PDA

View Full Version : Win32.ClickPotatoLite got it - NEED HELP REMOVING



rookyboy
2012-02-12, 16:08
Hello

Ran Spybot-S&D "Check for Problems" and Win32.ClickPotatoLite appeared in results page. Ran fix and it wasn't removed.



ERUNT - Ran and installed; FORGOT to "ONLY choose "System registry" " and DID NOT untoggle "Current User Registry" before clicking OK

DDS log - attempted to run it, but it did not work.

TeaTimer - unchecked "Resident TeaTimer"

Spybot-S&D Log - (pasted only the top part of results below)
Win32.ClickPotatoLite: [SBI $F8133F18] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}

I hope that I've done everything that I've needed to in creating this new thread. I have spent nearly 3 hrs with this issue, getting to this point.

I'm a real novus with any of this computer stuff and don't understand most of the computer jargon, so please be patient with me.

Your help and services are greatly appreciated!

Thank you in advance for your help!

ken545
2012-02-18, 21:58
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


Lets see if these will run


Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png





OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

rookyboy
2012-02-19, 05:41
Thanks ken545!

Did as you instructed and posted results below.

HOWEVER, I when I ran the OTL, no notepad window Extras.TXT came up and it was not located on the C drive in the OTL file either.



aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-18 20:19:00
-----------------------------
20:19:00.052 OS Version: Windows x64 6.1.7601 Service Pack 1
20:19:00.052 Number of processors: 4 586 0x170A
20:19:00.068 ComputerName: HARDT-HOME-PC UserName: Milo Hardt
20:19:01.409 Initialize success
20:19:16.190 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:19:16.190 Disk 0 Vendor: WDC_WD10EADS-65M2B0 01.00A01 Size: 953869MB BusType: 3
20:19:16.190 Disk 0 MBR read successfully
20:19:16.205 Disk 0 MBR scan
20:19:16.205 Disk 0 unknown MBR code
20:19:16.205 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:19:16.205 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942905 MB offset 206848
20:19:16.236 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10862 MB offset 1931276288
20:19:16.252 Service scanning
20:19:23.756 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:19:30.354 Modules scanning
20:19:30.354 Disk 0 trace - called modules:
20:19:30.401 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys
20:19:30.401 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077b0060]
20:19:30.401 3 CLASSPNP.SYS[fffff880019b343f] -> nt!IofCallDriver -> [0xfffffa80070ddd10]
20:19:30.417 5 ACPI.sys[fffff88000fa97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80070e2060]
20:19:30.417 Scan finished successfully
20:19:41.898 Disk 0 MBR has been saved successfully to "C:\Users\Milo Hardt\Desktop\MBR.dat"
20:19:41.898 The log file has been saved successfully to "C:\Users\Milo Hardt\Desktop\aswMBR.txt"



OTL logfile created on: 2/18/2012 8:30:55 PM - Run 3
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Milo Hardt\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.89 Gb Available Physical Memory | 73.91% Memory free
15.93 Gb Paging File | 13.79 Gb Available in Paging File | 86.59% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.81 Gb Total Space | 858.05 Gb Free Space | 93.18% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.52 Gb Free Space | 14.30% Space Free | Partition Type: NTFS

Computer Name: HARDT-HOME-PC | User Name: Milo Hardt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Milo Hardt\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
PRC - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Belkin Local Backup Service) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()
SRV:64bit: - (Belkin Network USB Helper) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\drivers\sxuptp.sys (silex technology, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/03 16:19:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/03 16:19:55 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/26 19:39:07 | 000,435,366 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14980 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6F904B-FF9A-475A-A5E2-DB3A8ACD50D6}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c6088bf5-fc58-11de-8f84-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c6088bf5-fc58-11de-8f84-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/17 20:06:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/15 20:23:08 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 20:23:08 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 20:23:06 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/15 20:23:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 20:23:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 20:23:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 20:23:05 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/15 20:23:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/15 20:23:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 20:23:04 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/15 20:23:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 20:02:38 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 20:02:18 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 20:02:18 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 20:01:31 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/12 06:14:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/12 06:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/12 06:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/02/12 05:39:50 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\Desktop\ALL DESKTOP
[2012/02/11 05:40:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/09 21:18:05 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{B77C2D6C-57EC-41AE-85BF-003787D96790}
[2012/02/09 21:17:55 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{00BA94CA-B743-4969-A9D5-0534B8EB80B9}
[2012/02/09 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Roaming\Windows Live Writer
[2012/02/09 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\Windows Live Writer
[2012/02/09 21:15:00 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{8EAC654E-06DA-4828-98BD-CB0B8E91FF55}
[2012/02/09 21:14:47 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{9F71BCD5-63A6-4B7F-A2F0-E774A61434AF}
[2012/01/31 18:19:50 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 18:19:50 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 18:19:50 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 18:19:50 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 18:19:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/31 18:19:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[1 C:\Users\Milo Hardt\Documents\*.tmp files -> C:\Users\Milo Hardt\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/18 20:19:41 | 000,000,512 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\MBR.dat
[2012/02/18 20:16:39 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 20:16:39 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 20:09:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/18 20:09:05 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/18 08:58:42 | 000,746,934 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/18 08:58:42 | 000,629,186 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/18 08:58:42 | 000,108,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 04:55:30 | 000,436,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 20:28:02 | 000,743,718 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/12 06:13:36 | 000,001,070 | ---- | M] () -- C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/12 06:13:19 | 000,000,890 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\NTREGOPT.lnk
[2012/02/12 06:13:19 | 000,000,871 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\ERUNT.lnk
[2012/02/11 05:25:40 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMilo Hardt.job
[1 C:\Users\Milo Hardt\Documents\*.tmp files -> C:\Users\Milo Hardt\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/18 20:19:41 | 000,000,512 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\MBR.dat
[2012/02/12 06:13:36 | 000,001,070 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/12 06:13:19 | 000,000,890 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\NTREGOPT.lnk
[2012/02/12 06:13:19 | 000,000,871 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\ERUNT.lnk
[2011/11/20 16:13:15 | 002,710,180 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0625.JPG
[2011/06/02 12:13:45 | 000,003,584 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 15:34:50 | 000,001,854 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\GhostObjGAFix.xml
[2011/04/09 11:34:40 | 002,783,557 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0046.JPG
[2011/04/09 08:03:42 | 003,020,900 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0068.JPG
[2011/04/02 06:16:19 | 000,407,664 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010135.JPG
[2011/03/02 04:15:49 | 000,411,537 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010129.JPG
[2011/01/27 15:56:52 | 000,746,934 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/08 08:35:04 | 000,646,959 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpGATE.0
[2011/01/08 08:35:04 | 000,509,658 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpGATE.JPG
[2010/12/31 10:30:43 | 002,728,672 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0014.JPG
[2010/12/31 10:20:00 | 002,770,979 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0011.JPG
[2010/12/28 09:33:29 | 000,000,268 | RH-- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\vhosts
[2010/12/28 09:33:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Action Clauses
[2010/12/28 09:33:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/12/28 09:31:29 | 000,000,268 | RH-- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\manual
[2010/12/28 09:31:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\AccountTypes
[2010/12/28 09:31:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/26 08:58:55 | 000,434,264 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010116.JPG
[2010/11/21 10:48:35 | 000,144,364 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpBRAKE PADS EBC.JPG
[2010/11/13 13:00:09 | 000,422,805 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010108.JPG
[2010/10/24 09:47:02 | 000,427,405 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010093.JPG
[2010/10/24 09:45:32 | 000,427,111 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010098.JPG
[2010/10/24 09:44:54 | 000,434,975 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010095.JPG
[2010/10/17 09:56:57 | 000,428,767 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010087.JPG
[2010/09/18 14:58:25 | 000,430,749 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010046.0
[2010/09/18 14:58:25 | 000,140,488 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010046.JPG
[2010/08/14 19:23:09 | 000,652,799 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP5090168.0
[2010/08/14 19:23:09 | 000,507,631 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP5090168.JPG
[2010/08/14 19:20:42 | 000,705,410 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140194.JPG
[2010/08/14 19:18:36 | 000,699,902 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140195.JPG
[2010/08/14 19:18:01 | 000,725,967 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140196.JPG
[2010/08/14 19:13:45 | 000,448,766 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP6010188.JPG
[2010/08/14 19:13:44 | 000,666,530 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP6010188.0
[2010/07/30 08:56:12 | 000,000,228 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\wklnhst.dat
[2010/07/29 07:37:14 | 000,427,548 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010201.JPG
[2010/07/25 10:11:16 | 000,441,698 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010130.JPG
[2010/07/25 10:08:22 | 000,428,522 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010159.JPG
[2010/07/25 10:07:03 | 000,646,087 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4100140.JPG
[2010/07/25 10:02:25 | 000,430,241 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010125.JPG
[2010/07/25 09:59:52 | 000,645,888 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4110155.JPG
[2010/07/25 09:58:38 | 000,689,734 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4110146.JPG
[2010/07/25 09:57:56 | 000,688,881 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4100133.JPG
[2010/07/25 09:54:28 | 000,426,121 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010139.JPG
[2010/07/25 09:53:22 | 000,170,526 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010151_CROP.JPG
[2010/07/25 09:52:51 | 000,421,651 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010151.JPG
[2010/07/19 08:47:07 | 000,412,791 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010010.0
[2010/07/19 08:47:07 | 000,192,713 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010010.JPG
[2010/07/19 08:46:48 | 000,431,429 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010012.0
[2010/07/19 08:46:48 | 000,132,589 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010012.JPG
[2010/07/04 11:08:41 | 000,428,687 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010001.JPG
[2010/07/02 07:00:21 | 000,416,427 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010186.JPG
[2010/07/02 06:58:50 | 000,018,996 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpMUG SHOT.JPG
[2010/07/02 06:47:58 | 000,478,955 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpCANYON JUNE 2010 7.JPG
[2010/07/02 06:10:00 | 002,413,878 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpIMG_0018[1].0
[2010/07/02 06:10:00 | 001,085,043 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpIMG_0018[1].JPG
[2010/07/02 05:48:59 | 000,425,775 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010199.JPG
[2010/07/02 05:40:59 | 000,425,726 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010198.JPG
[2010/06/30 12:50:50 | 000,274,268 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.2
[2010/06/30 12:50:49 | 000,273,663 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.1
[2010/06/30 12:50:46 | 000,425,973 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.0
[2010/06/30 12:50:19 | 000,092,675 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196_CROP.JPG
[2010/06/30 12:50:19 | 000,092,567 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196_CROP.0
[2010/06/30 12:12:52 | 000,314,409 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010195.JPG
[2010/06/30 12:12:51 | 000,432,577 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010195.0
[2010/05/22 08:56:21 | 000,408,859 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010121.JPG
[2010/05/20 13:02:51 | 000,443,327 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010084.JPG
[2010/05/20 13:02:51 | 000,400,013 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010084.0
[2010/04/03 16:19:41 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/02 15:23:26 | 000,401,222 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010045.JPG
[2010/04/02 15:23:26 | 000,008,853 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010045_navi.JPG
[2010/04/02 15:22:33 | 000,257,005 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010047.JPG
[2010/03/20 14:41:36 | 000,415,997 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010047.0
[2010/03/20 08:40:34 | 000,201,574 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010105.JPG
[2010/03/20 08:40:34 | 000,200,480 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010105.0
[2010/03/18 10:21:27 | 000,224,464 | ---- | C] () -- C:\Windows\hpwins19.dat

========== LOP Check ==========

[2010/09/26 09:36:48 | 000,000,000 | -HSD | M] -- C:\Users\Milo Hardt\AppData\Roaming\.#
[2010/03/07 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\InterTrust
[2010/12/28 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\Nikon
[2010/02/23 17:20:45 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\PictureMover
[2010/11/25 13:18:14 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\Template
[2010/03/10 19:32:31 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\WinBatch
[2012/02/09 21:17:41 | 000,000,000 | ---D | M] -- C:\Users\Milo Hardt\AppData\Roaming\Windows Live Writer
[2011/05/31 10:41:05 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/01/11 15:19:09 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

rookyboy
2012-02-19, 05:46
Forgot to mention this to you!

Just this last Thurs. (after my original post on Sunday morning) there were some "automatic updates" that were downloaded. I don't know if this would have an impact on the original ERUNT etc. items that I put in this thread when I started it.

Thanks again. Your help is greatly appreciated!!

ken545
2012-02-19, 11:48
Good Morning,

Are all these that I am looking at pictures put there by yourself ?
C:\Users\Milo Hardt\AppData\Local\tmpP6010188.JPG



Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

rookyboy
2012-02-19, 13:28
As to the pictures question: The only pictures that have been saved to this computer should have been saved in the "My Pictures" folder.

NOTE:
I could not find any "Remove Selected" after scanning with the newly downloaded Malwarebytes.

However, when I clicked on the Quarantine section there is the following: "Hijack.Displa... Registry Data HKLM\SOFTWARE\Microsoft\Windows\Current..."
I cannot read the entire item, but I don't think it should be on my computer. Should I "delete" this quarantined item?

Below is the pasted results of the Malwarebytes Quik Scan that I ran.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Milo Hardt :: HARDT-HOME-PC [administrator]

2/19/2012 4:03:04 AM
mbam-log-2012-02-19 (04-03-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227991
Time elapsed: 9 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ken545
2012-02-19, 14:28
Anything in Quarantine you can get rid off


You need to download the 64bit version of System Look


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
ClickPotatoLite
:folderfind
ClickPotatoLite
:Regfind
ClickPotatoLite

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

rookyboy
2012-02-20, 01:45
When I go to all three of the links and attempt to download the 64bit version of System Look I get the exact same response when I click on LOOK. A box with an "X" out red circle and "Script required!" pops up!

The download seems to be on my computer in downloads folder, but it does not want to run!

rookyboy
2012-02-20, 01:47
The box that appears also says "System Look - Error" at the top.

ken545
2012-02-20, 04:06
You need to download it to your desktop, the right click on it and select RUN AS ADMINISTRATOR

rookyboy
2012-02-20, 14:58
Thanks for your patience with me ken545.

I’m still having difficulty getting SystemLook to work properly.

I can see several of the downloaded application files in my downloads folder and on my desktop, but I’m still getting the same error message I was before. When I right-click on the downloaded SystemLook icon, and attempt to “Run as Administrator” the exact same thing happens, I end up with the SystemLook – Error box and the request for Script needed!

Whenever I click on the links to download SystemLook, the following happens:

1. A rectangular popup trimmed in yellow appears at the bottom of the page that says: “Do you want to run or save SystemLook.exe (161 KB) from jpshortstuff.247fixes.com?” with the following three options to choose from - Run Save Cancel

2. Then, regardless if I choose either Run or Save, the following happens:

3. In the same rectangular popup window the following appears for just a few seconds, “Running security scan…”

4. Then, in the same rectangular popup window at the bottom on the page (only this time its trimmed in red with the little “x” out red shield it says, “SystemLook_x64.exe is not commonly downloaded and could harm your computer.” with the following three options to choose from - Delete Actions View downloads

5. Regardless of which path I take, Actions or View downloads, I am still getting the same results when the popup saying LOOK or EXIT comes up and I click on LOOK; SystemLook – Error box with Script needed!

I can see several icons for SystemLook on my computer, both on the desktop and in the downloads folder, but none will work.

I sure hope you can understand what I’ve just written here. I’ve tried my best to explain all the details.

Thanks again for being patient with me as I’m a real goober with all this computer stuff!

ken545
2012-02-20, 19:24
Why dont you go ahead and run Spybot and save the log and post it for me to see

rookyboy
2012-02-23, 03:58
Ok ken545!

Below is the report after I did my SpyBot scan!

Thanks!!



Search result list ---
Win32.ClickPotatoLite: [SBI $F8133F18] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}

Right Media: Tracking cookie (Internet Explorer: Milo Hardt) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-03-03 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-02-07 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2012-01-24 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-02-07 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-12-27 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-01-17 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-02-07 Includes\TrojansC-02.sbi (*)
2012-02-03 Includes\TrojansC-03.sbi (*)
2012-01-30 Includes\TrojansC-04.sbi (*)
2012-01-30 Includes\TrojansC-05.sbi (*)
2012-02-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ MSXML4SP3: Security update for MSXML4 SP3 (KB973685)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: 505F022493D471025ADD399A4162208B

Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 1F3FF6C062B311FE410EC89F6BFAC213

Located: HK_LM:Run, ArcSoft Connection Service
command: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
file: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 207424
MD5: A7810B302294793DE88542AAE177D1B1

Located: HK_LM:Run, HP Remote Solution
command: %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
file: C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
size: 656896
MD5: 47DCE3A2FE0B34DD9F01EB4037303A3E

Located: HK_LM:Run, HP Software Update
command: c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
file: c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
size: 54576
MD5: 5516C26A6AF8EB4E2CAB48EC98A74398

Located: HK_LM:Run, hpqSRMon
command: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
file: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
size: 150528
MD5: 72860972F8196EBB3C896F53D2B95470

Located: HK_LM:Run, hpsysdrv
command: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
file: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
size: 62768
MD5: 554A50B5310E702029D3A675459108FF

Located: HK_LM:Run, InstaLAN
command: "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
file: C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
size: 1770400
MD5: 4614C7847FC7457E578466FCAEBBA744

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 444EB38A256BE60F2013488C49D2AB3F

Located: HK_LM:Run, Nikon Transfer Monitor
command: C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
file: C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
size: 479232
MD5: 0408F0E5C0411B11B9502D957BCE15E1

Located: HK_LM:Run, PMBVolumeWatcher
command: C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
file: C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
size: 600928
MD5: AC32E0F47BB9083BB4164171A4C562A2

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: AF43C4F7F3C8BC95DAD95024F96CDC4A

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 6E3245DF783E58375B3465F03274743E

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, HPADVISOR
where: S-1-5-21-2206206495-3188505993-3120083476-1001...
command: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
file: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
size: 1685048
MD5: A5F78606A9BA8F0C4C8FF9DED6ED5107

Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
size: 270336
MD5: E986D1068AEF099CA3BE2AEAB4C8D643

Located: Startup (common), PictureMover.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
file: C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
size: 430080
MD5: B00743B9009BD4104C34DD0C09D49DD1

Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
file: C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B

Located: Startup (user), OneNote 2010 Screen Clipper and Launcher.lnk
where: C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
file: C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
size: 227712
MD5: 043FE3C9088BEADC6A9FFC033C84F20F



--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 7/28/2008 3:47:40 AM
Date (last access): 3/18/2010 10:28:34 AM
Date (last write): 7/28/2008 3:47:40 AM
Filesize: 882416
Attributes: archive
MD5: 6A2E0E49A4F2A9DF3E6293E37E7486BD
CRC32: F6C7B4F3
Version: 2008.7.28.1

{0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Print Enhancer
CLSID name: HP Print Enhancer
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_printenhancer.dll
Short name: HPSWP_~3.DLL
Date (created): 10/22/2009 5:29:58 AM
Date (last access): 4/3/2010 4:19:56 PM
Date (last write): 10/22/2009 5:29:58 AM
Filesize: 328248
Attributes: archive
MD5: 972F4608E0BA74BE1DB448947E5A9822
CRC32: C87DAD78
Version: 132.0.55458.0

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 1/3/2012 8:16:38 AM
Date (last access): 1/17/2012 4:19:10 AM
Date (last write): 1/3/2012 8:16:38 AM
Filesize: 61888
Attributes: archive
MD5: 2CBCA94ABCCB2B79E4693BA0E4FC85BE
CRC32: 7D28B444
Version: 9.5.0.270

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/3/2012 8:16:32 AM
Date (last access): 1/17/2012 4:19:10 AM
Date (last write): 1/3/2012 8:16:32 AM
Filesize: 75200
Attributes: archive
MD5: 1F9B3487739B31C3D770728CB157A54D
CRC32: 3F012C08
Version: 9.5.0.270

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 3/3/2010 6:57:10 PM
Date (last access): 3/3/2010 6:57:10 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/21/2010 2:08:38 PM
Date (last access): 1/6/2011 4:03:34 PM
Date (last write): 9/21/2010 2:08:38 PM
Filesize: 439168
Attributes: archive
MD5: 6BF01E200063D7274F3AF06D226671F5
CRC32: C8953126
Version: 7.250.4225.0

{9FDDE16B-836F-4806-AB1F-1455CBEFF289} (Windows Live Messenger Companion Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Messenger Companion Helper
Path: C:\Program Files (x86)\Windows Live\Companion\
Long name: companioncore.dll
Short name: COMPAN~1.DLL
Date (created): 11/10/2010 2:07:26 AM
Date (last access): 4/3/2011 9:57:04 AM
Date (last write): 11/10/2010 2:07:26 AM
Filesize: 393600
Attributes: archive
MD5: 47BDBCE3E2D819B17AB9FA4539B9DF71
CRC32: 420F228A
Version: 15.4.3508.1109

{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~2\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 12/21/2010 1:05:22 AM
Date (last access): 12/6/2011 6:00:58 AM
Date (last write): 12/21/2010 1:05:22 AM
Filesize: 561552
Attributes: archive
MD5: A5D08B86E8A437AA6DEAF7A187BF6CA5
CRC32: CEA4973B
Version: 14.0.6015.1000

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Microsoft Live Search Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Microsoft Live Search Toolbar Helper
Path: c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\
Long name: msneshellx.dll
Short name: MSNESH~1.DLL
Date (created): 7/16/2009 12:35:18 PM
Date (last access): 12/4/2009 7:17:24 PM
Date (last write): 7/16/2009 12:35:18 PM
Filesize: 82784
Attributes: archive
MD5: 9C89890FCB4256C7B64583939536CC66
CRC32: 73097536
Version: 3.0.566.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 10/18/2011 6:05:34 PM
Date (last access): 10/31/2011 7:20:26 PM
Date (last write): 10/18/2011 6:05:34 PM
Filesize: 42272
Attributes: archive
MD5: DC365B6E595683F67BC21A203432E336
CRC32: ADEC3F07
Version: 6.0.290.11

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (SingleInstance Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SingleInstance Class
Path: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\
Long name: YTSingleInstance.dll
Short name: YTSING~1.DLL
Date (created): 7/28/2008 3:47:42 AM
Date (last access): 3/18/2010 10:28:34 AM
Date (last write): 7/28/2008 3:47:42 AM
Filesize: 160496
Attributes: archive
MD5: F64C4241FE5E519F62C47C361DC671D7
CRC32: 5F6F96A7
Version: 2008.7.28.1

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Smart BHO Class
CLSID name: HP Smart BHO Class
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_BHO.dll
Short name: HPSWP_~1.DLL
Date (created): 10/22/2009 5:29:56 AM
Date (last access): 4/3/2010 4:19:56 PM
Date (last write): 10/22/2009 5:29:56 AM
Filesize: 517688
Attributes: archive
MD5: 4743B45C41BE35709F81BEC62FDA0AA0
CRC32: CC2D5870
Version: 132.0.55458.0



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 6/21/2010 6:14:54 AM
Date (last access): 10/3/2011 6:11:30 AM
Date (last write): 10/3/2011 5:06:06 AM
Filesize: 108320
Attributes: archive
MD5: F4AE1B6811B4E7B3F9B5C7F0FE76BBFC
CRC32: 0F37B160
Version: 6.0.290.11

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 6/21/2010 6:14:54 AM
Date (last access): 10/3/2011 6:11:30 AM
Date (last write): 10/3/2011 5:06:06 AM
Filesize: 108320
Attributes: archive
MD5: F4AE1B6811B4E7B3F9B5C7F0FE76BBFC
CRC32: 0F37B160
Version: 6.0.290.11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_29.dll
Short name: NPJPI1~1.DLL
Date (created): 10/3/2011 2:37:54 AM
Date (last access): 10/3/2011 6:11:40 AM
Date (last write): 10/3/2011 5:06:12 AM
Filesize: 141088
Attributes: archive
MD5: A8F3D654E83D928FBBD4714D2D54AB39
CRC32: A1FB5317
Version: 6.0.290.11



--- Process list ---
PID: 0 ( 0) [System]
PID: 3320 (2884) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
size: 1685048
MD5: A5F78606A9BA8F0C4C8FF9DED6ED5107
PID: 3360 (2884) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
size: 270336
MD5: E986D1068AEF099CA3BE2AEAB4C8D643
PID: 3436 (2884) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
size: 227712
MD5: 043FE3C9088BEADC6A9FFC033C84F20F
PID: 3572 (3340) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
size: 62768
MD5: 554A50B5310E702029D3A675459108FF
PID: 3580 (3340) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
size: 656896
MD5: 47DCE3A2FE0B34DD9F01EB4037303A3E
PID: 3588 (3340) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
size: 54576
MD5: 5516C26A6AF8EB4E2CAB48EC98A74398
PID: 3608 (3340) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 207424
MD5: A7810B302294793DE88542AAE177D1B1
PID: 3640 (3608) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
size: 309824
MD5: F400694D7D2785F60133C20F7F2F4F7A
PID: 3660 (3340) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
size: 479232
MD5: 0408F0E5C0411B11B9502D957BCE15E1
PID: 3716 (3340) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
size: 1770400
MD5: 4614C7847FC7457E578466FCAEBBA744
PID: 3724 (3340) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
size: 600928
MD5: AC32E0F47BB9083BB4164171A4C562A2
PID: 3752 (3340) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 6E3245DF783E58375B3465F03274743E
PID: 3764 (3340) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 444EB38A256BE60F2013488C49D2AB3F
PID: 3944 (3716) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
size: 7034272
MD5: 21933A00587BC50B224555EA1AF608B1
PID: 3956 (3716) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
size: 1658272
MD5: 0DAED67E1B0FBC6EDA44E42EE4EB50D4
PID: 4172 (3360) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
size: 168960
MD5: F12FF2ECB2F6F7D9C5062D67D8334AE9
PID: 4256 ( 736) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
size: 559104
MD5: 0335B80F0C3F3D2BE9E1F34292A33D98
PID: 4688 ( 736) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
size: 362496
MD5: 883008A9B5BFF94A153D99DBA54CB5C1
PID: 4908 (2884) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 4996 (4932) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
size: 210216
MD5: 66275E52615AF9D2F18EB3442D00CFE3
PID: 5008 (4908) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 4624 ( 736) c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe
size: 130400
MD5: 2C723617B41F50553A43F1BD9E633725
PID: 2488 (2884) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4660 (4908) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 6080 (4908) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 4 ( 0) System
PID: 292 ( 4) smss.exe
PID: 444 ( 372) csrss.exe
PID: 504 ( 372) wininit.exe
size: 96256
PID: 524 ( 512) csrss.exe
PID: 568 ( 512) winlogon.exe
PID: 616 ( 504) services.exe
PID: 624 ( 504) lsass.exe
PID: 632 ( 504) lsm.exe
PID: 736 ( 616) svchost.exe
size: 20992
PID: 812 ( 616) svchost.exe
size: 20992
PID: 876 ( 616) MsMpEng.exe
PID: 956 ( 616) svchost.exe
size: 20992
PID: 1012 ( 616) svchost.exe
size: 20992
PID: 312 ( 616) svchost.exe
size: 20992
PID: 1048 ( 616) svchost.exe
size: 20992
PID: 1204 ( 616) svchost.exe
size: 20992
PID: 1388 ( 616) spoolsv.exe
PID: 1416 ( 616) svchost.exe
size: 20992
PID: 1572 ( 616) ACService.exe
PID: 1736 ( 616) BelkinService.exe
PID: 1844 ( 616) AppleMobileDeviceService.exe
PID: 1896 ( 616) BkBackupScheduler.exe
PID: 1924 ( 616) Bkapcs.exe
PID: 1948 ( 616) mDNSResponder.exe
PID: 1992 ( 616) svchost.exe
size: 20992
PID: 2020 ( 616) HPDrvMntSvc.exe
PID: 1104 ( 616) svchost.exe
size: 20992
PID: 1184 ( 616) LSSrvc.exe
PID: 1512 ( 616) svchost.exe
size: 20992
PID: 1212 ( 616) PMBDeviceInfoProvider.exe
PID: 1636 ( 616) svchost.exe
size: 20992
PID: 1604 ( 616) svchost.exe
size: 20992
PID: 1444 ( 616) WLIDSVC.EXE
PID: 1792 ( 616) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2120 (1444) WLIDSVCM.EXE
PID: 2496 ( 616) NisSrv.exe
PID: 2688 ( 616) svchost.exe
size: 20992
PID: 2796 (1012) WUDFHost.exe
PID: 3052 ( 616) C:\Windows\System32\taskhost.exe
PID: 2760 (1012) C:\Windows\System32\dwm.exe
PID: 2884 (2768) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 3180 (2884) C:\Windows\System32\hkcmd.exe
PID: 3212 (2884) C:\Windows\System32\igfxpers.exe
PID: 3236 ( 736) C:\Windows\System32\igfxsrvc.exe
PID: 3252 (2884) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
size: 610360
MD5: A5E7025E2B9FFD21956CD5D3E08BFE0D
PID: 3312 (2884) C:\Program Files\Microsoft Security Client\msseces.exe
size: 1436736
MD5: 649760A96BF5F9869F3040673900334F
PID: 3832 ( 616) PresentationFontCache.exe
PID: 3892 (3716) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
size: 1287680
MD5: 0D888305ECDF5B64612880464D3D29F0
PID: 1084 ( 616) iPodService.exe
PID: 3224 ( 616) SearchIndexer.exe
size: 427520
PID: 3684 ( 616) wmpnetwk.exe
PID: 4456 ( 616) svchost.exe
size: 20992
PID: 4932 ( 312) C:\Windows\System32\taskeng.exe
size: 192000
MD5: 4F2659160AFCCA990305816946F69407
PID: 4724 ( 736) dllhost.exe
size: 7168
PID: 6000 ( 616) HPSA_Service.exe
PID: 5216 ( 616) IntuitUpdateService.exe
PID: 5276 ( 616) TrustedInstaller.exe
PID: 5100 ( 616) svchost.exe
size: 20992


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2/22/2012 6:55:30 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://g.msn.com/HPDSK/1
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://g.msn.com/HPDSK/1
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://g.msn.com/HPDSK/1
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 5: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 6: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 7: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 8: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

ken545
2012-02-23, 04:10
Hi,

Lets try this

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses


:OTL



:Services

:Reg
[-HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}]

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

rookyboy
2012-02-23, 13:48
Alright ken545, the scans worked fine and the results are posted below!

Should I notice any changes to my computer as a result of what has been done??

Thanks!!



CUSTOM SCAN

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{419EDA30-6DFF-432C-B534-E15D899ABEE4}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Milo Hardt\Downloads\cmd.bat deleted successfully.
C:\Users\Milo Hardt\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Milo Hardt
->Temp folder emptied: 72327184 bytes
->Temporary Internet Files folder emptied: 393679561 bytes
->Java cache emptied: 2240986 bytes
->Flash cache emptied: 2252 bytes

User: Morgon Hardt
->Temp folder emptied: 18024202 bytes
->Temporary Internet Files folder emptied: 105665038 bytes
->Flash cache emptied: 28456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 605498 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 565.00 mb


OTL by OldTimer - Version 3.2.33.0 log created on 02232012_042846

Files\Folders moved on Reboot...
File\Folder C:\Users\Milo Hardt\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\MJR78N2Q\g5mPLpUUfWZedgC8tYtBm28It3lt1Jx-1lkP9-La0xsCqaceJlC8kMdSuazPejMEVCs6dzMjG-GdYpXXr2ybmo2IMWemZpU8Zbms0kSWYrlYb89PJRjrWScYb6rudt3Lft1gy5i4PYOd1kdaTj4_d9pK1vW_RyDR7A,,[1].css not found!
File\Folder C:\Users\Milo Hardt\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\MJR78N2Q\p1_RRvg6ud2IcpMZpZVuss8Ar0IYIbn7QeS1kQ0h7wlXW7_igqZxmub3uPXBUuu_KpkoLJCaTSjVEKTsXagNjZRq_u1RB8MozXugWJJyu8VwJj0Xr55dIC7JKtViPtIyOV8Osew5U2zGedJHoidBazZclfgBa6-KAw,,[1].css not found!
File\Folder C:\Users\Milo Hardt\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\MJR78N2Q\uBGkd3e-4gzv-E7PIeP8ezbFCK75f0oFn7ujjOjOAzO4tm4J6Bg4E6chgZ-pYtndAr5upTv6w9pX91-w0pr9_BoDrl1j-pVKscLR71b_6R7tSShuQaxQeooUsmu-1BgS9AoubGe3hPcDXBQ312eJa3UnLI2V9hvgzoKE[1].css not found!
File\Folder C:\Users\Milo Hardt\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\E0FHWE23\Qxd9mgoo-D4zaS4N-cSl8Q1q-dYBSgxkuSwixosR073YczHrMBi0XH5J9CHAFqS6xsihra8bZiUzelXzmchrBeH-i0qovZm2L4CCpb9k0XtSJ3MDPuj31JORENEl4NSsuKXYb45zttLuG-MK2tl4IqW7R0775BX04FJg,[1].js not found!
File\Folder C:\Users\Milo Hardt\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\38P8Y11R\ie33cpgj6dhi.ver.33.app.62dhh6thj8cb3.ver.28.app.64p33climcphh.ver.18.app.66c1j6ph68ohn.ver.13.app.66c9i6pj32d33.ver.11.app.6ae32cgp68pb6.ver.19.app.6cdj26sq3cdb6.ver[1].8 not found!
File\Folder C:\Users\Milo Hardt\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\38P8Y11R\QelvCIVfaTmnYa1xUAZH7QPE2fwtWbC25_-oCK6s5vAFAeVDDRNIWjXHn6ANP30zBC9Xb23hQRPhlbJKp545Sxpn9D7moGmcujlleUKpEA3G-2KcOZ-SEdKTjhHa1l1xI8t-XbsghBW3s-N6SxvN388hiIZ0_S-mrePb[1].css not found!
C:\Users\Milo Hardt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Milo Hardt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Milo Hardt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQN101FN\showthread[1].htm moved successfully.

Registry entries deleted on Reboot...




NEW OTL SCAN

OTL logfile created on: 2/23/2012 4:36:08 AM - Run 4
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Milo Hardt\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 79.95% Memory free
15.93 Gb Paging File | 14.14 Gb Available in Paging File | 88.77% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.81 Gb Total Space | 858.79 Gb Free Space | 93.26% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.52 Gb Free Space | 14.30% Space Free | Partition Type: NTFS

Computer Name: HARDT-HOME-PC | User Name: Milo Hardt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Milo Hardt\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Belkin Local Backup Service) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()
SRV:64bit: - (Belkin Network USB Helper) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\drivers\sxuptp.sys (silex technology, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Milo Hardt\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/03 16:19:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/03 16:19:55 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/23 04:28:48 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6F904B-FF9A-475A-A5E2-DB3A8ACD50D6}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c6088bf5-fc58-11de-8f84-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c6088bf5-fc58-11de-8f84-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/23 04:28:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/17 20:06:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/15 20:23:08 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 20:23:08 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 20:23:06 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/15 20:23:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 20:23:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 20:23:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 20:23:05 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/15 20:23:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/15 20:23:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 20:23:04 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/15 20:23:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 20:02:38 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 20:02:18 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 20:02:18 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 20:01:31 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/12 06:14:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/12 06:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/12 06:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/02/12 05:39:50 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\Desktop\ALL DESKTOP
[2012/02/11 05:40:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/09 21:18:05 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{B77C2D6C-57EC-41AE-85BF-003787D96790}
[2012/02/09 21:17:55 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{00BA94CA-B743-4969-A9D5-0534B8EB80B9}
[2012/02/09 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Roaming\Windows Live Writer
[2012/02/09 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\Windows Live Writer
[2012/02/09 21:15:00 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{8EAC654E-06DA-4828-98BD-CB0B8E91FF55}
[2012/02/09 21:14:47 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{9F71BCD5-63A6-4B7F-A2F0-E774A61434AF}
[2012/01/31 18:19:50 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 18:19:50 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 18:19:50 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 18:19:50 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 18:19:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/31 18:19:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[1 C:\Users\Milo Hardt\Documents\*.tmp files -> C:\Users\Milo Hardt\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/23 04:32:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/23 04:32:39 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/23 04:28:48 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/02/23 04:25:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/23 04:25:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 05:14:07 | 000,165,376 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\SystemLook_x64.exe
[2012/02/19 04:01:54 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 20:19:41 | 000,000,512 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\MBR.dat
[2012/02/18 08:58:42 | 000,746,934 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/18 08:58:42 | 000,629,186 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/18 08:58:42 | 000,108,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 04:55:30 | 000,436,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 20:28:02 | 000,743,718 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/12 06:13:36 | 000,001,070 | ---- | M] () -- C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/12 06:13:19 | 000,000,890 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\NTREGOPT.lnk
[2012/02/12 06:13:19 | 000,000,871 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\ERUNT.lnk
[2012/02/11 05:25:40 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMilo Hardt.job
[1 C:\Users\Milo Hardt\Documents\*.tmp files -> C:\Users\Milo Hardt\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 05:04:49 | 000,165,376 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\SystemLook_x64.exe
[2012/02/19 04:01:54 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 20:19:41 | 000,000,512 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\MBR.dat
[2012/02/12 06:13:36 | 000,001,070 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/12 06:13:19 | 000,000,890 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\NTREGOPT.lnk
[2012/02/12 06:13:19 | 000,000,871 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\ERUNT.lnk
[2011/11/20 16:13:15 | 002,710,180 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0625.JPG
[2011/06/02 12:13:45 | 000,003,584 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 15:34:50 | 000,001,854 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\GhostObjGAFix.xml
[2011/04/09 11:34:40 | 002,783,557 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0046.JPG
[2011/04/09 08:03:42 | 003,020,900 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0068.JPG
[2011/04/02 06:16:19 | 000,407,664 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010135.JPG
[2011/03/02 04:15:49 | 000,411,537 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010129.JPG
[2011/01/27 15:56:52 | 000,746,934 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/08 08:35:04 | 000,646,959 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpGATE.0
[2011/01/08 08:35:04 | 000,509,658 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpGATE.JPG
[2010/12/31 10:30:43 | 002,728,672 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0014.JPG
[2010/12/31 10:20:00 | 002,770,979 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0011.JPG
[2010/12/28 09:33:29 | 000,000,268 | RH-- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\vhosts
[2010/12/28 09:33:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Action Clauses
[2010/12/28 09:33:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/12/28 09:31:29 | 000,000,268 | RH-- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\manual
[2010/12/28 09:31:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\AccountTypes
[2010/12/28 09:31:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/26 08:58:55 | 000,434,264 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010116.JPG
[2010/11/21 10:48:35 | 000,144,364 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpBRAKE PADS EBC.JPG
[2010/11/13 13:00:09 | 000,422,805 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010108.JPG
[2010/10/24 09:47:02 | 000,427,405 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010093.JPG
[2010/10/24 09:45:32 | 000,427,111 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010098.JPG
[2010/10/24 09:44:54 | 000,434,975 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010095.JPG
[2010/10/17 09:56:57 | 000,428,767 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010087.JPG
[2010/09/18 14:58:25 | 000,430,749 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010046.0
[2010/09/18 14:58:25 | 000,140,488 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010046.JPG
[2010/08/14 19:23:09 | 000,652,799 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP5090168.0
[2010/08/14 19:23:09 | 000,507,631 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP5090168.JPG
[2010/08/14 19:20:42 | 000,705,410 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140194.JPG
[2010/08/14 19:18:36 | 000,699,902 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140195.JPG
[2010/08/14 19:18:01 | 000,725,967 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140196.JPG
[2010/08/14 19:13:45 | 000,448,766 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP6010188.JPG
[2010/08/14 19:13:44 | 000,666,530 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP6010188.0
[2010/07/30 08:56:12 | 000,000,228 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\wklnhst.dat
[2010/07/29 07:37:14 | 000,427,548 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010201.JPG
[2010/07/25 10:11:16 | 000,441,698 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010130.JPG
[2010/07/25 10:08:22 | 000,428,522 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010159.JPG
[2010/07/25 10:07:03 | 000,646,087 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4100140.JPG
[2010/07/25 10:02:25 | 000,430,241 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010125.JPG
[2010/07/25 09:59:52 | 000,645,888 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4110155.JPG
[2010/07/25 09:58:38 | 000,689,734 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4110146.JPG
[2010/07/25 09:57:56 | 000,688,881 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4100133.JPG
[2010/07/25 09:54:28 | 000,426,121 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010139.JPG
[2010/07/25 09:53:22 | 000,170,526 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010151_CROP.JPG
[2010/07/25 09:52:51 | 000,421,651 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010151.JPG
[2010/07/19 08:47:07 | 000,412,791 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010010.0
[2010/07/19 08:47:07 | 000,192,713 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010010.JPG
[2010/07/19 08:46:48 | 000,431,429 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010012.0
[2010/07/19 08:46:48 | 000,132,589 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010012.JPG
[2010/07/04 11:08:41 | 000,428,687 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010001.JPG
[2010/07/02 07:00:21 | 000,416,427 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010186.JPG
[2010/07/02 06:58:50 | 000,018,996 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpMUG SHOT.JPG
[2010/07/02 06:47:58 | 000,478,955 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpCANYON JUNE 2010 7.JPG
[2010/07/02 06:10:00 | 002,413,878 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpIMG_0018[1].0
[2010/07/02 06:10:00 | 001,085,043 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpIMG_0018[1].JPG
[2010/07/02 05:48:59 | 000,425,775 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010199.JPG
[2010/07/02 05:40:59 | 000,425,726 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010198.JPG
[2010/06/30 12:50:50 | 000,274,268 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.2
[2010/06/30 12:50:49 | 000,273,663 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.1
[2010/06/30 12:50:46 | 000,425,973 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.0
[2010/06/30 12:50:19 | 000,092,675 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196_CROP.JPG
[2010/06/30 12:50:19 | 000,092,567 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196_CROP.0
[2010/06/30 12:12:52 | 000,314,409 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010195.JPG
[2010/06/30 12:12:51 | 000,432,577 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010195.0
[2010/05/22 08:56:21 | 000,408,859 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010121.JPG
[2010/05/20 13:02:51 | 000,443,327 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010084.JPG
[2010/05/20 13:02:51 | 000,400,013 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010084.0
[2010/04/03 16:19:41 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/02 15:23:26 | 000,401,222 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010045.JPG
[2010/04/02 15:23:26 | 000,008,853 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010045_navi.JPG
[2010/04/02 15:22:33 | 000,257,005 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010047.JPG
[2010/03/20 14:41:36 | 000,415,997 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010047.0
[2010/03/20 08:40:34 | 000,201,574 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010105.JPG
[2010/03/20 08:40:34 | 000,200,480 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010105.0
[2010/03/18 10:21:27 | 000,224,464 | ---- | C] () -- C:\Windows\hpwins19.dat

< End of report >

ken545
2012-02-23, 14:24
No, this does not change anything. Scan with Spybot and see if clickpotato is gone

rookyboy
2012-02-24, 03:13
Ran the Spybot scan and clickpotato is still there.

So too in right media.

ken545
2012-02-24, 03:46
Ok, lets try this

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

rookyboy
2012-02-24, 14:35
ComboFix 12-02-24.01 - Milo Hardt 02/24/2012 5:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.5902 [GMT -7:00]
Running from: c:\users\Milo Hardt\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Milo Hardt\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Milo Hardt\AppData\Roaming\.#
c:\users\Milo Hardt\Documents\~WRL2323.tmp
c:\users\MILOHA~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.DetectEngine.DetectManager_259cd897-76bc-49a7-8e7c-14aab8fab77e\HP.ActiveCheckLocalMode.Ccl.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 12:22 . 2012-02-24 12:22 -------- d-----w- c:\users\Morgon Hardt\AppData\Local\temp
2012-02-24 12:22 . 2012-02-24 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 09:14 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D3DD14C-CB4C-48A1-AE28-A7878CC64928}\mpengine.dll
2012-02-23 11:28 . 2012-02-23 11:28 -------- d-----w- C:\_OTL
2012-02-18 03:06 . 2012-02-18 03:06 -------- d-----w- c:\windows\Sun
2012-02-16 03:02 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 03:02 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 03:02 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 03:02 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 03:02 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 03:02 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 03:01 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 03:01 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 13:13 . 2012-02-12 13:13 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-11 12:40 . 2012-02-11 12:40 -------- d-----w- c:\windows\system32\Macromed
2012-02-11 12:37 . 2012-02-11 12:37 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DCE70A0-AF51-4290-A5DF-49603CB8A76E}\gapaengine.dll
2012-02-10 04:17 . 2012-02-10 04:17 -------- d-----w- c:\users\Milo Hardt\AppData\Local\Windows Live Writer
2012-02-10 04:17 . 2012-02-10 04:17 -------- d-----w- c:\users\Milo Hardt\AppData\Roaming\Windows Live Writer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 09:58 . 2012-02-24 09:58 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-08 07:13 . 2010-12-02 11:42 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-02-24 00:30 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 11:46 . 2011-02-06 05:42 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-10 22:24 . 2010-03-04 01:51 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 12:52 . 2010-12-31 17:26 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-16 479232]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-30 1770400]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-18 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\HPCeeScheduleForMilo Hardt.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2011-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 365592]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-02-24 05:30:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 12:30
.
Pre-Run: 921,948,770,304 bytes free
Post-Run: 921,443,176,448 bytes free
.
- - End Of File - - AEFA13EC204C011A106B854E380E865B

ken545
2012-02-24, 16:52
Hi,

Right Media is a tracking cookie, when you remove it it may just come back, if you block all cookies then you may not be able to get into some websites so just use Spybot to remove them now and then


Lets run this through OTL

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses


:OTL
O3 - HKU\S-1-5-21-2206206495-3188505993-3120083476-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

:Services

:Reg

:Files





:Commands
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )






Then try running System Look in Safemode

:filefind
ClickPotatoLite
:folderfind
ClickPotatoLite
:Regfind
ClickPotatoLite




To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

rookyboy
2012-02-25, 04:15
Going well!

Below is the OTL Custom Scan/Fixes log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2206206495-3188505993-3120083476-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Milo Hardt
->Temp folder emptied: 204738 bytes
->Temporary Internet Files folder emptied: 42376864 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Morgon Hardt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4045 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb


OTL by OldTimer - Version 3.2.33.0 log created on 02242012_181045

Files\Folders moved on Reboot...
C:\Users\Milo Hardt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Milo Hardt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Milo Hardt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQ22JE3\showthread[1].htm moved successfully.

Registry entries deleted on Reboot...


Computer automatically rebooted after this scan and I did the OTL Run Scan and that log is pasted below.


OTL logfile created on: 2/24/2012 7:05:13 PM - Run 5
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Milo Hardt\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 4.26 Gb Available Physical Memory | 53.53% Memory free
15.93 Gb Paging File | 11.61 Gb Available in Paging File | 72.86% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.81 Gb Total Space | 858.23 Gb Free Space | 93.20% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.52 Gb Free Space | 14.30% Space Free | Partition Type: NTFS

Computer Name: HARDT-HOME-PC | User Name: Milo Hardt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Milo Hardt\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
PRC - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Belkin Local Backup Service) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()
SRV:64bit: - (Belkin Network USB Helper) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\drivers\sxuptp.sys (silex technology, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Milo Hardt\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/03 16:19:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/03 16:19:55 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/24 05:24:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6F904B-FF9A-475A-A5E2-DB3A8ACD50D6}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/24 17:29:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/24 05:30:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/24 05:17:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/24 05:17:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/24 05:17:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/24 05:17:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 05:16:51 | 004,419,010 | R--- | C] (Swearware) -- C:\Users\Milo Hardt\Desktop\ComboFix.exe
[2012/02/23 04:28:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/17 20:06:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/15 20:23:08 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 20:23:08 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 20:23:06 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/15 20:23:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 20:23:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 20:23:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 20:23:05 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/15 20:23:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/15 20:23:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 20:23:04 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/15 20:23:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 20:02:38 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 20:02:18 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 20:02:18 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 20:01:31 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/12 06:14:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/12 06:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/12 06:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/02/12 05:39:50 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\Desktop\ALL DESKTOP
[2012/02/11 05:40:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/09 21:18:05 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{B77C2D6C-57EC-41AE-85BF-003787D96790}
[2012/02/09 21:17:55 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{00BA94CA-B743-4969-A9D5-0534B8EB80B9}
[2012/02/09 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Roaming\Windows Live Writer
[2012/02/09 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\Windows Live Writer
[2012/02/09 21:15:00 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{8EAC654E-06DA-4828-98BD-CB0B8E91FF55}
[2012/02/09 21:14:47 | 000,000,000 | ---D | C] -- C:\Users\Milo Hardt\AppData\Local\{9F71BCD5-63A6-4B7F-A2F0-E774A61434AF}
[2012/01/31 18:19:50 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 18:19:50 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 18:19:50 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 18:19:50 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 18:19:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/31 18:19:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

========== Files - Modified Within 30 Days ==========

[2012/02/24 19:01:05 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 19:01:05 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 18:53:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/24 18:53:30 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/24 05:24:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/24 05:24:18 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMilo Hardt.job
[2012/02/24 05:17:20 | 004,419,010 | R--- | M] (Swearware) -- C:\Users\Milo Hardt\Desktop\ComboFix.exe
[2012/02/24 05:14:55 | 000,165,376 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\SystemLook_x64.exe
[2012/02/19 04:01:54 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 20:19:41 | 000,000,512 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\MBR.dat
[2012/02/18 08:58:42 | 000,746,934 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/18 08:58:42 | 000,629,186 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/18 08:58:42 | 000,108,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 04:55:30 | 000,436,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 20:28:02 | 000,743,718 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/12 06:13:36 | 000,001,070 | ---- | M] () -- C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/12 06:13:19 | 000,000,890 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\NTREGOPT.lnk
[2012/02/12 06:13:19 | 000,000,871 | ---- | M] () -- C:\Users\Milo Hardt\Desktop\ERUNT.lnk

========== Files Created - No Company Name ==========

[2012/02/24 05:17:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/24 05:17:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/24 05:17:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/24 05:17:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/24 05:17:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/20 05:04:49 | 000,165,376 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\SystemLook_x64.exe
[2012/02/19 04:01:54 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 20:19:41 | 000,000,512 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\MBR.dat
[2012/02/12 06:13:36 | 000,001,070 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/12 06:13:19 | 000,000,890 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\NTREGOPT.lnk
[2012/02/12 06:13:19 | 000,000,871 | ---- | C] () -- C:\Users\Milo Hardt\Desktop\ERUNT.lnk
[2011/11/20 16:13:15 | 002,710,180 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0625.JPG
[2011/06/02 12:13:45 | 000,003,584 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 15:34:50 | 000,001,854 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\GhostObjGAFix.xml
[2011/04/09 11:34:40 | 002,783,557 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0046.JPG
[2011/04/09 08:03:42 | 003,020,900 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0068.JPG
[2011/04/02 06:16:19 | 000,407,664 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010135.JPG
[2011/03/02 04:15:49 | 000,411,537 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010129.JPG
[2011/01/27 15:56:52 | 000,746,934 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/08 08:35:04 | 000,646,959 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpGATE.0
[2011/01/08 08:35:04 | 000,509,658 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpGATE.JPG
[2010/12/31 10:30:43 | 002,728,672 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0014.JPG
[2010/12/31 10:20:00 | 002,770,979 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpDSCN0011.JPG
[2010/12/28 09:33:29 | 000,000,268 | RH-- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\vhosts
[2010/12/28 09:33:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Action Clauses
[2010/12/28 09:33:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/12/28 09:31:29 | 000,000,268 | RH-- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\manual
[2010/12/28 09:31:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\AccountTypes
[2010/12/28 09:31:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/26 08:58:55 | 000,434,264 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010116.JPG
[2010/11/21 10:48:35 | 000,144,364 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpBRAKE PADS EBC.JPG
[2010/11/13 13:00:09 | 000,422,805 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010108.JPG
[2010/10/24 09:47:02 | 000,427,405 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010093.JPG
[2010/10/24 09:45:32 | 000,427,111 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010098.JPG
[2010/10/24 09:44:54 | 000,434,975 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010095.JPG
[2010/10/17 09:56:57 | 000,428,767 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010087.JPG
[2010/09/18 14:58:25 | 000,430,749 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010046.0
[2010/09/18 14:58:25 | 000,140,488 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010046.JPG
[2010/08/14 19:23:09 | 000,652,799 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP5090168.0
[2010/08/14 19:23:09 | 000,507,631 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP5090168.JPG
[2010/08/14 19:20:42 | 000,705,410 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140194.JPG
[2010/08/14 19:18:36 | 000,699,902 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140195.JPG
[2010/08/14 19:18:01 | 000,725,967 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP8140196.JPG
[2010/08/14 19:13:45 | 000,448,766 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP6010188.JPG
[2010/08/14 19:13:44 | 000,666,530 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP6010188.0
[2010/07/30 08:56:12 | 000,000,228 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Roaming\wklnhst.dat
[2010/07/29 07:37:14 | 000,427,548 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010201.JPG
[2010/07/25 10:11:16 | 000,441,698 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010130.JPG
[2010/07/25 10:08:22 | 000,428,522 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010159.JPG
[2010/07/25 10:07:03 | 000,646,087 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4100140.JPG
[2010/07/25 10:02:25 | 000,430,241 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010125.JPG
[2010/07/25 09:59:52 | 000,645,888 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4110155.JPG
[2010/07/25 09:58:38 | 000,689,734 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4110146.JPG
[2010/07/25 09:57:56 | 000,688,881 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP4100133.JPG
[2010/07/25 09:54:28 | 000,426,121 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010139.JPG
[2010/07/25 09:53:22 | 000,170,526 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010151_CROP.JPG
[2010/07/25 09:52:51 | 000,421,651 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010151.JPG
[2010/07/19 08:47:07 | 000,412,791 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010010.0
[2010/07/19 08:47:07 | 000,192,713 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010010.JPG
[2010/07/19 08:46:48 | 000,431,429 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010012.0
[2010/07/19 08:46:48 | 000,132,589 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010012.JPG
[2010/07/04 11:08:41 | 000,428,687 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010001.JPG
[2010/07/02 07:00:21 | 000,416,427 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010186.JPG
[2010/07/02 06:58:50 | 000,018,996 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpMUG SHOT.JPG
[2010/07/02 06:47:58 | 000,478,955 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpCANYON JUNE 2010 7.JPG
[2010/07/02 06:10:00 | 002,413,878 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpIMG_0018[1].0
[2010/07/02 06:10:00 | 001,085,043 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpIMG_0018[1].JPG
[2010/07/02 05:48:59 | 000,425,775 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010199.JPG
[2010/07/02 05:40:59 | 000,425,726 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010198.JPG
[2010/06/30 12:50:50 | 000,274,268 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.2
[2010/06/30 12:50:49 | 000,273,663 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.1
[2010/06/30 12:50:46 | 000,425,973 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196.0
[2010/06/30 12:50:19 | 000,092,675 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196_CROP.JPG
[2010/06/30 12:50:19 | 000,092,567 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010196_CROP.0
[2010/06/30 12:12:52 | 000,314,409 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010195.JPG
[2010/06/30 12:12:51 | 000,432,577 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010195.0
[2010/05/22 08:56:21 | 000,408,859 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010121.JPG
[2010/05/20 13:02:51 | 000,443,327 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010084.JPG
[2010/05/20 13:02:51 | 000,400,013 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010084.0
[2010/04/03 16:19:41 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/02 15:23:26 | 000,401,222 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010045.JPG
[2010/04/02 15:23:26 | 000,008,853 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010045_navi.JPG
[2010/04/02 15:22:33 | 000,257,005 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010047.JPG
[2010/03/20 14:41:36 | 000,415,997 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010047.0
[2010/03/20 08:40:34 | 000,201,574 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010105.JPG
[2010/03/20 08:40:34 | 000,200,480 | ---- | C] () -- C:\Users\Milo Hardt\AppData\Local\tmpP1010105.0
[2010/03/18 10:21:27 | 000,224,464 | ---- | C] () -- C:\Windows\hpwins19.dat

< End of report >


I will now reboot my computer in Safe Mode and attempt to run System Look.

Thanks a BUNCH!!

rookyboy
2012-02-25, 04:28
Ok ken545.

I rebooted the computer in Safe Mode and attempted to run System Look.

Same results as before.

Still getting the System Error Script required box when I hit the Look button.

Dang it!

ken545
2012-02-25, 04:37
Try running this tool first and then give System Look another shot, but what I would do first is drag System Look to the trash and redownload a fresh copy, make sure you use the 64 bit version and try using Firefox to download it in lew of IE


Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

rookyboy
2012-02-27, 14:29
I ran SpyBot again and potatolite was gone. We must have been successful.

I have one last question for you, if you please.

I currently run Malwarbytes and Spybot regularly on my computer (usually once a week) and I also have Microsoft Essentials, too. I do not have any other security/anti-virus programs on my computer. Years ago I tried Norton Utilities on an older computer and it slowed the thing down something terrible. I eventually took it off the computer.

Would you recommend that I put an antivirus program on this computer and which one would you recommend. I'm running Windows 7 on an HP p6267c computer.

Thank you so very much ken545, as your help has been stupendous!! :thanks:

Have an outstanding day! :2thumb:

ken545
2012-02-27, 19:08
Hi,

Microsoft Essentials<-- This actually is a nice program and along with Spybot and Malwarebytes you should be ok, ME includes Anti Virus so no do not install another one. You can upgrade to the Pro version of Malwarebytes, it includes a Protection module that will prevent most bad sites from loading,the cost is minimal but this of course is up to you.


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken