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***
Download Combofix from any of the links below. Save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i1176.photobucket.com/albums/x337/redcar92/WTT/CF/CFRCNeeded.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i1176.photobucket.com/albums/x337/redcar92/WTT/CF/CF2.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
redcar92
2011-08-25, 02:46
Hey jkusano are you still with me, do you need assist with Combofix?
Bill: I plan to run it FRI. I got tied up, sorry
redcar92
2011-08-26, 02:53
Thanks for the heads up. :bigthumb:
Bill: ComboFix ran OK. Here's the log:
ComboFix 11-08-26.04 - jkusano 08/26/2011 10:14:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1403 [GMT -4:00]
Running from: c:\documents and settings\jkusano\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jkusano\Templates\ackr.exe
c:\documents and settings\jkusano\Templates\fsyx.exe
c:\documents and settings\jkusano\Templates\sccw.exe
c:\documents and settings\jkusano\Templates\wqif.exe
c:\windows\system32\comct332.ocx
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-24 19:39 . 2011-08-24 19:39 388096 ----a-r- c:\documents and settings\jkusano\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-24 19:39 . 2011-08-24 19:39 -------- d-----w- c:\program files\HJThis
2011-08-21 19:19 . 2011-08-21 19:19 -------- d-----w- c:\program files\ESET
2011-08-20 18:07 . 2011-08-20 19:24 -------- d-----w- c:\program files\Monkey's Audio
2011-08-20 18:07 . 2011-04-17 01:08 446464 ----a-w- c:\windows\system32\MACDll.dll
2011-08-19 22:03 . 2011-08-19 22:03 -------- d-----w- C:\_OTL
2011-08-13 20:32 . 2011-08-13 20:32 -------- d-----w- c:\program files\Microsoft Reader
2011-08-13 20:32 . 2003-06-05 21:15 57436 ----a-w- c:\windows\DASShp.dll
2011-08-13 20:32 . 2003-05-23 04:15 217174 ----a-w- c:\program files\Common Files\Microsoft Shared\ClearType\ctras.dll
2011-08-12 20:42 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-12 20:42 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-12 20:23 . 2011-08-12 20:23 -------- d-----w- c:\documents and settings\jkusano\Application Data\SUPERAntiSpyware.com
2011-08-12 20:22 . 2011-08-19 19:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-12 20:22 . 2011-08-12 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-07 12:13 . 2011-08-07 12:13 -------- d-----w- c:\program files\Common Files\Java
2011-08-07 12:13 . 2011-08-07 12:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-07 12:13 . 2011-08-07 12:12 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-07 12:13 . 2011-08-07 12:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-06 18:53 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-06 18:53 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-06 18:53 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-06 18:53 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-06 18:53 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-06 18:53 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-06 18:53 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-06 18:53 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-06 18:53 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-06 18:53 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-06 18:53 . 2011-08-06 18:53 -------- d-----w- c:\program files\AVAST Software
2011-08-06 18:53 . 2011-08-06 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-06 15:30 . 2011-08-06 15:30 -------- d-----w- c:\program files\ERUNT
2011-07-31 15:02 . 2011-07-31 15:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-07-31 14:10 . 2011-07-31 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-07-31 12:52 . 2011-07-31 12:53 -------- d-----w- c:\documents and settings\jkusano\Application Data\FreeBurner
2011-07-31 12:52 . 2011-07-31 12:53 -------- d-----w- c:\program files\Free Easy CD DVD Burner
2011-07-31 00:55 . 2011-07-31 00:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-30 14:14 . 2011-07-30 14:14 -------- d-----w- c:\documents and settings\jkusano\Local Settings\Application Data\Innovative Solutions
2011-07-30 14:14 . 2011-07-30 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2011-07-30 14:14 . 2011-07-30 14:14 -------- d-----w- c:\program files\Innovative Solutions
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2010-01-18 13:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-01-18 13:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2009-01-10 20:08 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-15 00:16 . 2011-05-18 00:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2008-11-06 23:44 . 2008-11-06 23:44 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-06 23:44 . 2008-11-06 23:44 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-11-06 23:46 . 2008-11-06 23:46 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-08-16 22:42 . 2008-08-16 22:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2008-08-16 22:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2008-08-16 22:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-01-26 18:23 . 2009-01-26 18:23 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"EPSON Stylus C62 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" [2002-04-10 74240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\jkusano\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 14:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-06-03 15:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-09-30 23:01 16864768 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57945:TCP"= 57945:TCP:Pando Media Booster
"57945:UDP"= 57945:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"58281:TCP"= 58281:TCP:Pando Media Booster
"58281:UDP"= 58281:UDP:Pando Media Booster
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/18/2010 5:37 PM 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/6/2011 2:53 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/6/2011 2:53 PM 309848]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [8/17/2009 3:30 PM 9600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/10/2011 7:57 PM 116608]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [10/27/2008 6:03 PM 759072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/6/2011 2:53 PM 19544]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 151552]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 7:06 PM 14088]
S2 gupdate1c9afe93b2de8b8;Google Update Service (gupdate1c9afe93b2de8b8);c:\program files\Google\Update\GoogleUpdate.exe [3/28/2009 5:07 PM 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/28/2009 5:55 PM 1527900]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/28/2009 5:07 PM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 21:07]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 21:07]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003Core.job
- c:\documents and settings\jkusano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 00:06]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003UA.job
- c:\documents and settings\jkusano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 00:06]
.
2011-08-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\documents and settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=f4sbqg7rr3qop|http://groups.yahoo.com/group/HerndonRestonVAFreecycle/messages?o=1|http://washingtondc.craigslist.org/nva/zip/|http://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=421&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53677
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Names Dictionary for rikaichan: {566D6332-1439-43bf-857E-7AD5F137AD0C} - %profile%\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\jkusano\Application Data\Move Networks
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-26 10:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-26 10:36:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-26 14:35
ComboFix2.txt 2008-12-11 00:20
.
Pre-Run: 110,677,286,912 bytes free
Post-Run: 110,745,186,304 bytes free
.
- - End Of File - - 0A2B5AA8ECCB47EE35C6D6B58A77E8D5
redcar92
2011-08-28, 02:20
Greetings jkusano
Things are looking a lot better from this end. How is your pc behaving now? Are there any problems that we may have missed?
Next
Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
We only need the OTL.txt file
Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.
Bill: OK, I ran OTL and here's the OTLg.txt file:
OTL logfile created on: 8/27/2011 8:44:42 PM - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\jkusano\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.66% Memory free
3.35 Gb Paging File | 2.94 Gb Available in Paging File | 87.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 99.91 Gb Free Space | 21.45% Space Free | Partition Type: NTFS
Drive E: | 114.49 Gb Total Space | 101.50 Gb Free Space | 88.65% Space Free | Partition Type: NTFS
Drive F: | 298.08 Gb Total Space | 41.49 Gb Free Space | 13.92% Space Free | Partition Type: NTFS
Computer Name: DAD-NEW | User Name: jkusano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\jkusano\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
PRC - C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)
PRC - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\11082701\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11082701\aswRep.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11082700\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11082700\aswRep.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\ac3filter.acm ()
MOD - C:\WINDOWS\system32\mmfinfo.dll ()
MOD - C:\WINDOWS\system32\mkunicode.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
========== Win32 Services (SafeList) ==========
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.)
========== Driver Services (SafeList) ==========
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (ISODisk) -- C:\WINDOWS\System32\drivers\ISODisk.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 A7 1F 02 59 3F 1B 49 88 92 43 7A F6 E3 DB E7 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50ie7&query="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ver"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ver"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch.co/?tmp=toolbar_FLVTube_results&prt=flvtubetb&clid=6423e0fea157460b93368a6e185c32e7&subid=1970&Keywords={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=f4sbqg7rr3qop|http://groups.yahoo.com/group/HerndonRestonVAFreecycle/messages?o=1|http://washingtondc.craigslist.org/nva/zip/|http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.10
FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=421&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53677
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\jkusano\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\jkusano\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\jkusano\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\jkusano\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\jkusano\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/06 14:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 10:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/21 15:15:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\jkusano\Application Data\Move Networks [2010/02/27 21:01:05 | 000,000,000 | ---D | M]
[2011/07/31 10:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Extensions
[2011/08/26 20:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions
[2011/06/25 14:14:06 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/04/27 18:05:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/01 20:51:24 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2009/12/05 19:05:43 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/01/29 11:40:22 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2011/05/30 07:21:54 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\extensions\rikaichan-jpen@polarcloud.com
[2011/07/31 08:52:49 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\searchplugins\SearchResults.xml
[2011/08/26 20:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/07 08:13:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/02/27 21:01:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\JKUSANO\APPLICATION DATA\MOVE NETWORKS
[2011/08/06 14:53:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/08/07 08:12:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/11/06 19:44:40 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2008/11/06 19:44:46 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2008/11/06 19:46:28 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/01/26 14:23:08 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2008/11/06 19:44:58 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/08/07 08:12:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010/10/10 15:33:16 | 000,001,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\FLVTube.xml.bak
[2011/07/31 08:52:49 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O1 HOSTS File: ([2011/08/26 10:29:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\jkusano\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\jkusano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jkusano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/10 16:12:30 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/05 20:26:36 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/27 16:03:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/26 10:11:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/26 10:11:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/26 10:11:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/26 10:11:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/26 10:10:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/24 15:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\HJThis
[2011/08/24 15:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\Start Menu\Programs\HiJackThis
[2011/08/21 15:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/20 14:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Monkey's Audio
[2011/08/20 14:07:41 | 000,446,464 | ---- | C] (Matthew T. Ashland) -- C:\WINDOWS\System32\MACDll.dll
[2011/08/20 14:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Monkey's Audio
[2011/08/20 10:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/08/19 18:03:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/16 21:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\Desktop\Antivirus-Tools
[2011/08/13 16:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\My Documents\My Library
[2011/08/13 16:32:24 | 000,057,436 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\DASShp.dll
[2011/08/13 16:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Reader
[2011/08/12 16:42:59 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/12 16:42:40 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/12 16:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\Application Data\SUPERAntiSpyware.com
[2011/08/12 16:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/12 16:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/12 16:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/07 08:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/08/07 08:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/07 08:13:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/08/07 08:13:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/07 08:13:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/07 08:13:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/07 08:13:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/06 14:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/08/06 14:53:37 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/08/06 14:53:37 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/08/06 14:53:34 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/06 14:53:34 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/08/06 14:53:33 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/06 14:53:32 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/06 14:53:32 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/06 14:53:32 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/06 14:53:20 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/06 14:53:19 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/06 14:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/06 14:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/06 11:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/08/06 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/04 20:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\Start Menu\Programs\Google Chrome
[2011/08/03 19:25:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/31 11:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate
[2011/07/31 11:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/07/31 10:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/07/31 08:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\Application Data\FreeBurner
[2011/07/31 08:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2011/07/30 14:53:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/30 14:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/30 10:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\My Documents\My Drivers
[2011/07/30 10:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkusano\Local Settings\Application Data\Innovative Solutions
[2011/07/30 10:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/07/30 10:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
[2011/07/30 10:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
========== Files - Modified Within 30 Days ==========
[2049/12/31 16:00:00 | 002,179,807 | ---- | M] () -- C:\Documents and Settings\jkusano\My Documents\Engagement_pictures.zip
[2049/12/31 16:00:00 | 002,115,837 | ---- | M] () -- C:\Documents and Settings\jkusano\My Documents\card.jpg
[2011/08/27 20:47:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/27 20:11:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003UA.job
[2011/08/27 20:11:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003Core.job
[2011/08/27 14:32:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/27 14:31:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/27 14:31:43 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/08/27 14:31:09 | 000,206,824 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/27 14:30:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/27 14:30:42 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/27 11:33:14 | 000,245,248 | ---- | M] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/27 08:56:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/26 10:29:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/25 19:32:17 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\jkusano\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/25 19:32:16 | 000,002,310 | ---- | M] () -- C:\Documents and Settings\jkusano\Desktop\Google Chrome.lnk
[2011/08/21 15:15:49 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/20 13:16:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/20 13:16:04 | 000,071,396 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/20 10:11:23 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\jkusano\Desktop\Shortcut to winamp.lnk
[2011/08/20 10:07:39 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/08/20 10:03:49 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\jkusano\Desktop\vlc-1.1.11-win32.exe
[2011/08/20 05:56:49 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\jkusano\Desktop\OverDrive Media Console.lnk
[2011/08/14 07:48:05 | 000,309,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/13 16:32:27 | 000,001,562 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Reader.lnk
[2011/08/13 14:18:48 | 012,081,326 | ---- | M] () -- C:\Documents and Settings\jkusano\My Documents\bikemap_side2.pdf
[2011/08/13 09:25:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/13 08:42:22 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\jkusano\NTUSER.bak
[2011/08/12 18:41:05 | 000,435,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/12 18:41:05 | 000,068,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/07 08:12:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/08/07 08:12:54 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/07 08:12:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/07 08:12:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/07 08:12:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/06 14:53:38 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/06 14:53:33 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/06 14:33:43 | 000,005,000 | ---- | M] () -- C:\Documents and Settings\jkusano\My Documents\attach.zip
[2011/08/06 11:30:24 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\jkusano\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/31 17:25:38 | 000,000,362 | RHS- | M] () -- C:\boot.ini
[2011/07/31 11:03:03 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2011/07/31 08:53:06 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\jkusano\Desktop\Free Easy Burner.lnk
[2011/07/30 15:00:34 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\jkusano\Desktop\Shortcut to ComboFix.exe.lnk
========== Files Created - No Company Name ==========
[2011/08/26 10:11:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/26 10:11:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/26 10:11:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/26 10:11:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/26 10:11:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/21 15:15:49 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/21 15:15:49 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/20 13:16:56 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/08/20 13:11:47 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/20 10:11:23 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\jkusano\Desktop\Shortcut to winamp.lnk
[2011/08/20 10:07:39 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/08/20 10:03:38 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\jkusano\Desktop\vlc-1.1.11-win32.exe
[2011/08/13 16:32:27 | 000,001,562 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Reader.lnk
[2011/08/13 16:32:24 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Reader.lnk
[2011/08/13 14:18:47 | 012,081,326 | ---- | C] () -- C:\Documents and Settings\jkusano\My Documents\bikemap_side2.pdf
[2011/08/06 14:53:38 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/06 14:33:43 | 000,005,000 | ---- | C] () -- C:\Documents and Settings\jkusano\My Documents\attach.zip
[2011/08/06 11:30:24 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\jkusano\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/04 20:06:59 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\jkusano\Desktop\Google Chrome.lnk
[2011/08/04 20:06:59 | 000,002,288 | ---- | C] () -- C:\Documents and Settings\jkusano\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/04 20:06:29 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003UA.job
[2011/08/04 20:06:29 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003Core.job
[2011/07/31 11:03:03 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2011/07/30 15:00:34 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\jkusano\Desktop\Shortcut to ComboFix.exe.lnk
[2011/07/30 14:53:42 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2011/07/30 14:53:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/12 13:55:46 | 000,000,285 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/02/18 21:17:22 | 000,071,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/13 15:45:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2011/02/13 15:45:00 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/01/22 13:13:08 | 000,881,968 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/27 13:38:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2010/11/25 10:26:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/06 23:06:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/11/06 21:49:03 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/11/06 21:48:34 | 000,000,841 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/11/06 21:48:34 | 000,000,462 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/11/06 21:48:34 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/11/06 21:48:34 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/11/06 21:48:34 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2010/11/06 21:47:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/11/06 21:45:06 | 000,027,513 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/12/12 09:24:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/10/19 14:25:08 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/23 07:17:30 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/08/17 15:30:23 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys
[2009/08/15 20:06:36 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2009/08/09 19:53:42 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/08/01 17:21:33 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/01 16:55:55 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/05/28 17:53:13 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/05/28 17:52:28 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/03/07 16:28:46 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/02/08 17:43:57 | 000,008,179 | ---- | C] () -- C:\WINDOWS\lviewp.ini
[2009/01/19 14:08:36 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/19 14:08:36 | 000,686,085 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2009/01/19 14:08:36 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/01/19 14:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009/01/19 14:08:36 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/01/19 14:08:36 | 000,054,919 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2009/01/11 16:09:47 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/01/10 22:02:34 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/01/10 21:37:15 | 000,245,248 | ---- | C] () -- C:\Documents and Settings\jkusano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/10 18:10:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/10 18:10:43 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/01/10 18:10:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/01/10 16:18:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/10 16:14:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/10 16:09:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/10 10:45:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/10 10:36:29 | 000,309,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/28 12:59:44 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/28 11:51:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/28 11:50:50 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/12/28 11:49:08 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/26 01:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/26 01:08:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/12/26 01:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/26 01:08:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/12/26 01:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/26 01:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/12/26 01:08:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/12/26 01:08:00 | 000,432,672 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/12/12 12:57:38 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/12/09 14:57:26 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/12/09 14:57:18 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/12/09 14:57:02 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/12/09 14:56:34 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/12/08 09:37:04 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/08 08:53:40 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/08 08:53:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/26 15:55:22 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/11/26 14:49:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/11/15 14:02:26 | 001,866,670 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/07/09 04:05:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2008/04/05 13:53:24 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\avsfilter.dll
[2008/03/29 11:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 11:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 11:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 11:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 11:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 11:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 11:42:02 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2008/03/29 11:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 11:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 11:42:00 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2008/03/29 11:41:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2008/03/29 11:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 11:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 11:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2005/11/07 18:32:46 | 003,088,384 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-4.dll
[2005/11/04 22:57:14 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/09/12 23:09:34 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\AvsRecursion.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/30 00:44:56 | 001,627,136 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2004/01/23 22:35:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avisynth_c.dll
[2003/08/07 15:01:50 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/03/04 10:16:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
========== LOP Check ==========
[2010/02/03 20:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/06 14:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/01/10 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/07/31 10:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/07/30 10:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/06/21 11:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2011/04/05 19:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/01/17 16:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/11/06 21:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/04 09:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/08/15 11:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/02/14 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30}
[2011/02/12 13:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/22 07:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/18 22:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\.minecraft
[2011/08/27 17:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Azureus
[2011/05/30 09:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Canon
[2011/07/31 08:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\FreeBurner
[2009/11/27 17:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\GARMIN
[2009/02/14 18:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\ICAClient
[2011/02/15 21:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\InfraRecorder
[2010/11/26 07:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Leadertech
[2009/05/28 17:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\MAGIX
[2009/08/08 16:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Megaupload
[2009/11/22 07:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\OverDrive
[2011/01/22 11:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Research In Motion
[2009/08/15 11:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\ScanSoft
[2010/11/26 07:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Seagate
[2009/02/14 17:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Seven Zip
[2009/08/02 15:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Sony
[2009/08/02 15:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\Sony Setup
[2010/12/27 13:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\TechWizard
[2009/01/26 14:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkusano\Application Data\webex
[2011/08/27 14:31:43 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
========== Purity Check ==========
< End of report >
redcar92
2011-08-28, 04:44
Greetings jkusano
Next
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 38 A7 1F 02 59 3F 1B 49 88 92 43 7A F6 E3 DB E7
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[Reboot]
Then click the [b]Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
Next
Open FireFox
Click on Tools on the Menu bar
Click on Options
Click on Advanced tool
Click on Network Tab
Click on Settings in the Connections box at the top
Click the top button No Proxy
Logs to post
OTL.txt
How is your PC running now.
Bill: It's running very well, thanks you. Thanks for all your help. One quick question, how do I use the windows recovery option that I loaded prior to running combofix? This whole thing started when by windows boot script was corrupted by a virus. I was able to repair that after several days without a computer. I'm thinking that this windows recovery option that comes up prior to windows booting up will help me if that ever happens again. Thanks again.
Here's the OTL.txt file:
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jkusano
->Temp folder emptied: 3726146 bytes
->Temporary Internet Files folder emptied: 2580232 bytes
->Java cache emptied: 11513 bytes
->FireFox cache emptied: 94459179 bytes
->Google Chrome cache emptied: 343898580 bytes
->Flash cache emptied: 17595 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98866 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 56157923 bytes
Total Files Cleaned = 478.00 mb
OTL by OldTimer - Version 3.2.26.6 log created on 08282011_155805
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_830.dat moved successfully.
Registry entries deleted on Reboot...
redcar92
2011-08-28, 23:59
Greetings jkusano
Before you go just a couple of details to take care of.
Recovery Conole is installed by Combofix as a backup measure in the event your pc become unbootable. Here (http://support.microsoft.com/kb/307654) is a good article by MS on the installation and use of Recovery Console.
Next
Your Java appears to be down level.
Navigate to Control Panel then open Add Remove Programs.
Highlight each Java item listed then Remove or Uninstall.
Visit this site (http://www.java.com/en/download/index.jsp) to down load and install the latest Java.
Now to clean up our tools a bit.
The following will implement some cleanup procedures as well as reset System Restore points:
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
Clean up with OTL:
Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
On your desktop right click on aswMBR.exe and click delete. Do the same for aswMBR.txt
You should keep Malwarebytes and ESET scanner. Update and run these on a regular basis to keep your system running clean.
From the look of your logs are finally, All Clean and the machine seems to be performing as it should. You know how much work and effort you've had to put into getting it back into working order, so hopefully you can impress upon the others who use this machine, to be more careful.
For the future safety of this machine and your data, try to ensure they sit down and read the following threads: (it won't take them very long)
Cracked/Illegal Software (http://www.techsupportforum.com/f50/cracked-illegal-software-248501.html)
Perils of P2P File Sharing (http://www.techsupportforum.com/f50/perils-of-p2p-file-sharing-305923.html)
Think Prevention (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
If there aren't any more problems, we have some final housekeeping to tend to now.
To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
* Microsoft Windows Update - http://www.windowsupdate.com (http://www.windowsupdate.com/)
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
* SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
o SpywareBlaster is a preventative program. It sets flags in the registry to prevent the running of a specific list of bad spyware related ActiveX controls. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.
* WOT (http://www.mywot.com/), Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
o Green to go
o Yellow for caution
o Red to stop
WOT has an addon available for both Firefox and IE.
* Scan here http://secunia.com/software_inspector/ (http://secunia.com/software_inspector/)for out of date & vulnerable common applications on your computer
Thanks for your patience and hard work.:thanks: :greeting:
Please post any questions, concerns or issues now as this thread will close in a few days.