click.giftload

[saminblueridge]

I had already downloaded and ran ERUNT before starting this, as part of the "before you post" instructions, so I just ran it again before starting this latest procdure.

When I ran the scan again after posting the "fix" log, it stopped and gave that box with all the numbers again. It took several times of hitting several buttons before it continued with the scan.

Also, since I had just re-booted, a few windows opened up on their own during the scan... things that bug me during reboot, like Compaq connections and such. Hope that didn't throw things off.

Here's the log from the latest scan:

OTL logfile created on: 5/23/2011 10:25:48 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.47% Memory free
2.51 Gb Paging File | 1.94 Gb Available in Paging File | 77.48% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.70 Gb Total Space | 54.10 Gb Free Space | 50.23% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.84 Gb Free Space | 20.57% Space Free | Partition Type: FAT32

Computer Name: COMPY | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\AOL\1127877835\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\AOL 9.1\shellmon.exe (AOL, LLC.)
PRC - C:\Program Files\AOL 9.1\waol.exe (AOL, LLC.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Microsoft\RATTV3\RATT.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Family\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\AOL\ACS\WLHook.dll (America Online)
MOD - C:\Program Files\X-Setup Pro\bin\MSScript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (6to4) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtaa) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
IE - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "http://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/23 08:58:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 19:21:50 | 000,000,000 | ---D | M]

[2008/09/06 19:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Extensions
[2011/05/23 18:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\9d9eo1sn.default\extensions
[2011/01/06 13:40:03 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\9d9eo1sn.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 11:28:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\9d9eo1sn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/23 18:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/04 20:21:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/15 23:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2010/06/04 20:20:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/07/03 19:40:33 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2011/05/23 22:10:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127877835\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RATT.lnk = C:\Program Files\Microsoft\RATTV3\RATT.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\IMStart.lnk = C:\Program Files\InterMute\IMStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add To Compaq Organize... - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\core.hp.main\SendTo.html ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKU\S-1-5-21-2562047764-1144004905-211378315-1008\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.onlinegis.net/download/MgViewer6.0CAB/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119728275187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1119728048812 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/29 19:21:42 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/04/02 04:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2ea44ad2-e1cc-11df-a46a-00038a000015}\Shell\AutoRun\command - "" = H:\rcaDVM_setup.exe
O33 - MountPoints2\{2ea44ad2-e1cc-11df-a46a-00038a000015}\Shell\install\command - "" = H:\rcaDVM_setup.exe
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\AutoRun\command - "" = I:\Autorun.exe /run
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\Shell00\Command - "" = I:\Autorun.exe /run
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\Shell01\Command - "" = I:\Autorun.exe /action
O33 - MountPoints2\{6a9de547-bb36-11dd-a32f-00038a000015}\Shell\Shell02\Command - "" = I:\Autorun.exe /uninstall
O33 - MountPoints2\{a99649a4-4f0c-11de-a350-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{a99649a4-4f0c-11de-a350-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a99649a4-4f0c-11de-a350-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 22:10:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/23 17:36:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/05/22 22:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/05/21 11:35:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/21 11:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/21 11:35:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/21 11:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/21 08:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\tdsskiller
[2011/05/20 22:37:55 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Family\Desktop\aswMBR.exe
[2011/05/16 21:12:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/16 21:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/16 21:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/16 17:01:22 | 000,000,000 | ---D | C] -- C:\8b70df9cc4eccc2620a90a0c
[2011/05/16 11:23:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Family\Recent
[2011/05/16 08:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\Malwarebytes
[2011/05/16 08:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/16 00:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/15 23:28:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/15 23:28:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/15 23:28:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/15 20:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\X-Setup Pro
[2011/05/15 18:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/05/15 17:46:34 | 008,588,616 | ---- | C] (Mozilla) -- C:\Documents and Settings\Family\Desktop\Firefox.exe
[2011/05/15 09:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/05/14 21:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\iPad
[2011/05/14 20:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\IFR PILOT CLUB
[2011/05/14 00:42:03 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/14 00:26:05 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/05/14 00:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/05/14 00:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/05/14 00:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/05/12 20:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/12 12:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/12 12:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/05/12 12:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/11 18:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/11 17:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/11 17:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/05/23 22:20:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/23 22:20:07 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/23 22:20:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/23 22:20:03 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/23 22:19:27 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/23 22:17:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/23 22:10:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/23 17:36:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/05/23 17:31:08 | 000,001,491 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/05/22 03:19:01 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2011/05/21 11:35:06 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/21 07:59:25 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\MBR.dat
[2011/05/21 07:30:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/20 22:38:14 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Family\Desktop\aswMBR.exe
[2011/05/20 22:37:10 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Regfix.reg
[2011/05/20 14:56:26 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Homeschool Tracker Plus.lnk
[2011/05/17 00:29:01 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/17 00:29:01 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/16 21:16:37 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\dds.scr
[2011/05/16 21:12:09 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\ERUNT.lnk
[2011/05/15 22:34:22 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2011/05/15 18:27:19 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/15 17:54:13 | 000,101,606 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\setup.jpg
[2011/05/15 17:47:30 | 008,588,616 | ---- | M] (Mozilla) -- C:\Documents and Settings\Family\Desktop\Firefox.exe
[2011/05/14 23:23:28 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/14 22:45:39 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2011/05/14 00:42:02 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/14 00:42:00 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/05/09 16:57:48 | 000,437,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/09 16:57:48 | 000,069,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/05 22:07:03 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
[2011/05/05 12:21:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/05/21 11:35:06 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 22:39:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\MBR.dat
[2011/05/20 22:37:10 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\Regfix.reg
[2011/05/17 00:29:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/17 00:29:01 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/16 21:16:21 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\dds.scr
[2011/05/16 21:12:09 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\ERUNT.lnk
[2011/05/15 20:00:42 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\X-Setup Pro.lnk
[2011/05/15 18:27:19 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/15 17:54:12 | 000,101,606 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\setup.jpg
[2011/05/14 23:23:28 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/14 16:23:18 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/05/14 00:26:57 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/11 17:54:15 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 17:07:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2011/03/18 11:33:28 | 000,294,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/06 14:02:47 | 000,123,780 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/09 16:46:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVM.INI
[2010/10/17 22:56:46 | 000,000,785 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2009/09/27 17:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/07/08 18:17:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/02/28 20:49:53 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2009/02/28 20:49:53 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2009/02/28 20:49:53 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2009/02/23 10:05:22 | 000,003,588 | ---- | C] () -- C:\WINDOWS\Eq98.ini
[2009/01/05 18:52:12 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\$_hpcst$.hpc
[2008/11/24 14:29:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\JSUMUpdater.ini
[2008/10/16 07:17:09 | 000,000,053 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/15 19:40:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/12/25 17:07:45 | 000,001,087 | ---- | C] () -- C:\WINDOWS\UnitConverter.INI
[2007/09/10 15:45:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\notepad.INI
[2007/03/14 16:00:23 | 000,001,092 | ---- | C] () -- C:\WINDOWS\UnitConverter[1].INI
[2007/03/14 15:43:20 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll
[2007/03/14 15:43:20 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll
[2007/03/14 15:43:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll
[2007/03/14 15:43:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll
[2007/03/14 15:43:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll
[2007/03/14 15:43:19 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll
[2007/03/14 15:43:19 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll
[2007/03/14 15:43:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll
[2007/03/14 15:43:19 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll
[2007/03/14 15:43:19 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll
[2007/03/14 15:43:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll
[2007/03/14 15:43:19 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll
[2007/03/14 15:43:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll
[2007/03/14 15:43:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll
[2007/03/14 15:43:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll
[2007/03/14 15:43:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll
[2007/03/14 15:43:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll
[2007/03/14 15:43:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll
[2007/03/14 15:43:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll
[2007/03/14 15:43:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll
[2007/03/14 15:43:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll
[2007/03/06 00:28:04 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/03/02 16:03:22 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/08 13:25:26 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/02/27 21:07:25 | 000,000,015 | ---- | C] () -- C:\WINDOWS\ACROEXCH.ini
[2005/09/27 12:23:32 | 000,000,496 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/06/03 21:31:33 | 000,000,362 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2005/04/26 18:12:11 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2005/04/26 18:12:11 | 000,029,567 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2005/02/22 13:58:29 | 000,000,132 | ---- | C] () -- C:\WINDOWS\mediachk.ini
[2005/02/22 13:58:29 | 000,000,040 | ---- | C] () -- C:\WINDOWS\sndcheck.ini
[2005/02/22 13:56:37 | 000,000,550 | ---- | C] () -- C:\WINDOWS\MCOMPOS.INI
[2005/02/22 13:56:37 | 000,000,474 | ---- | C] () -- C:\WINDOWS\MHISTORY.INI
[2005/02/19 21:13:01 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2005/02/12 17:36:40 | 000,000,298 | ---- | C] () -- C:\WINDOWS\pib.ini
[2005/01/04 14:44:39 | 000,000,723 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/12/15 13:44:43 | 000,000,026 | ---- | C] () -- C:\WINDOWS\wb00d1se.INI
[2004/11/24 23:31:45 | 000,000,505 | ---- | C] () -- C:\WINDOWS\label.ini
[2004/11/24 23:31:44 | 000,219,168 | ---- | C] () -- C:\WINDOWS\IMGMAN2.DLL
[2004/11/22 19:51:06 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/22 19:40:28 | 000,000,625 | ---- | C] () -- C:\WINDOWS\QAWRITE.INI
[2004/11/22 19:40:05 | 000,000,289 | ---- | C] () -- C:\WINDOWS\QAWIN.INI
[2004/11/22 10:57:51 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ahd3.ini
[2004/11/18 10:10:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/18 10:10:25 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/11/12 20:04:22 | 000,000,097 | ---- | C] () -- C:\WINDOWS\MSINSTR.INI
[2004/11/12 20:04:21 | 000,011,264 | ---- | C] () -- C:\WINDOWS\CATSTUB.EXE
[2004/11/06 12:49:11 | 000,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/10/19 15:54:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2004/10/15 23:03:51 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2004/10/15 07:44:03 | 000,001,491 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/10/15 07:44:00 | 000,005,776 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2004/10/14 10:05:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QFNONL.ini
[2004/10/14 10:05:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/10/14 10:05:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/10/14 09:56:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/10/14 09:54:05 | 000,000,666 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/10/13 21:14:42 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/04/29 19:03:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/04/29 19:03:10 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/04/29 19:02:18 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/04/29 19:02:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/29 17:06:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/04/29 17:06:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/04/29 17:06:39 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/04/29 17:06:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/04/29 17:06:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/03 04:18:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/03 03:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/03 03:36:39 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 20:19:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/04/02 20:18:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/04/02 20:18:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/04/02 20:15:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/02 20:03:59 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66L.exe
[2004/04/02 20:00:40 | 000,027,752 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/02 20:00:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/02 06:01:01 | 000,000,996 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 05:14:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/02 05:08:00 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/04/02 05:04:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/04/02 05:04:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/04/02 05:04:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/04/02 04:43:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 04:34:53 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/02 04:34:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/02 04:34:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/02 04:08:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/02 04:05:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/04/02 04:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/04/02 02:52:53 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/02 02:52:18 | 000,437,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/04/02 02:52:18 | 000,069,352 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/04/01 19:57:08 | 000,005,652 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/04/01 19:56:18 | 000,567,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2004/01/24 03:33:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/08/12 12:59:04 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\zip.exe
[2003/08/12 12:58:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/08/12 12:58:32 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/08/12 12:58:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/08/12 12:58:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/27 13:27:14 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1997/11/11 02:00:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

 

[saminblueridge]

Oh, and yes, everything seems to be running fine. I know you don't have time for a tutorial, since you are busy helping others, but I'm curious to understand more in the logs I'm reading and to really understand more of what we are doing. Any good, clear explanations on the web?

 

[ken545]

Well, kind of hard to explain it all, i have about 8 years of this in my head. If you look at the initial DDS log you posted , at the bottom under ROOTKIT, that pretty much told me what them main problem was. After awhile you can sort of pick out the bad files and they may lead you to another infection that has to be dealt with. All the info I have are on the malware forums and there not accessible to the public, reason being is the bad guys read these forums to see what we are up to in the cleaning and then try to throw a monkey wrench into it, its a never ending game of cat and mouse.


Lets update your Java to make your system more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 25, if not proceed with the instructions.

Download the latest version Here save it, do not install it yet.

Java SE Runtime Environment (JRE)JRE 6 Update 25 <--The wording is confusing but this is what you need

• Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
• Reboot your computer
• Install the latest version

You can verify the installation Here




System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

1. Click Start > Run > copy and paste the following into the run box:
   
   %SystemRoot%\System32\restore\rstrui.exe​
2. Press OK. Choose Create a Restore Point then click Next.
3. Name it (something you'll remember) and click Create.
4. When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points

1. Click Start > Run > copy and paste the following into the run box:
   
   cleanmgr​
2. Choose to scan drive C:\ (if C:\ is your main drive).
3. At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
4. Click on the Yes button.
5. When finished, click on Cancel button to exit.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

 

[saminblueridge]

I have version 6, update 25 already installed, but I have some of the older ones as well. A few questions... I assume I should still delete all of the older versions? Should I delete only older versions, or both older versions and older updates? I was going to paste a screen shot of the various versions and updates of Java I have installed, but I can't seem to get it to paste in.

Basically, I've got:
Java Media Framework 2.1.1c
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SEv1.4.2_06
Java(TM)6 Update 2
Java(TM)6 Update 25
Java(TM)6 Update 3
Java(TM)6 Update 5
Java(TM)6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

I'm thinking I should remove all except possibly the Media Framework and Vers. 6 Update 25, since there are multitudes of updates that appear missing. Bad or incomplete removal on installation?

And, I'll wait to hear back from you before messing with the system restore... just in case I need to do the Java stuff first.

Thanks for the links. I like to have at least a little bit of understanding of what I'm doing!

 

[ken545]

Go ahead an uninstall these, my understanding with the new updates is that it will scan your system and remove old versions, cant hurt to leave them but there taking up disk space on your hard drive


Java(TM)6 Update 3
Java(TM)6 Update 5
Java(TM)6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SEv1.4.2_06

Let me know how it went and how your system is doing ?

 

[saminblueridge]

I removed the old Java versions, set a new restore point and cleaned off all the old points. Used the OTL cleanup as well.

The computer seems to be doing great. I haven't experienced any re-directs on Firefox and a quick look at task manager doesn't show any resources being hogged by svchost.exe.... seems to be operating a decent speed. The CPU Usage History tends to spike high on the performance tab when I do just about anything, but I don't look at it while I'm doing tasks that much, so I suppose it might be fairly common.

I'll let it run all night to be sure, but it looked in good shape after running the past few nights. Before, the memory usage on one of the svchost files would be sky high and it was acting real doggy.

All of this happened, probably quite by coincidence, about the time I let Firefox upgrade to version 4.xx. One of the first things I did was to delete it and install a previous version. The new version seemed to run so much slower. I guess I shouldn't have taken that panic move!

I'm curious about boot up speed now... Might see how that goes... and I guess it's okay to leave the Windows Image Acquisition service off at startup?

Thanks again for the links.

Sam

 

[ken545]

Good Morning,

I just installed Firefox 4 about a week ago and its running a bit faster then the previous version.

May want to read this
http://msdn.microsoft.com/en-us/library/ms630368(v=vs.85).aspx


If you need help with that you can post here
http://forums.whatthetech.com/index.php?showforum=119


Use your computer for a few days and post back and let me know how its going

 

[saminblueridge]

Use your computer for a few days and post back and let me know how its going

Thanks. I'll do that.

 

[saminblueridge]

Everything seems to be working normal. Thank you again for all the help... clear instructions and patience.

Sam

 

[ken545]

Your very welcome Sam

Take care,

Ken