Page 1 of 5 12345 LastLast
Results 1 to 10 of 49

Thread: My giftload.click problem woops

  1. #1
    Member
    Join Date
    Mar 2011
    Posts
    30

    Default My giftload.click problem woops

    Hello- I seem to have gotten this terrible infection yesterday. I think I picked it up from a google image result page when I visited a wallpapers page but didnt download anything intentionally. I saw a pop-up and tried to click No but I think I clicked the wrong button when going too quickly. I aborted the install process I thought, but not fast enough.

    I have a C drive with opsys and regular files but I also use 2 other internal drives in RAID1

    Windows Vista Business SP1
    I use only firefox for browsing- no IE
    I used IOLO System mechanic pro 10 on startup with all features enabled.
    I have SpybotSD
    I have Spyware doctor.

    I checked the FAQs and downloaded Erunt and DDS
    Erunt seems to have made a backup OK but after trying to run DDS, the txt I see is just full of garbled characters.

    I have my laptop running also but they do not share drives and I have not used a thumbdrive at all this week.

    Any help is appreciated.

    Here is my Spybot log file from my last run an hour ago.
    I am on Eastern time US

    --- Search result list ---
    Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2011-03-29 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-03-22 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2010-11-30 Includes\Hijackers.sbi (*)
    2011-03-08 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-02-24 Includes\Malware.sbi (*)
    2011-03-22 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-03-15 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2011-03-08 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-03-15 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2010-12-28 Includes\Trojans.sbi (*)
    2011-03-22 Includes\TrojansC-02.sbi (*)
    2011-03-03 Includes\TrojansC-03.sbi (*)
    2011-03-08 Includes\TrojansC-04.sbi (*)
    2011-03-21 Includes\TrojansC-05.sbi (*)
    2011-03-08 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)


    --- Startup entries list ---
    Located: HK_LM:Run, Conime
    command: %windir%\system32\conime.exe
    file: C:\Windows\system32\conime.exe
    size: 69120
    MD5: F96EBC5A624349D81DCC7600A3C5DC43

    Located: HK_LM:Run, Corel File Shell Monitor
    command: C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    file: C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    size: 16712
    MD5: B4A8BA5ABF4BDBE0171ED23F7535654A

    Located: HK_LM:Run, EKIJ5000StatusMonitor
    command: C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    file: C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    size: 1638400
    MD5: A3CF6E5E3AF52AEC92551A6D4F011C3D

    Located: HK_LM:Run, HDAudDeck
    command: C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
    file: C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
    size: 15519744
    MD5: 01BE90D0E016D674D1DD4A26387EDECE

    Located: HK_LM:Run, iolo Startup
    command: "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
    file: C:\Program Files\iolo\Common\Lib\ioloLManager.exe
    size: 434360
    MD5: 48536B1B118F6AFD39DB547947AE83AD

    Located: HK_LM:Run, ISTray
    command: "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
    file: C:\Program Files\PC Tools Security\pctsGui.exe
    size: 1589208
    MD5: 79F731182BB91E6BEE76803BF968C4AA

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 421160
    MD5: 2DFCB2393528446AEB9FB861A8FC39AB

    Located: HK_LM:Run, NvCplDaemon
    command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    file: C:\Windows\system32\NvCpl.dll
    size: 13535776
    MD5: 7522597DD61F651A95A471D798E08304

    Located: HK_LM:Run, Windows Defender
    command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    file: C:\Program Files\Windows Defender\MSASCui.exe
    size: 1008184
    MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

    Located: HK_CU:Run, Irocamodetak
    where: S-1-5-21-522819725-4015885625-1306769688-1000...
    command: rundll32.exe "C:\Users\1\AppData\Local\mscluay.dll",Startup
    file: "C:\Users\1\AppData\Local\mscluay.dll"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {D4027C7F-154A-4066-A1AD-4243D8127440} (Ask Toolbar BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Ask Toolbar BHO
    CLSID name:

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 9/15/2010 7:20:48 AM
    Date (last access): 11/19/2010 1:16:04 PM
    Date (last write): 9/15/2010 7:20:48 AM
    Filesize: 41760
    Attributes: archive
    MD5: 3F59EDE1444C14CFBAA15C7EBBFE6196
    CRC32: 847C94E6
    Version: 6.0.220.4



    --- ActiveX list ---
    {483EB14D-AF1C-4951-81B0-4E2B41829FF6} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase: https://www.select2perform.com/cabs/QOLCheck.ocx

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_22
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 11/18/2010 4:16:58 PM
    Date (last access): 9/15/2074 5:52:30 AM
    Date (last write): 9/15/2010 5:50:40 AM
    Filesize: 108320
    Attributes: archive
    MD5: 6A25F175BC9D7709ABEA66086489121D
    CRC32: 3BFA8F9A
    Version: 6.0.220.4

    {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_05
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_05.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 11/18/2010 4:16:58 PM
    Date (last access): 9/15/2074 5:52:30 AM
    Date (last write): 9/15/2010 5:50:40 AM
    Filesize: 108320
    Attributes: archive
    MD5: 6A25F175BC9D7709ABEA66086489121D
    CRC32: 3BFA8F9A
    Version: 6.0.220.4

    {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_22
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 11/18/2010 4:16:58 PM
    Date (last access): 9/15/2074 5:52:30 AM
    Date (last write): 9/15/2010 5:50:40 AM
    Filesize: 108320
    Attributes: archive
    MD5: 6A25F175BC9D7709ABEA66086489121D
    CRC32: 3BFA8F9A
    Version: 6.0.220.4

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_22
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_22.dll
    Short name: NPJPI1~1.DLL
    Date (created): 9/15/2010 3:29:52 AM
    Date (last access): 9/15/2074 5:52:42 AM
    Date (last write): 9/15/2010 5:50:46 AM
    Filesize: 141088
    Attributes: archive
    MD5: AFB7EFCDE5277F6514EF0E9FF8D8D862
    CRC32: 2A43B8CC
    Version: 6.0.220.4



    --- Process list ---
    PID: 2128 (2076) C:\Program Files\PC Tools Security\pctsGui.exe
    size: 1589208
    MD5: 79F731182BB91E6BEE76803BF968C4AA
    PID: 2816 (1120) C:\Windows\system32\Dwm.exe
    size: 81920
    MD5: 59903071D7ACE6A02093C47E9E38AF97
    PID: 4040 (2136) C:\Windows\Explorer.EXE
    size: 2927104
    MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
    PID: 2668 (1140) C:\Windows\system32\wuauclt.exe
    size: 53472
    MD5: 62BB79160F86CD962F312C68C6239BFD
    PID: 2900 (4040) C:\Program Files\Windows Defender\MSASCui.exe
    size: 1008184
    MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
    PID: 4084 (4040) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
    size: 15519744
    MD5: 01BE90D0E016D674D1DD4A26387EDECE
    PID: 3540 (4040) C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    size: 16712
    MD5: B4A8BA5ABF4BDBE0171ED23F7535654A
    PID: 3204 (4040) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    size: 1638400
    MD5: A3CF6E5E3AF52AEC92551A6D4F011C3D
    PID: 3848 (4040) C:\Program Files\iTunes\iTunesHelper.exe
    size: 421160
    MD5: 2DFCB2393528446AEB9FB861A8FC39AB
    PID: 3168 (4040) C:\Windows\System32\rundll32.exe
    size: 44544
    MD5: 4B555106290BD117334E9A08761C035A
    PID: 3712 (4040) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 912344
    MD5: 0F3FA9FDB976C567EC0491685CF4FDF7
    PID: 4056 (2904) C:\Windows\system32\taskeng.exe
    size: 171520
    MD5: EAFB5897AC9CD84890171AC38862320F
    PID: 5440 (2904) C:\Windows\system32\wuauclt.exe
    size: 53472
    MD5: 62BB79160F86CD962F312C68C6239BFD
    PID: 5248 (4040) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 468 ( 4) smss.exe
    size: 64000
    PID: 560 ( 548) csrss.exe
    size: 6144
    PID: 608 ( 548) wininit.exe
    size: 96768
    PID: 616 ( 600) csrss.exe
    size: 6144
    PID: 652 ( 608) services.exe
    size: 279040
    PID: 664 ( 608) lsass.exe
    size: 9728
    PID: 672 ( 608) lsm.exe
    size: 229888
    PID: 700 ( 600) winlogon.exe
    size: 314880
    PID: 860 ( 652) svchost.exe
    size: 21504
    PID: 912 ( 652) nvvsvc.exe
    size: 118784
    PID: 940 ( 652) svchost.exe
    size: 21504
    PID: 1016 ( 652) svchost.exe
    size: 21504
    PID: 1088 ( 652) svchost.exe
    size: 21504
    PID: 1120 ( 652) svchost.exe
    size: 21504
    PID: 1288 (1088) audiodg.exe
    size: 88064
    PID: 1316 ( 652) svchost.exe
    size: 21504
    PID: 1380 ( 652) SLsvc.exe
    size: 2623488
    PID: 1440 ( 652) svchost.exe
    size: 21504
    PID: 1528 ( 912) rundll32.exe
    size: 44544
    PID: 1592 ( 652) svchost.exe
    size: 21504
    PID: 1864 ( 652) spoolsv.exe
    size: 126464
    PID: 1904 ( 652) svchost.exe
    size: 21504
    PID: 528 ( 652) AppleMobileDeviceService.exe
    PID: 524 ( 652) mDNSResponder.exe
    PID: 1516 ( 652) ekdiscovery.exe
    PID: 1408 ( 652) svchost.exe
    size: 21504
    PID: 1644 ( 652) PsiService_2.exe
    PID: 2060 ( 652) pctsAuxs.exe
    PID: 2076 ( 652) pctsSvc.exe
    PID: 2168 ( 652) svchost.exe
    size: 21504
    PID: 2196 ( 652) vsedsps.exe
    PID: 2252 ( 652) svchost.exe
    size: 21504
    PID: 2312 ( 652) SearchIndexer.exe
    size: 302080
    PID: 2344 ( 652) vseamps.exe
    PID: 2448 ( 652) SDWinSec.exe
    MD5: 794D4B48DFB6E999537C7C3947863463
    PID: 2548 (1120) WUDFHost.exe
    size: 142336
    PID: 2528 ( 652) iPodService.exe
    PID: 2904 ( 652) svchost.exe
    size: 21504
    PID: 4504 (2904) taskeng.exe
    size: 171520
    PID: 5688 (2904) taskeng.exe
    size: 171520
    PID: 4460 (4040) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 912344
    MD5: 0F3FA9FDB976C567EC0491685CF4FDF7
    PID: 5168 (2312) SearchProtocolHost.exe
    size: 179200
    PID: 4224 (2312) SearchFilterHost.exe
    size: 76800


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 3/30/2011 4:22:06 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\System32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896


    --- Winsock Layered Service Provider list ---
    Protocol 0: iolo System Shield over [MSAFD Tcpip [TCP/IP]]
    GUID: {675963A8-C019-4E5C-B384-3311400E063C}
    Filename: C:\Windows\system32\iavlsp.dll

    Protocol 1: iolo System Shield over [MSAFD Tcpip [UDP/IP]]
    GUID: {2E3F279E-FE22-4166-A228-DAF44EB32487}
    Filename: C:\Windows\system32\iavlsp.dll

    Protocol 2: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 4: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 5: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 6: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 7: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 8: RSVP TCPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 9: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 10: RSVP UDPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 11: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 12: iolo System Shield
    GUID: {4BBEB896-088E-44CB-A88F-193AD0CCABEC}
    Filename: C:\Windows\system32\iavlsp.dll

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9591D242-AFC1-4FB2-804F-63B35A98AE69}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9591D242-AFC1-4FB2-804F-63B35A98AE69}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{44E983D2-22F1-4957-80A8-3D098BC11B18}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{44E983D2-22F1-4957-80A8-3D098BC11B18}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8140FCBC-F926-41EB-BE7F-D03644C5AC3B}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8140FCBC-F926-41EB-BE7F-D03644C5AC3B}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9591D242-AFC1-4FB2-804F-63B35A98AE69}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9591D242-AFC1-4FB2-804F-63B35A98AE69}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 1: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 2: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 3: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 4: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 5: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 6: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.



    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please







    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Mar 2011
    Posts
    30

    Default

    Hi Ken! Thanks for helping.
    I ran ATF cleaner like you asked.

    I ran Malwarebytes after that. Here is the results log from that scan...
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6221

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19019

    3/30/2011 9:12:13 PM
    mbam-log-2011-03-30 (21-12-13).txt

    Scan type: Quick scan
    Objects scanned: 141146
    Time elapsed: 5 minute(s), 35 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    c:\Windows\System32\config\systemprofile\AppData\Local\eba.exe (Trojan.Agent) -> 2088 -> Unloaded process successfully.
    c:\Windows\System32\config\systemprofile\AppData\Local\eba.exe (Trojan.Agent) -> 4116 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Irocamodetak (Trojan.Hiloti.Gen) -> Value: Irocamodetak -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\eba.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\System32\config\systemprofile\AppData\Local\eba.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\1\AppData\Local\mscluay.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
    c:\Users\1\local settings\application data\mscluay.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.


    I am going to run OLT now since you asked that I post this log result and then mentioned the OLD scan in your instructions.

  4. #4
    Member
    Join Date
    Mar 2011
    Posts
    30

    Default

    Hi Ken, here is my OLT log...standing by.

    OTL logfile created on: 3/30/2011 9:28:53 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\1\Desktop
    Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 49.44 Gb Free Space | 33.17% Space Free | Partition Type: NTFS
    Drive J: | 464.84 Gb Total Space | 283.30 Gb Free Space | 60.95% Space Free | Partition Type: NTFS

    Computer Name: DAVESBIGMACHINE | User Name: 1 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\1\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe ()
    PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
    PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
    PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
    PRC - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
    PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
    PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
    PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
    PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\1\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
    MOD - C:\Program Files\PC Tools Security\PCTGMhk.dll (PC Tools)


    ========== Win32 Services (SafeList) ==========

    SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
    SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
    SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
    SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
    SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
    SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc)
    SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
    SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
    DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)
    DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
    DRV - (FileDisk) -- C:\Windows\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo BrantÚn))
    DRV - (AMP) -- C:\Windows\System32\drivers\amp.sys (Authentium, Inc)
    DRV - (AMPSE) -- C:\Windows\System32\drivers\ampse.sys (Authentium, Inc)
    DRV - (ElRawDisk) -- C:\Windows\System32\drivers\ElRawDsk.sys (EldoS Corporation)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
    DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
    DRV - (nsiproxy) -- C:\Windows\System32\drivers\nsiproxy.sys ()
    DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc)
    DRV - (SI3114r) -- C:\Windows\system32\DRIVERS\SI3114r.sys (Silicon Image, Inc)
    DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-522819725-4015885625-1306769688-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-522819725-4015885625-1306769688-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-522819725-4015885625-1306769688-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C EB 20 59 84 C8 CB 01 [binary data]
    IE - HKU\S-1-5-21-522819725-4015885625-1306769688-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-522819725-4015885625-1306769688-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-522819725-4015885625-1306769688-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
    FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
    FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
    FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
    FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
    FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
    FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 23:09:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 23:09:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/02/18 16:17:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2011/03/07 23:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\Mozilla\Extensions
    [2011/02/18 16:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/03/07 23:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
    [2011/03/30 14:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions
    [2010/11/18 00:14:03 | 000,000,000 | ---D | M] (Map This) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3f3a}
    [2010/11/21 01:04:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/08 00:10:40 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
    [2011/02/09 14:38:50 | 000,000,000 | ---D | M] ("Gmail Checker") -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}
    [2011/03/29 19:19:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/03/12 14:20:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2010/11/18 00:16:51 | 000,000,000 | ---D | M] (Zoom toolbar) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\{FBFB7597-9E32-46b4-A500-8B6B0412777F}
    [2011/03/29 19:19:41 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\foxmarks@kei.com
    [2011/03/25 16:19:58 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\piclens@cooliris.com
    [2011/03/25 16:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\piclens@cooliris.com-trash
    [2011/01/26 13:54:53 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\printpdf@pavlov.net
    [2011/03/22 09:59:34 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6bl6f5bf.default\extensions\screencaptureelite@plugin
    [2011/02/09 14:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/18 16:17:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/11/19 13:17:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/03/07 23:04:02 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
    [2011/03/07 23:04:02 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
    [2011/03/07 23:04:02 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
    [2011/03/07 23:04:01 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
    [2011/03/07 23:04:01 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
    [2011/03/07 23:04:01 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
    [2011/03/07 23:04:01 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
    [2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/03/29 23:30:54 | 000,431,419 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 14852 more lines...
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-522819725-4015885625-1306769688-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
    O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
    O13 - gopher Prefix: missing
    O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\eba.exe" -a "%1" %*
    O35 - HKU\S-1-5-21-522819725-4015885625-1306769688-1000..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\eba.exe" -a "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\eba.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\eba.exe" -a "%1" %*
    O37 - HKU\S-1-5-21-522819725-4015885625-1306769688-1000\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/30 21:04:30 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Malwarebytes
    [2011/03/30 21:04:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/03/30 21:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/30 21:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/30 21:04:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/03/30 21:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/03/30 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\1\Desktop\insightdesk
    [2011/03/30 20:47:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe
    [2011/03/30 20:45:24 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\1\Desktop\ATF-Cleaner.exe
    [2011/03/30 15:55:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/30 15:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/03/30 15:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/03/30 07:22:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/03/29 23:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/03/29 23:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/03/29 23:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/03/29 20:34:56 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
    [2011/03/29 20:34:56 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
    [2011/03/29 20:34:55 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
    [2011/03/29 20:34:55 | 000,103,232 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
    [2011/03/29 20:34:52 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
    [2011/03/29 20:34:52 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
    [2011/03/29 20:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
    [2011/03/29 20:34:43 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
    [2011/03/29 20:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/03/29 20:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/03/29 20:15:36 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\A73E968968A3CE87240B6191056A7C13
    [2011/03/16 18:26:56 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offreg.dll
    [2011/03/09 10:06:14 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2011/03/09 10:06:14 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
    [2011/03/09 10:06:13 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
    [2011/03/09 10:06:13 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
    [2011/03/08 16:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    [2011/03/08 16:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
    [2011/03/08 16:07:46 | 004,537,088 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Users\1\Desktop\duplicate-file-finder-setup.exe
    [2011/03/07 23:04:22 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Greyfirst
    [2011/03/07 23:04:22 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\Greyfirst
    [2011/03/07 23:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtx
    [2011/03/07 23:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Celtx
    [2011/03/02 17:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/30 21:21:14 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/03/30 21:21:14 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/03/30 21:16:48 | 000,000,448 | ---- | M] () -- C:\Windows\System32\iolo.ini
    [2011/03/30 21:16:27 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/30 21:16:20 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/30 21:16:20 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/30 21:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/30 21:15:59 | 2144,493,568 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/30 21:12:04 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/30 21:04:47 | 000,009,946 | -HS- | M] () -- C:\Users\1\AppData\Local\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
    [2011/03/30 21:04:25 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/30 20:53:29 | 000,009,954 | -HS- | M] () -- C:\ProgramData\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
    [2011/03/30 20:47:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe
    [2011/03/30 20:45:25 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\1\Desktop\ATF-Cleaner.exe
    [2011/03/30 20:43:36 | 000,001,356 | ---- | M] () -- C:\Users\1\AppData\Local\d3d9caps.dat
    [2011/03/30 17:28:04 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/03/30 15:55:32 | 000,000,746 | ---- | M] () -- C:\Users\1\Desktop\ERUNT.lnk
    [2011/03/30 15:23:08 | 000,625,664 | ---- | M] () -- C:\Users\1\Desktop\dds.scr
    [2011/03/29 23:30:54 | 000,431,419 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/03/29 23:29:36 | 000,431,419 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110329-233054.backup
    [2011/03/29 20:35:15 | 001,772,938 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/03/25 18:05:16 | 000,002,121 | ---- | M] () -- C:\Users\1\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk
    [2011/03/15 15:24:20 | 000,087,688 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
    [2011/03/15 15:23:32 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\smrgdf.exe
    [2011/03/15 15:23:26 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\iolobtdfg.exe
    [2011/03/15 15:21:16 | 002,234,552 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\Incinerator.dll
    [2011/03/15 12:10:27 | 002,503,745 | ---- | M] () -- C:\Users\1\Desktop\Amy Ernst greatest person of the day Huffington.jpeg
    [2011/03/08 16:07:49 | 004,537,088 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Users\1\Desktop\duplicate-file-finder-setup.exe
    [2011/03/07 23:04:10 | 000,001,670 | ---- | M] () -- C:\Users\1\Application Data\Microsoft\Internet Explorer\Quick Launch\Celtx.lnk
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/03/30 21:16:48 | 000,000,448 | ---- | C] () -- C:\Windows\System32\iolo.ini
    [2011/03/30 21:04:25 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/30 20:50:06 | 2144,493,568 | -HS- | C] () -- C:\hiberfil.sys
    [2011/03/30 20:43:09 | 000,009,946 | -HS- | C] () -- C:\Users\1\AppData\Local\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
    [2011/03/30 16:33:41 | 000,009,954 | -HS- | C] () -- C:\ProgramData\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
    [2011/03/30 15:55:32 | 000,000,746 | ---- | C] () -- C:\Users\1\Desktop\ERUNT.lnk
    [2011/03/30 15:23:04 | 000,625,664 | ---- | C] () -- C:\Users\1\Desktop\dds.scr
    [2011/03/25 18:05:16 | 000,002,121 | ---- | C] () -- C:\Users\1\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk
    [2011/03/15 12:10:25 | 002,503,745 | ---- | C] () -- C:\Users\1\Desktop\Amy Ernst greatest person of the day Huffington.jpeg
    [2011/03/07 23:04:10 | 000,001,670 | ---- | C] () -- C:\Users\1\Application Data\Microsoft\Internet Explorer\Quick Launch\Celtx.lnk
    [2011/02/09 17:18:52 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/02/09 14:16:25 | 000,000,094 | ---- | C] () -- C:\Windows\awshkwv.ini
    [2011/02/04 20:33:09 | 000,000,010 | ---- | C] () -- C:\Windows\Wininit.ini
    [2010/12/17 20:24:26 | 000,009,216 | ---- | C] () -- C:\Users\1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/21 00:45:52 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
    [2010/11/18 18:07:41 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI
    [2010/11/18 17:35:19 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2010/11/17 23:54:02 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2010/11/17 22:13:09 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
    [2010/11/17 22:13:01 | 000,030,434 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2010/11/17 22:09:26 | 000,001,356 | ---- | C] () -- C:\Users\1\AppData\Local\d3d9caps.dat
    [2009/12/20 21:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
    [2008/01/20 22:25:51 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2008/01/20 22:25:11 | 000,016,384 | ---- | C] () -- C:\Windows\System32\drivers\nsiproxy.sys
    [2008/01/20 22:24:41 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2007/12/28 03:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
    [2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:43 | 000,251,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 06:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

    ========== LOP Check ==========

    [2011/03/29 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\A73E968968A3CE87240B6191056A7C13
    [2011/03/30 12:15:46 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\BitTorrent
    [2010/11/18 12:22:06 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Foxit Software
    [2011/03/07 23:04:22 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Greyfirst
    [2010/12/16 16:11:16 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\iolo
    [2010/11/20 20:54:01 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\NeatImage PS
    [2010/11/23 10:29:19 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\OpenOffice.org
    [2011/01/26 13:42:45 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\PrimoPDF
    [2011/03/01 15:19:38 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Temp
    [2011/02/18 16:18:09 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Thunderbird
    [2011/03/30 21:13:29 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

    < End of report >

  5. #5
    Member
    Join Date
    Mar 2011
    Posts
    30

    Default

    OTL Extras logfile created on: 3/30/2011 9:28:54 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\1\Desktop
    Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 49.44 Gb Free Space | 33.17% Space Free | Partition Type: NTFS
    Drive J: | 464.84 Gb Total Space | 283.30 Gb Free Space | 60.95% Space Free | Partition Type: NTFS

    Computer Name: DAVESBIGMACHINE | User Name: 1 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\eba.exe" -a "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\eba.exe" -a "%1" %*

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\eba.exe" -a "%1" %*

    [HKEY_USERS\S-1-5-21-522819725-4015885625-1306769688-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\eba.exe" -a "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0A8A8058-DA51-4421-BF54-E9202790A6A4}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
    "{B1D1F633-0246-4A4D-AA6C-86E0C8F51405}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0138D0BB-7F4B-455E-A0E4-53C0422709BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{5EDD8C94-953B-4137-82B9-C39602BE05D2}" = protocol=6 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
    "{A9718FA5-33F8-4437-807A-6B7345DA789A}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{E262BA75-18B5-4246-8238-D689FDF01014}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FB253B2B-5A03-420D-8793-6FD6948F98A2}" = protocol=17 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
    "TCP Query User{6A683606-2861-454E-AD38-84A8C8AD1EF5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{C6EE8DEF-E2CB-43D4-9B38-C0C4B9395A04}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
    "TCP Query User{E75502DE-1F00-48F0-8DF2-D1ACAFF6ABF8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{1D671F8C-9446-4B65-8257-C4AAE1940031}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{510AD074-BB5F-422F-9A58-3D5EA0D34C43}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
    "UDP Query User{FE43DC31-A168-415D-8531-40C2543D7C91}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
    "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56BA241F-580C-43D2-8403-947241AAE633}" = center
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
    "{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
    "{C158BAF3-D76F-FE96-2934-A5940020A971}" = ATI Catalyst Install Manager
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
    "{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
    "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
    "{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Celtx (2.9)" = Celtx (2.9)
    "ERUNT_is1" = ERUNT 1.1j
    "Eye Candy 3" = Eye Candy 3
    "Eye Candy 4000" = Eye Candy 4000 Demo
    "Foxit PDF Editor" = Foxit PDF Editor
    "Foxit Reader" = Foxit Reader
    "Google Chrome" = Google Chrome
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
    "Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
    "Neat Image_is1" = Neat Image v6 Demo (with plug-in)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Picasa 3" = Picasa 3
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "Spyware Doctor" = Spyware Doctor 8.0
    "virtualPhotographer_is1" = virtualPhotographer 1.5.6
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/30/2011 6:03:45 PM | Computer Name = davesbigmachine | Source = SPP | ID = 16387
    Description =

    Error - 3/30/2011 6:03:45 PM | Computer Name = davesbigmachine | Source = System Restore | ID = 8193
    Description =

    Error - 3/30/2011 7:13:10 PM | Computer Name = davesbigmachine | Source = SPP | ID = 16387
    Description =

    Error - 3/30/2011 7:13:10 PM | Computer Name = davesbigmachine | Source = System Restore | ID = 8193
    Description =

    Error - 3/30/2011 7:13:10 PM | Computer Name = davesbigmachine | Source = System Restore | ID = 8210
    Description =

    Error - 3/30/2011 8:24:29 PM | Computer Name = davesbigmachine | Source = WinMgmt | ID = 10
    Description =

    Error - 3/30/2011 8:41:33 PM | Computer Name = davesbigmachine | Source = WinMgmt | ID = 10
    Description =

    Error - 3/30/2011 8:41:48 PM | Computer Name = davesbigmachine | Source = EventSystem | ID = 4609
    Description =

    Error - 3/30/2011 8:50:48 PM | Computer Name = davesbigmachine | Source = WinMgmt | ID = 10
    Description =

    Error - 3/30/2011 9:16:44 PM | Computer Name = davesbigmachine | Source = WinMgmt | ID = 10
    Description =

    [ iolo Applications Events ]
    Error - 3/30/2011 1:16:35 AM | Computer Name = davesbigmachine | Source = System Shield | ID = 17
    Description =

    Error - 3/30/2011 1:17:08 AM | Computer Name = davesbigmachine | Source = System Shield | ID = 17
    Description =

    Error - 3/30/2011 1:42:52 AM | Computer Name = davesbigmachine | Source = System Shield | ID = 17
    Description =

    Error - 3/30/2011 4:18:09 AM | Computer Name = davesbigmachine | Source = System Shield | ID = 17
    Description =

    Error - 3/30/2011 7:18:09 AM | Computer Name = davesbigmachine | Source = System Shield | ID = 17
    Description =

    Error - 3/30/2011 10:19:09 AM | Computer Name = davesbigmachine | Source = System Shield | ID = 17
    Description =

    [ System Events ]
    Error - 3/16/2011 6:29:23 PM | Computer Name = davesbigmachine | Source = HTTP | ID = 15016
    Description =

    Error - 3/16/2011 7:12:47 PM | Computer Name = davesbigmachine | Source = HTTP | ID = 15016
    Description =

    Error - 3/17/2011 12:48:38 PM | Computer Name = davesbigmachine | Source = HTTP | ID = 15016
    Description =

    Error - 3/18/2011 7:57:22 PM | Computer Name = davesbigmachine | Source = HTTP | ID = 15016
    Description =

    Error - 3/22/2011 9:55:06 AM | Computer Name = davesbigmachine | Source = HTTP | ID = 15016
    Description =

    Error - 3/22/2011 11:18:21 PM | Computer Name = davesbigmachine | Source = HTTP | ID = 15016
    Description =

    Error - 3/23/2011 11:52:53 AM | Computer Name = davesbigmachine | Source = HTTP | ID = 15016
    Description =

    Error - 3/24/2011 9:47:29 AM | Computer Name = davesbigmachine | Source = HTTP | ID = 15016
    Description =

    Error - 3/25/2011 12:12:54 AM | Computer Name = davesbigmachine | Source = HTTP | ID = 15016
    Description =

    Error - 3/25/2011 11:39:47 AM | Computer Name = davesbigmachine | Source = HTTP | ID = 15016
    Description =


    < End of report >

  6. #6
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Ask Toolbar

    * It promotes its toolbars on sites targeted at kids.
    * It promotes its toolbars through ads that appear to be part of other companies' sites.
    * It promotes its toolbars through other companies' spyware.
    * It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
    * It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
    * It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.




    eMule
    Any form of P2P ( File Sharing ) is dangerous, your downloading that file from an unknown source, malware writers are in tune to this and have been using P2P as one of the latest ways of spreading there wares. You never know whats attached to that file, its like playing Russian Roulette malwarewise.


    You should be able to uninstall them both via Programs and features in the Control Panel.


    Then.....

    Backup Your Registry with ERUNT:
    • Download erunt.zip to your Desktop from here:
      http://aumha.org/downloads/erunt.zip
    • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
    • Inside the new folder, double-click ERUNT.exe to start the program
    • OK all the prompts to back up your registry to the default location.
    Note: to restore your registry, go to the backup folder and start ERDNT.exe







    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
      killallprocesses
      
      :OTL
      O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKU\S-1-5-21-522819725-4015885625-1306769688-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      [2011/03/29 23:29:36 | 000,431,419 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110329-233054.backup
      @Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      
      
      :Services
      
      :Reg
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION] 
      "svchost.exe"=-
      
      :Files
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
    Last edited by ken545; 2011-03-31 at 13:17.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Member
    Join Date
    Mar 2011
    Posts
    30

    Default

    Hi Ken, I uninstalled Emule yesterday before we started talking. I used it one about a month ago. I screened the file I needed with my AV program and haven't used Emule since.
    The Ask toolbar seems to be a problem. It is associated with my PDF program. It is an optional install item. I opted to not install as I hate tool bars, and it doesn't show up in my PDF or browser bars. I am not able to uninstall it though.
    See my attached jpeg screen shot for the error uninstall generates. I am the administrator and I operate at the top level. I continually get this host message too. here is the screen shot of that as well.

    I'll wait for your response before I backup the reg. Also know that I have the ERUNT already, do I really need to Dl again?

    Dave

  8. #8
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    As long as ERUNT is fairly current you can use the one you downloaded if not you can drag it to the trash and redownload it, whatever, just make sure you back up your registry before you proceed with the fix
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Member
    Join Date
    Mar 2011
    Posts
    30

    Default

    I have tried to remove that ASK entry with no success. I even restarted in safe mode and tried to uninstall that way but no luck. Should I still proceed with reg backup?

  10. #10
    Member
    Join Date
    Mar 2011
    Posts
    30

    Default

    I also have been getting this message on startup after the desktop loads, see attached.

    Windows defender
    Application failed to initialize
    Dave

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •