Fake Antivirus Pop-Ups,Browser Redirected

[ken545]

Did you reboot your system ?

 

[ru4real]

no I don't think so.....

 

[ru4real]

I should not of answered so quickly. OTM asked for a reboot and I rebooted....but that was the only time.

 

[ken545]

Go ahead and run a new scan with OTL and post the log please

 

[ru4real]

Here is the new log.....


OTL logfile created on: 1/21/2011 9:16:10 PM - Run 5
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 35.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 802.47 Gb Free Space | 87.57% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Oberon Media\Parts\1.0.0.14\OberonParts.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe (Hewlett-Packard Development Co. L.P.)


========== Modules (SafeList) ==========

MOD - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (X5XSEx_Pr179) -- C:\Program Files (x86)\qZone Games Player\X5XSEx.sys (Exent Technologies Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://start.pogo.iplay.com/?o=shp"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: zoompage@DW-dev:1.9
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1462
FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.1.0.66
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/12 01:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/11/12 21:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/01/07 19:03:19 | 000,000,000 | ---D | M]

[2010/11/08 18:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions
[2010/04/03 23:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/01/21 18:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/01/18 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/12/11 21:16:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\engine@conduit.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\foxmarks@kei.com
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\gamesbar@oberon-media.com
[2010/12/16 22:09:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\LogMeInClient@logmein.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\OberonGameHost@OberonGames.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\personas@christopher.beard
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\tabprogressbar@studio17.wordpress.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\zoompage@DW-dev
[2010/11/23 12:16:00 | 000,000,915 | ---- | M] () -- C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\searchplugins\conduit.xml
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 18:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/01/07 19:03:58 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/11/12 01:39:12 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/11/12 21:57:25 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2010/08/24 03:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/23 20:18:33 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober67310016.xml
[2010/12/09 20:51:07 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober79931215.xml
[2010/12/24 03:04:53 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober91690461.xml

O1 HOSTS File: ([2011/01/07 05:34:28 | 000,002,795 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.174.89.10 www.google.com
O1 - Hosts: 93.174.89.10 google.com
O1 - Hosts: 93.174.89.10 google.com.au
O1 - Hosts: 93.174.89.10 www.google.com.au
O1 - Hosts: 93.174.89.10 google.be
O1 - Hosts: 93.174.89.10 www.google.be
O1 - Hosts: 93.174.89.10 google.com.br
O1 - Hosts: 93.174.89.10 www.google.com.br
O1 - Hosts: 93.174.89.10 google.ca
O1 - Hosts: 93.174.89.10 www.google.ca
O1 - Hosts: 37 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/tumblebugs/sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/21 15:06:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/21 15:05:07 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTM.exe
[2011/01/20 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Desktop\HostsXpert
[2011/01/20 21:44:09 | 000,000,000 | ---D | C] -- C:\HOST
[2011/01/19 14:34:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/19 01:42:48 | 082,812,200 | ---- | C] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 07:24:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/15 07:24:18 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/15 07:24:18 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/15 07:24:18 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/15 07:24:18 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/15 07:24:18 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/15 07:24:18 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/15 07:24:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/15 07:24:18 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/15 07:24:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/15 07:24:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/15 07:24:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/15 07:24:17 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/15 07:24:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/15 07:24:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/15 07:24:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/15 07:24:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/15 07:24:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/15 07:24:06 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/15 07:24:06 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/15 07:11:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:19:05 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Malwarebytes
[2011/01/14 02:18:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/14 02:18:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/14 02:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/14 02:17:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:08 | 000,287,240 | ---- | C] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 01:09:54 | 004,134,056 | ---- | C] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/10 01:17:40 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Bitstream
[2011/01/10 00:52:28 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Documents\Corel User Files
[2011/01/08 04:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\qZone Games Player
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games (Purchase)
[2011/01/08 04:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games Player
[2011/01/07 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/01/07 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/01/07 19:02:43 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 15:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/01/07 15:56:09 | 087,931,976 | ---- | C] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/01/07 15:34:47 | 111,998,120 | ---- | C] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 04:27:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIDFITS
[2011/01/07 04:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\da3680
[2011/01/04 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Corel
[2011/01/04 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2011/01/04 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/01/04 18:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
[2011/01/04 18:26:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/04 02:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011/01/04 01:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2011/01/04 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/12/29 17:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2010/12/29 17:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/12/29 08:49:33 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2010/12/27 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2010/12/26 00:49:50 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/12/26 00:49:39 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitComet
[2010/12/26 00:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet
[2010/12/26 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitTorrent
[2010/12/24 03:07:11 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Pogo Games
[2010/12/24 00:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/12/23 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Arkadium
[2010/12/23 20:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2010/12/23 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2010/12/23 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2010/12/23 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/21 20:42:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/21 17:31:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/21 17:31:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/21 17:24:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/21 17:23:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/21 17:23:46 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/21 15:05:07 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTM.exe
[2011/01/20 21:48:31 | 019,973,448 | ---- | M] () -- C:\Users\Johnson\Desktop\winzip150.exe
[2011/01/20 21:43:38 | 000,353,485 | ---- | M] () -- C:\Users\Johnson\Desktop\HostsXpert.zip
[2011/01/19 23:29:22 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/19 14:43:10 | 000,005,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/19 01:52:22 | 082,812,200 | ---- | M] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 19:55:12 | 000,624,128 | ---- | M] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/15 07:11:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:18:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 02:18:20 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:09 | 000,287,240 | ---- | M] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 21:08:06 | 000,033,280 | ---- | M] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/13 20:45:15 | 005,845,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/13 20:17:50 | 000,081,408 | ---- | M] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 01:10:03 | 004,134,056 | ---- | M] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/11 19:03:02 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,000,065 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:36:32 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 19:36:30 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:36:30 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/07 15:56:14 | 087,931,976 | ---- | M] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 111,998,120 | ---- | M] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 05:34:28 | 000,002,795 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/01/02 20:55:17 | 000,037,376 | ---- | M] () -- C:\Users\Johnson\Documents\Book11 (Autosaved).xls
[2011/01/02 20:46:19 | 000,008,529 | ---- | M] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | M] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:24 | 000,016,711 | ---- | M] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:20 | 001,143,181 | ---- | M] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:42:55 | 000,210,603 | ---- | M] () -- C:\Windows\hpoins21.dat
[2011/01/01 05:34:17 | 002,740,320 | ---- | M] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/31 17:18:59 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/12/29 08:51:07 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 19:56:56 | 327,118,416 | ---- | M] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/25 21:55:32 | 000,164,741 | ---- | M] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/24 03:06:26 | 000,002,212 | ---- | M] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 19:42:37 | 000,164,359 | ---- | M] () -- C:\Users\Johnson\Documents\dakota Child.ai
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/20 21:46:25 | 019,973,448 | ---- | C] () -- C:\Users\Johnson\Desktop\winzip150.exe
[2011/01/20 21:43:36 | 000,353,485 | ---- | C] () -- C:\Users\Johnson\Desktop\HostsXpert.zip
[2011/01/15 19:55:12 | 000,624,128 | ---- | C] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/14 02:18:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 21:03:33 | 000,033,280 | ---- | C] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/11 19:03:02 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,007,542 | ---- | C] () -- C:\Windows\Qwest.ico
[2011/01/08 04:35:34 | 000,000,065 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:03:52 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:03:52 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/02 20:46:19 | 000,008,529 | ---- | C] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | C] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:23 | 000,016,711 | ---- | C] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:16 | 001,143,181 | ---- | C] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:39:06 | 000,210,586 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/01/01 05:39:06 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/01 05:34:09 | 002,740,320 | ---- | C] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/27 19:22:28 | 327,118,416 | ---- | C] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/24 03:06:26 | 000,002,212 | ---- | C] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 18:56:30 | 000,164,359 | ---- | C] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/23 18:04:33 | 000,074,240 | ---- | C] () -- C:\Users\Johnson\Desktop\keygen.exe
[2010/12/03 10:26:26 | 000,229,370 | ---- | C] () -- C:\Users\Johnson\AppData\Local\clear.log
[2010/11/26 03:01:12 | 000,005,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/12 00:01:50 | 000,003,891 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/10 01:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Johnson\AppData\Roaming\wklnhst.dat
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/25 11:08:19 | 000,081,408 | ---- | C] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 19:20:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/09 18:28:54 | 000,000,160 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/08/25 02:31:13 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:958399A2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FF3DA68B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5F132B4F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C5CE2DF6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:029E021F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7ACDD583
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4EFDF5FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:972E051C

< End of report >

 

[ken545]

Hi, Your hosts file is still infected , what where going to remove may be just the tip of the iceburg, something on your system is preventing it from being reset, so try this. Its important that I see the log it produces so before you reboot post the log please

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :processes
  killallprocesses
  
  :OTL
  O1 - Hosts: 74.125.45.100 4-open-davinci.com
  O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
  O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
  O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
  O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
  O1 - Hosts: 74.125.45.100 secure-plus-payments.com
  O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
  O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
  O1 - Hosts: 74.125.45.100 www.getavplusnow.com
  O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
  O1 - Hosts: 74.125.45.100 urs.microsoft.com
  O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
  O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
  O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
  O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
  O1 - Hosts: 93.174.89.10 www.google.com
  O1 - Hosts: 93.174.89.10 google.com
  O1 - Hosts: 93.174.89.10 google.com.au
  O1 - Hosts: 93.174.89.10 www.google.com.au
  O1 - Hosts: 93.174.89.10 google.be
  O1 - Hosts: 93.174.89.10 www.google.be
  O1 - Hosts: 93.174.89.10 google.com.br
  O1 - Hosts: 93.174.89.10 www.google.com.br
  O1 - Hosts: 93.174.89.10 google.ca
  O1 - Hosts: 93.174.89.10 www.google.ca
  
  
  :Services
  
  :Reg
  
  :Files
  
  
  
  :Commands
  [purity]
  [emptytemp]
  [RESETHOSTS]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

 

[ru4real]

Again I got the error message cannot create host file. The fix ran about 2 seconds before the message popped up. I don't know if this will help you but at the bottom of OTL, below the progress bar, it says
"Processing 01-Hosts:74.125.45.100 4-open-davinci.com..."

 

[ken545]

Lets try running the fix in Safemode

To Enter Safemode

• Go to Start> Shut off your Computer> Restart
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  this will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
• Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

 

[ru4real]

The fix ran in safemode. Here is the log....

All processes killed
========== PROCESSES ==========
========== OTL ==========
74.125.45.100 4-open-davinci.com removed from HOSTS file successfully
74.125.45.100 securitysoftwarepayments.com removed from HOSTS file successfully
74.125.45.100 privatesecuredpayments.com removed from HOSTS file successfully
74.125.45.100 getantivirusplusnow.com removed from HOSTS file successfully
74.125.45.100 secure-plus-payments.com removed from HOSTS file successfully
74.125.45.100 www.getavplusnow.com removed from HOSTS file successfully
74.125.45.100 safebrowsing-cache.google.com removed from HOSTS file successfully
74.125.45.100 urs.microsoft.com removed from HOSTS file successfully
74.125.45.100 www.securesoftwarebill.com removed from HOSTS file successfully
74.125.45.100 secure.paysecuresystem.com removed from HOSTS file successfully
74.125.45.100 paysoftbillsolution.com removed from HOSTS file successfully
74.125.45.100 protected.maxisoftwaremart.com removed from HOSTS file successfully
93.174.89.10 www.google.com removed from HOSTS file successfully
93.174.89.10 google.com removed from HOSTS file successfully
93.174.89.10 google.be removed from HOSTS file successfully
93.174.89.10 google.ca removed from HOSTS file successfully
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest.Johnson-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Janice Child
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johnson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 397561 bytes
->Java cache emptied: 5616700 bytes
->FireFox cache emptied: 41103454 bytes
->Flash cache emptied: 3335 bytes

User: Public

User: Riley

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73046 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.2 log created on 01222011_140324

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Here is the log when I ran OTL again......

OTL logfile created on: 1/22/2011 2:16:32 PM - Run 6
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 38.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 802.60 Gb Free Space | 87.58% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Oberon Media\Parts\1.0.0.14\OberonParts.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe (Hewlett-Packard Development Co. L.P.)


========== Modules (SafeList) ==========

MOD - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (X5XSEx_Pr179) -- C:\Program Files (x86)\qZone Games Player\X5XSEx.sys (Exent Technologies Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://start.pogo.iplay.com/?o=shp"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: zoompage@DW-dev:1.9
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1462
FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.1.0.66
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/12 01:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/11/12 21:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/01/07 19:03:19 | 000,000,000 | ---D | M]

[2010/11/08 18:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions
[2010/04/03 23:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/01/21 18:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/01/18 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/12/11 21:16:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\engine@conduit.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\foxmarks@kei.com
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\gamesbar@oberon-media.com
[2010/12/16 22:09:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\LogMeInClient@logmein.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\OberonGameHost@OberonGames.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\personas@christopher.beard
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\tabprogressbar@studio17.wordpress.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\zoompage@DW-dev
[2010/11/23 12:16:00 | 000,000,915 | ---- | M] () -- C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\searchplugins\conduit.xml
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 18:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/01/07 19:03:58 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/11/12 01:39:12 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/11/12 21:57:25 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2010/08/24 03:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/23 20:18:33 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober67310016.xml
[2010/12/09 20:51:07 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober79931215.xml
[2010/12/24 03:04:53 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober91690461.xml

O1 HOSTS File: ([2011/01/22 14:03:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/tumblebugs/sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/21 15:06:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/21 15:05:07 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTM.exe
[2011/01/20 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Desktop\HostsXpert
[2011/01/20 21:44:09 | 000,000,000 | ---D | C] -- C:\HOST
[2011/01/19 14:34:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/19 01:42:48 | 082,812,200 | ---- | C] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 07:24:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/15 07:24:18 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/15 07:24:18 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/15 07:24:18 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/15 07:24:18 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/15 07:24:18 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/15 07:24:18 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/15 07:24:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/15 07:24:18 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/15 07:24:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/15 07:24:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/15 07:24:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/15 07:24:17 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/15 07:24:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/15 07:24:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/15 07:24:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/15 07:24:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/15 07:24:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/15 07:24:06 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/15 07:24:06 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/15 07:11:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:19:05 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Malwarebytes
[2011/01/14 02:18:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/14 02:18:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/14 02:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/14 02:17:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:08 | 000,287,240 | ---- | C] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 01:09:54 | 004,134,056 | ---- | C] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/10 01:17:40 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Bitstream
[2011/01/10 00:52:28 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Documents\Corel User Files
[2011/01/08 04:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\qZone Games Player
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games (Purchase)
[2011/01/08 04:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games Player
[2011/01/07 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/01/07 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/01/07 19:02:43 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 15:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/01/07 15:56:09 | 087,931,976 | ---- | C] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/01/07 15:34:47 | 111,998,120 | ---- | C] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 04:27:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIDFITS
[2011/01/07 04:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\da3680
[2011/01/04 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Corel
[2011/01/04 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2011/01/04 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/01/04 18:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
[2011/01/04 18:26:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/04 02:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011/01/04 01:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2011/01/04 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/12/29 17:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2010/12/29 17:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/12/29 08:49:33 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2010/12/27 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2010/12/26 00:49:50 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/12/26 00:49:39 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitComet
[2010/12/26 00:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet
[2010/12/26 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitTorrent
[2010/12/24 03:07:11 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Pogo Games
[2010/12/24 00:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/12/23 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Arkadium
[2010/12/23 20:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2010/12/23 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2010/12/23 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2010/12/23 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/22 14:14:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/22 14:14:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/22 14:07:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/22 14:06:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/22 14:06:52 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/22 14:03:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/01/22 13:42:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/21 15:05:07 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTM.exe
[2011/01/20 21:48:31 | 019,973,448 | ---- | M] () -- C:\Users\Johnson\Desktop\winzip150.exe
[2011/01/20 21:43:38 | 000,353,485 | ---- | M] () -- C:\Users\Johnson\Desktop\HostsXpert.zip
[2011/01/19 23:29:22 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/19 14:43:10 | 000,005,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/19 01:52:22 | 082,812,200 | ---- | M] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 19:55:12 | 000,624,128 | ---- | M] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/15 07:11:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:18:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 02:18:20 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:09 | 000,287,240 | ---- | M] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 21:08:06 | 000,033,280 | ---- | M] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/13 20:45:15 | 005,845,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/13 20:17:50 | 000,081,408 | ---- | M] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 01:10:03 | 004,134,056 | ---- | M] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/11 19:03:02 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,000,065 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:36:32 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 19:36:30 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:36:30 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/07 15:56:14 | 087,931,976 | ---- | M] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 111,998,120 | ---- | M] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/02 20:55:17 | 000,037,376 | ---- | M] () -- C:\Users\Johnson\Documents\Book11 (Autosaved).xls
[2011/01/02 20:46:19 | 000,008,529 | ---- | M] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | M] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:24 | 000,016,711 | ---- | M] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:20 | 001,143,181 | ---- | M] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:42:55 | 000,210,603 | ---- | M] () -- C:\Windows\hpoins21.dat
[2011/01/01 05:34:17 | 002,740,320 | ---- | M] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/31 17:18:59 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/12/29 08:51:07 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 19:56:56 | 327,118,416 | ---- | M] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/25 21:55:32 | 000,164,741 | ---- | M] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/24 03:06:26 | 000,002,212 | ---- | M] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 19:42:37 | 000,164,359 | ---- | M] () -- C:\Users\Johnson\Documents\dakota Child.ai
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/20 21:46:25 | 019,973,448 | ---- | C] () -- C:\Users\Johnson\Desktop\winzip150.exe
[2011/01/20 21:43:36 | 000,353,485 | ---- | C] () -- C:\Users\Johnson\Desktop\HostsXpert.zip
[2011/01/15 19:55:12 | 000,624,128 | ---- | C] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/14 02:18:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 21:03:33 | 000,033,280 | ---- | C] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/11 19:03:02 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,007,542 | ---- | C] () -- C:\Windows\Qwest.ico
[2011/01/08 04:35:34 | 000,000,065 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:03:52 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:03:52 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/02 20:46:19 | 000,008,529 | ---- | C] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | C] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:23 | 000,016,711 | ---- | C] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:16 | 001,143,181 | ---- | C] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:39:06 | 000,210,586 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/01/01 05:39:06 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/01 05:34:09 | 002,740,320 | ---- | C] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/27 19:22:28 | 327,118,416 | ---- | C] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/24 03:06:26 | 000,002,212 | ---- | C] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 18:56:30 | 000,164,359 | ---- | C] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/23 18:04:33 | 000,074,240 | ---- | C] () -- C:\Users\Johnson\Desktop\keygen.exe
[2010/12/03 10:26:26 | 000,229,370 | ---- | C] () -- C:\Users\Johnson\AppData\Local\clear.log
[2010/11/26 03:01:12 | 000,005,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/12 00:01:50 | 000,003,891 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/10 01:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Johnson\AppData\Roaming\wklnhst.dat
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/25 11:08:19 | 000,081,408 | ---- | C] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 19:20:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/09 18:28:54 | 000,000,160 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/08/25 02:31:13 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:958399A2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FF3DA68B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5F132B4F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C5CE2DF6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:029E021F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7ACDD583
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4EFDF5FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:972E051C

< End of report >

 

[ken545]

:bigthumb:

I suspect the Kaspersky Internet Security was blocking that program from running. Your hosts file was infected and the older infected copies where removed and it was reset back to Microsoft defaults. Do you understand what the hosts file does ?


BitComet
BitTorrent
If you continue to use programs like these I can guarantee 100 % that you will become reinfected. It may be how you got infected in the first place. Your downloading that file from an unknown source, malware writers are in tune to this and using File Sharing as one of the latest ways to infect your system. Doing what I do and knowing what I know I would never allow any form of P2P programs on any of my systems. You can remove them via Programs and Features in the Control Panel.



Please run this free online virus scanner from ESET

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic and let me know how your system is running now.

 

[ru4real]

My computer is running so much better. Thanks! Here is the log file:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=317140a51722d543955950d3df7d444a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-23 01:37:59
# local_time=2011-01-22 07:37:59 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1280 16777215 100 0 376628 376628 0 0
# compatibility_mode=5893 16776574 100 94 23074631 47286655 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=246171
# found=0
# cleaned=0
# scan_time=3475

 

[ken545]

:bigthumb:

You need to update your Java, it will make your system more secure

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

 

[ru4real]

Thank you so much for all your help. You guys are all wonderful!!!

 

[ken545]

Your very welcome

Take care,
Ken

 

[ken545]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.