Fake Internet Security infection

Status
Not open for further replies.
S

spot812

New member
My daughter clicked on one of these fake Internet Security 2011 pop-up windows thinking it was our anti-virus program. Now the computer is full of all sorts of crap. SBS&D finds a different group of them every time I run it.
Here is a copy or the DDS.txt log:

DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by hjh at 9:16:04 on 2011-07-17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.201 [GMT -5:00]
.
AV: Antivirus AntiSpyware 2011 *Enabled/Updated* {9B274520-D55D-4F57-9173-7D1449ED449C}
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Antivirus AntiSpyware 2011 *Enabled/Updated* {E4311C85-6614-42D2-9065-843F15EC0358}
FW: Antivirus AntiSpyware 2011 *Enabled*
FW: Antivirus AntiSpyware 2011 *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\HpMmKbd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\hjh\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
dURLSearchHooks: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dll
BHO: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: WhiteSmoke Toolbar: {e4709dfb-a47d-451c-957d-e78d25263cb8} - c:\program files\whitesmoketoolbar\vmntemplateX.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PhotoJoy Bar Toolbar: {CF45C54F-801C-41B5-AC77-57F2BF418EDC} - c:\program files\photojoy_bar\prxtbPhot.dll
TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: WhiteSmoke Toolbar: {e4709dfb-a47d-451c-957d-e78d25263cb8} - c:\program files\whitesmoketoolbar\vmntemplateX.dll
TB: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [cdloader] "c:\documents and settings\hjh\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mRun: [Auto EPSON Stylus CX6600 Series on BOTES-LAPTOP] "c:\windows\system32\spool\drivers\w32x86\3\e_fati9ea.exe" /p47 "auto epson stylus cx6600 series on botes-laptop" /o22 "\\botes-laptop\Printer" /M "Stylus CX6600"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UDC Integration] <no file>
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNDY0NzczNzYwLVFJWDErNC1GMTBNMTBEKzItWDIwMTArMi1MSUMrMi1TUDErMS1TVVArNC1GTDEwKzEtVFVHKzMtU1AxUzQrMS1ERFQrMA"&"prod=90"&"ver=10.0.1382
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [KOQMLYTPE7] c:\windows\temp\Bmq.exe
dRun: [PhotoJoy] c:\program files\photojoy\bin\PhotoJoy.exe /c
StartupFolder: c:\docume~1\hjh\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1703F4D8-EBCB-442F-96F9-C2AB1E4FD6FC} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{899C05AB-F8A8-421F-BD2E-67BC1F66E618} : DHCPNameServer = 68.87.72.130 68.87.77.130 68.87.66.196
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Notify: igfxcui - igfxsrvc.dll
Notify: itlnfw32 - <no file>
Notify: itlntfy - itlnfw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
mASetup: {8A3D586A-C7FE-456E-A9E2-F96EEAF0C7B6} - rundll32.exe "c:\documents and settings\hjh\application data\sun\kfb0.dll", UnregisterDll
IFEO: Your Image File Name Here without a path - ntsd -d
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 67.205.118.181 www.google.com
Hosts: 67.205.118.182 search.yahoo.com
Hosts: 67.205.118.182 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hjh\application data\mozilla\firefox\profiles\yuhqnjyz.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb31e56&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter:
misc.php
- c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-7-6 11608]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2009-3-28 11889]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-6 66616]
R3 hpmmkbd;HP Extended Keyboard;c:\windows\system32\drivers\HPMMKBD.SYS [1999-9-29 15924]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
.
=============== Created Last 30 ================
.
2011-07-17 11:58:52 -------- d-----w- c:\documents and settings\hjh\local settings\application data\Conduit
2011-07-17 11:58:21 -------- d-----w- c:\documents and settings\hjh\application data\vmntemplate
2011-07-17 11:58:19 -------- d-----w- c:\documents and settings\hjh\local settings\application data\PhotoJoy_Bar
2011-07-17 11:58:15 -------- d-----w- c:\documents and settings\hjh\local settings\application data\ConduitEngine
2011-07-07 12:57:41 -------- d-----w- c:\windows\system32\NtmsData
2011-07-07 03:30:13 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-07 03:30:06 -------- d-----w- c:\program files\Avira
2011-07-07 03:30:06 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-07-07 01:11:31 -------- d-----w- c:\program files\Conduit
2011-07-07 01:11:23 -------- d-----w- c:\documents and settings\hjh\application data\whitesmoketoolbar
2011-06-29 05:36:43 -------- d-----w- c:\program files\PhotoJoy
2011-06-29 05:36:43 -------- d-----w- c:\documents and settings\all users\application data\PhotoJoy
2011-06-29 05:29:08 -------- d-----w- c:\program files\ConduitEngine
2011-06-29 05:28:56 -------- d-----w- c:\program files\PhotoJoy_Bar
.
==================== Find3M ====================
.
2011-06-12 20:59:36 1291648 ----a-w- c:\windows\system32\PhotoJoy Screensaver.scr
2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-12 18:45:12 64008 -csh--w- c:\windows\temp\srv1534.tmp
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y160P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x87369439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8736f7d0]; MOV EAX, [0x8736f84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8738FAB8]
3 CLASSPNP[0xF776405B] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005a[0x8733B2A0]
5 ACPI[0xF76DA620] -> nt!IofCallDriver[0x804E37D5] -> [0x873CB940]
\Driver\atapi[0x8738C960] -> IRP_MJ_CREATE -> 0x87369439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_6Y160P0__________________________YAR41BW0#3459543253314550202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8736927F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 9:19:17.71 ===============


The "Attach.txt" zip is also attached.

Please help, I don't know what to do next?

http://forums.spybot.info/showthread.php?p=399981#post399981
 
Last edited by a moderator:
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

You do have a lot of malware ,

Reply to this thread only by using the Submit reply and dont start any new topics, also post for this computer only, we cant work more than one computer per thread, when where done you can start a new topic for the other one.


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
TDSSKiller Log

Thanks for responding, Ken.

:oops:
You have actually helped me before....unfortunately, it appears that I left you hanging on the last thread. I did not mean to do that, and I am sorry to have not closed the tread properly :red:. We were successful, by the way....

....And now on with the case at hand.....

Here is the TDSSKiller Log:

2011/07/23 00:41:32.0062 3580 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/23 00:41:34.0078 3580 ================================================================================
2011/07/23 00:41:34.0078 3580 SystemInfo:
2011/07/23 00:41:34.0078 3580
2011/07/23 00:41:34.0078 3580 OS Version: 5.1.2600 ServicePack: 2.0
2011/07/23 00:41:34.0078 3580 Product type: Workstation
2011/07/23 00:41:34.0078 3580 ComputerName: OFFICE
2011/07/23 00:41:34.0078 3580 UserName: hjh
2011/07/23 00:41:34.0078 3580 Windows directory: C:\WINDOWS
2011/07/23 00:41:34.0078 3580 System windows directory: C:\WINDOWS
2011/07/23 00:41:34.0078 3580 Processor architecture: Intel x86
2011/07/23 00:41:34.0078 3580 Number of processors: 1
2011/07/23 00:41:34.0078 3580 Page size: 0x1000
2011/07/23 00:41:34.0078 3580 Boot type: Normal boot
2011/07/23 00:41:34.0078 3580 ================================================================================
2011/07/23 00:41:35.0781 3580 Initialize success
2011/07/23 00:41:47.0109 1368 ================================================================================
2011/07/23 00:41:47.0109 1368 Scan started
2011/07/23 00:41:47.0109 1368 Mode: Manual;
2011/07/23 00:41:47.0109 1368 ================================================================================
2011/07/23 00:41:49.0234 1368 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/23 00:41:49.0359 1368 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/23 00:41:49.0750 1368 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/07/23 00:41:51.0000 1368 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/07/23 00:41:51.0156 1368 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/07/23 00:41:51.0359 1368 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/07/23 00:41:52.0187 1368 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/23 00:41:52.0296 1368 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/23 00:41:52.0437 1368 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/23 00:41:52.0593 1368 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/23 00:41:52.0812 1368 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/23 00:41:52.0890 1368 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/07/23 00:41:53.0000 1368 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/07/23 00:41:53.0125 1368 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/23 00:41:53.0218 1368 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/23 00:41:53.0328 1368 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/07/23 00:41:53.0406 1368 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/07/23 00:41:53.0484 1368 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/07/23 00:41:53.0718 1368 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/07/23 00:41:53.0968 1368 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/07/23 00:41:54.0093 1368 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/23 00:41:54.0171 1368 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/23 00:41:54.0312 1368 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/23 00:41:54.0421 1368 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/23 00:41:54.0500 1368 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/23 00:41:54.0968 1368 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/23 00:41:55.0109 1368 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/23 00:41:55.0281 1368 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/23 00:41:55.0375 1368 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/23 00:41:55.0453 1368 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/23 00:41:55.0578 1368 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/23 00:41:55.0703 1368 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/23 00:41:55.0796 1368 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/23 00:41:55.0890 1368 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/23 00:41:55.0984 1368 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/23 00:41:56.0078 1368 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/23 00:41:56.0156 1368 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/23 00:41:56.0234 1368 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/23 00:41:56.0609 1368 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/23 00:41:56.0703 1368 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/23 00:41:56.0859 1368 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/23 00:41:56.0984 1368 hpmmkbd (986128df235b8cb6df97766d375e4a26) C:\WINDOWS\system32\DRIVERS\hpmmkbd.sys
2011/07/23 00:41:57.0140 1368 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/23 00:41:57.0250 1368 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/23 00:41:57.0328 1368 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/23 00:41:57.0437 1368 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/23 00:41:57.0656 1368 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/23 00:41:57.0781 1368 ialm (bf5b9dbbee664f046e85c6b853af47de) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/23 00:41:57.0906 1368 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/23 00:41:58.0093 1368 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/23 00:41:58.0171 1368 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/23 00:41:58.0218 1368 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/23 00:41:58.0312 1368 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/23 00:41:58.0390 1368 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/23 00:41:58.0515 1368 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/23 00:41:58.0625 1368 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/23 00:41:58.0703 1368 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/23 00:41:58.0828 1368 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/23 00:41:58.0953 1368 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/23 00:41:59.0062 1368 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/23 00:41:59.0156 1368 kbfilter (bcd30b2adc6041acdf01e55183eae313) C:\WINDOWS\system32\drivers\kbfilter.sys
2011/07/23 00:41:59.0265 1368 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/23 00:41:59.0359 1368 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/23 00:41:59.0546 1368 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/23 00:41:59.0687 1368 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/23 00:41:59.0796 1368 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/23 00:41:59.0968 1368 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/23 00:42:00.0078 1368 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/23 00:42:00.0250 1368 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/23 00:42:00.0640 1368 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/23 00:42:00.0875 1368 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/23 00:42:01.0000 1368 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/23 00:42:01.0109 1368 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/23 00:42:01.0218 1368 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/23 00:42:01.0296 1368 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/23 00:42:01.0375 1368 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/23 00:42:01.0531 1368 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/23 00:42:01.0687 1368 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/23 00:42:01.0953 1368 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/23 00:42:02.0093 1368 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/23 00:42:02.0171 1368 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/23 00:42:02.0250 1368 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/23 00:42:02.0312 1368 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/23 00:42:02.0390 1368 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/23 00:42:02.0484 1368 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/23 00:42:02.0562 1368 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/23 00:42:02.0687 1368 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/23 00:42:02.0812 1368 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/23 00:42:02.0968 1368 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/23 00:42:03.0046 1368 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/23 00:42:03.0125 1368 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/23 00:42:03.0250 1368 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/07/23 00:42:03.0390 1368 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/23 00:42:03.0468 1368 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/23 00:42:03.0531 1368 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/23 00:42:03.0593 1368 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/23 00:42:03.0718 1368 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/23 00:42:03.0796 1368 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/23 00:42:04.0281 1368 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/23 00:42:04.0359 1368 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/23 00:42:04.0453 1368 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/23 00:42:04.0531 1368 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/23 00:42:04.0625 1368 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys
2011/07/23 00:42:05.0000 1368 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/23 00:42:05.0437 1368 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/23 00:42:05.0578 1368 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/23 00:42:05.0671 1368 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/23 00:42:05.0781 1368 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/23 00:42:05.0875 1368 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/23 00:42:06.0031 1368 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/23 00:42:06.0140 1368 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/23 00:42:06.0265 1368 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/07/23 00:42:06.0421 1368 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/07/23 00:42:06.0531 1368 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/23 00:42:06.0734 1368 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/23 00:42:06.0859 1368 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/23 00:42:06.0937 1368 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/23 00:42:07.0031 1368 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/23 00:42:07.0218 1368 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/23 00:42:07.0375 1368 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2011/07/23 00:42:07.0625 1368 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/23 00:42:07.0718 1368 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/23 00:42:07.0843 1368 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/23 00:42:07.0984 1368 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/07/23 00:42:08.0093 1368 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/23 00:42:08.0171 1368 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/23 00:42:08.0281 1368 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/23 00:42:08.0640 1368 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/23 00:42:08.0765 1368 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/23 00:42:08.0906 1368 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/23 00:42:08.0984 1368 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/23 00:42:09.0078 1368 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/23 00:42:09.0203 1368 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/07/23 00:42:09.0359 1368 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/23 00:42:09.0531 1368 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/23 00:42:09.0703 1368 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/23 00:42:09.0796 1368 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/23 00:42:09.0921 1368 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/23 00:42:10.0000 1368 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/23 00:42:10.0078 1368 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/23 00:42:10.0156 1368 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/23 00:42:10.0218 1368 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/23 00:42:10.0281 1368 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/23 00:42:10.0359 1368 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/23 00:42:10.0437 1368 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/23 00:42:10.0671 1368 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys
2011/07/23 00:42:10.0812 1368 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/23 00:42:11.0000 1368 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
2011/07/23 00:42:11.0125 1368 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys
2011/07/23 00:42:11.0265 1368 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/23 00:42:11.0421 1368 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/23 00:42:11.0593 1368 WmBEnum (671db6a9b772b807721147c28faf760f) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/07/23 00:42:11.0671 1368 WmFilter (cffe18db8140b00335221907a694dd01) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/07/23 00:42:11.0781 1368 WmVirHid (2e17ea3b132963e3c07d50d68d2df54e) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/07/23 00:42:11.0859 1368 WmXlCore (0ece3bb49eb9ee42c411a0f1ec39dda9) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/07/23 00:42:11.0968 1368 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/23 00:42:12.0062 1368 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/23 00:42:12.0156 1368 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/23 00:42:12.0359 1368 {6080A529-897E-4629-A488-ABA0C29B635E} (afeffe0f8805fcd47b05cf1fbde08092) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/07/23 00:42:12.0468 1368 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (85a36991a5ceaf9e65c4b743210e759b) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/07/23 00:42:12.0515 1368 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/07/23 00:42:12.0531 1368 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/23 00:42:12.0546 1368 Boot (0x1200) (5db5679ef3bfa001d31b1d46c462e9b6) \Device\Harddisk0\DR0\Partition0
2011/07/23 00:42:12.0578 1368 ================================================================================
2011/07/23 00:42:12.0578 1368 Scan finished
2011/07/23 00:42:12.0578 1368 ================================================================================
2011/07/23 00:42:12.0609 2288 Detected object count: 1
2011/07/23 00:42:12.0609 2288 Actual detected object count: 1
2011/07/23 00:43:16.0875 2288 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/23 00:43:16.0875 2288 \Device\Harddisk0\DR0 - ok
2011/07/23 00:43:16.0875 2288 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/23 00:43:24.0140 2032 Deinitialize success

What do we need to do next?

Thanks,
Brad (spot812)
 
Good Morning Brad,

Looks like TDSSKiller removed the rootkit, lets do this


Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
Malwarebytes Log

Here is the Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7265

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/24/2011 5:44:50 PM
mbam-log-2011-07-24 (17-44-50).txt

Scan type: Quick scan
Objects scanned: 207217
Time elapsed: 28 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A3D586A-C7FE-456E-A9E2-F96EEAF0C7B6} (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A3D586A-C7FE-456E-A9E2-F96EEAF0C7B6} (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\all users\application data\antivirus antispyware 2011 (Rogue.AVAS2011) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\antivirus antispyware 2011\wegxxauds (Rogue.AVAS2011) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\antivirus antispyware 2011\2155.mof (Rogue.AVAS2011) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\antivirus antispyware 2011\wegxxauds\weeawlajds.cfg (Rogue.AVAS2011) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

:cool:

What's next?
 
With the seriousness of the infections and the amount that TDSSkiller and Malwarebytes removed, there is most likely more


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Combofix Log

Here is the Combofix Log:

ComboFix 11-07-27.03 - hjh 07/27/2011 19:42:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.595 [GMT -5:00]
Running from: c:\documents and settings\hjh\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\hjh\Application Data\Sun\mnj.dat
c:\program files\whitesmoketoolbar\vmNTemplatex.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_IAS
-------\Legacy_ITLPERF
-------\Legacy_SRV1534
-------\Service_6to4
-------\Service_Ias
-------\Service_itlperf
-------\Service_srv1534
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-28 00:25 . 2011-07-28 00:25 -------- d-----w- c:\documents and settings\hjh\Application Data\Avira
2011-07-24 21:04 . 2011-07-24 21:04 -------- d-----w- c:\documents and settings\hjh\Application Data\Malwarebytes
2011-07-24 21:03 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-24 21:03 . 2011-07-24 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-24 21:03 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-24 21:03 . 2011-07-24 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-17 12:50 . 2011-07-17 12:50 -------- d-----w- c:\program files\ERUNT
2011-07-17 12:02 . 2011-07-17 12:02 -------- d-----w- c:\program files\Common Files\Java
2011-07-17 11:58 . 2011-07-17 11:58 -------- d-----w- c:\documents and settings\hjh\Local Settings\Application Data\Conduit
2011-07-17 11:58 . 2011-07-17 11:58 -------- d-----w- c:\documents and settings\hjh\Application Data\vmntemplate
2011-07-17 11:58 . 2011-07-28 00:22 -------- d-----w- c:\documents and settings\hjh\Local Settings\Application Data\PhotoJoy_Bar
2011-07-17 09:02 . 2011-07-17 09:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-07 12:57 . 2011-07-07 12:58 -------- d-----w- c:\windows\system32\NtmsData
2011-07-07 03:30 . 2011-07-13 07:00 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-07 03:30 . 2011-07-13 07:00 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-07 03:30 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-07-07 03:30 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-07-07 03:30 . 2011-07-07 03:30 -------- d-----w- c:\program files\Avira
2011-07-07 03:30 . 2011-07-07 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-07-07 01:11 . 2011-07-07 01:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PhotoJoy_Bar
2011-07-07 01:11 . 2011-07-07 01:11 -------- d-----w- c:\program files\Conduit
2011-07-07 01:11 . 2011-07-07 01:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PhotoJoy_Bar
2011-07-07 01:11 . 2011-07-07 01:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit
2011-07-07 01:11 . 2011-07-17 11:59 -------- d-----w- c:\documents and settings\hjh\Application Data\whitesmoketoolbar
2011-06-29 05:36 . 2011-07-07 01:10 -------- d-----w- c:\program files\PhotoJoy
2011-06-29 05:36 . 2011-06-29 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoJoy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-12 20:59 . 2011-06-12 20:59 1291648 ----a-w- c:\windows\system32\PhotoJoy Screensaver.scr
2011-05-04 09:52 . 2010-06-14 02:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2010-06-14 02:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cf45c54f-801c-41b5-ac77-57f2bf418edc}"= "c:\program files\PhotoJoy_Bar\prxtbPhot.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cf45c54f-801c-41b5-ac77-57f2bf418edc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf45c54f-801c-41b5-ac77-57f2bf418edc}]
2011-01-17 21:54 175912 ----a-w- c:\program files\PhotoJoy_Bar\prxtbPhot.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 20:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
"{cf45c54f-801c-41b5-ac77-57f2bf418edc}"= "c:\program files\PhotoJoy_Bar\prxtbPhot.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{cf45c54f-801c-41b5-ac77-57f2bf418edc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CF45C54F-801C-41B5-AC77-57F2BF418EDC}"= "c:\program files\PhotoJoy_Bar\prxtbPhot.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cf45c54f-801c-41b5-ac77-57f2bf418edc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\hjh\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auto EPSON Stylus CX6600 Series on BOTES-LAPTOP"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-03-01 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-05 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-01-13 155648]
"HpMmKbd"="c:\windows\system32\HpMmKbd.exe" [2002-02-08 147456]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-01-13 114688]
"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-03-01 98304]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNDY0NzczNzYwLVFJWDErNC1GMTBNMTBEKzItWDIwMTArMi1MSUMrMi1TUDErMS1TVVArNC1GTDEwKzEtVFVHKzMtU1AxUzQrMS1ERFQrMA&prod=90&ver=10.0.1382" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PhotoJoy"="c:\program files\PhotoJoy\bin\PhotoJoy.exe" [2011-06-12 1025408]
.
c:\documents and settings\hjh\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\hjh\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1772:UDP"= 1772:UDP:Windows Media Format SDK (wmplayer.exe)
"1870:UDP"= 1870:UDP:Windows Media Format SDK (wmplayer.exe)
"1894:UDP"= 1894:UDP:Windows Media Format SDK (wmplayer.exe)
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [3/28/2009 2:58 PM 11889]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/6/2011 10:30 PM 136360]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 hpmmkbd;HP Extended Keyboard;c:\windows\system32\drivers\HPMMKBD.SYS [9/29/1999 10:40 AM 15924]
S2 gupdate1c9970c51c302ca;Google Update Service (gupdate1c9970c51c302ca);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2009 12:45 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2009 12:45 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/24/2011 4:03 PM 41272]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-25 17:40]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-25 05:45]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-25 05:45]
.
2011-07-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2011-07-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 20:06]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\hjh\Application Data\Mozilla\Firefox\Profiles\yuhqnjyz.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb31e56&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-UDC Integration - (no file)
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
Notify-itlntfy - itlnfw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 20:00
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP00000019FDCD41ED54F16597
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2176)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\E_S00RP1.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\SAgent4.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-07-27 20:05:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-28 01:05
.
Pre-Run: 139,797,069,824 bytes free
Post-Run: 140,515,704,832 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - BDB8F0B1360F1D5D1DBD5FF31D65851D


Something unexpected happened after combofix re-booted my machine. Although I had disabled Advir AntiVir, after the re-boot, if was enabled. It detected a virus and gave me the following dialogue:

DETECTED:
TR/KAZY.18771 in C:\windows\tmep\srv1534.tmp
ACCESS TO FILE WAS DENIED. PLEASE SELECT FURTHER ACTION
<<REMOVE>> <<DETAILS>>

I waited until combofix had completed and produced the log. Then I clicked on <<REMOVE>>. It looks like Advir deleted the file "C:\windows\tmep\srv1534.tmp", but I do not know what effect this had on combofix.

Other than that, combofix completed and produced the log included above.

Next? :D:
 
There are a few more things we need to remove but first I need you to go into Add Remove Programs in the Control Panel and see if you can uninstall these, let me know if you where successful or not.

c:\program files\PhotoJoy_Bar
c:\program files\ConduitEngine
Ask Toolbar

Open Malwarebytes , check for updates and run the quick scan again, Whitesmoke may be listed but not checked, check them and remove them all
 
Cleaning up

Hi Ken, here's what I just completed:

Unintstalled:
These uninstalled ok.
c:\program files\PhotoJoy_Bar
c:\program files\ConduitEngine


Ask Toolbar did not uninstall. Here is the error messages I got:
Error 1316 A.
Network error occured while attempting to read from file c:\windows\installer\ask.com

and

Fatal Error during installation

I ran Malwarebytes again. It did not find anything. Here is the latest log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7265

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/29/2011 11:05:31 PM
mbam-log-2011-07-29 (23-05-31).txt

Scan type: Quick scan
Objects scanned: 178925
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


What's next?
 
Run this quick scan and lets see whats left to remove

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
Oldtimer logs part 1 of 2

OTL.txt:

OTL logfile created on: 8/1/2011 6:33:49 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\hjh\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 500.67 Mb Available Physical Memory | 48.97% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 130.55 Gb Free Space | 85.52% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: hjh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\hjh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\hjh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Themes) -- File not found
SRV - (HidServ) -- File not found
SRV - (helpsvc) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (StatusAgent4) -- C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV2_01) EPSON V3 Service2(03) -- C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
SRV - (Pctspk) -- C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (kbfilter) -- C:\WINDOWS\System32\drivers\kbfilter.sys (WayTech Development, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- C:\WINDOWS\system32\drivers\ptserlp.sys (PCTEL, INC.)
DRV - (hpmmkbd) -- C:\WINDOWS\system32\drivers\HPMMKBD.SYS (Hewlett-Packard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 75 D1 6D 6B 4E CC 01 [binary data]
IE - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cb31e56&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/02/05 06:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/06 20:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 20:10:13 | 000,000,000 | ---D | M]

[2011/04/25 16:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Extensions
[2011/07/31 23:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Firefox\Profiles\yuhqnjyz.default\extensions
[2011/04/25 16:03:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Firefox\Profiles\yuhqnjyz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/31 23:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 01:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/13 21:25:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/17 07:02:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/02/05 14:35:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/04/16 13:25:48 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2011/06/14 15:02:51 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2009/02/09 13:58:27 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/02/09 13:58:27 | 000,001,932 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml

O1 HOSTS File: ([2011/07/27 19:59:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Auto EPSON Stylus CX6600 Series on BOTES-LAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] File not found
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HpMmKbd] C:\WINDOWS\System32\HpMmKbd.exe (Hewlett-Packard Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [PhotoJoy] File not found
O4 - HKU\S-1-5-18..\Run: [PhotoJoy] File not found
O4 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/03 13:29:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1202660629-1957994488-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 06:31:10 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hjh\Desktop\OTL.exe
[2011/07/29 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/07/27 19:38:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/27 19:36:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/27 19:36:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/27 19:36:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/27 19:36:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/27 19:36:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/27 19:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\Avira
[2011/07/27 19:24:46 | 004,155,432 | R--- | C] (Swearware) -- C:\Documents and Settings\hjh\Desktop\ComboFix.exe
[2011/07/24 16:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\Malwarebytes
[2011/07/24 16:03:14 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/24 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/24 16:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/24 16:03:06 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/24 16:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/17 09:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hjh\My Documents\My Videos
[2011/07/17 09:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hjh\Start Menu\Programs\Administrative Tools
[2011/07/17 07:51:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/17 07:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/17 07:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/17 07:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Desktop\Inoculation
[2011/07/17 07:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/17 07:02:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/17 07:02:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/17 07:02:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/17 06:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit
[2011/07/17 06:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\vmntemplate
[2011/07/17 06:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/17 06:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine
[2011/07/17 04:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/07/07 07:57:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/07/06 22:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/07/06 22:30:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/07/06 22:30:13 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/06 22:30:13 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/06 22:30:13 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/07/06 22:30:13 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/07/06 22:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/07/06 22:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/07/06 20:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\My Documents\Downloads
[2011/07/06 20:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/06 20:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/06 20:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/07/06 20:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
[2011/07/06 20:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 06:31:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hjh\Desktop\OTL.exe
[2011/08/01 05:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 01:30:18 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/31 14:07:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/31 09:59:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 19:59:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/27 19:58:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 19:38:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/27 19:24:53 | 004,155,432 | R--- | M] (Swearware) -- C:\Documents and Settings\hjh\Desktop\ComboFix.exe
[2011/07/24 16:03:15 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/24 16:03:14 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/23 00:37:57 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\magicJack.lnk
[2011/07/23 00:27:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 22:32:00 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/17 09:26:23 | 000,004,019 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\attach.zip
[2011/07/17 07:50:24 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/17 07:50:13 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\ERUNT.lnk
[2011/07/17 04:05:27 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/13 02:00:36 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/13 02:00:36 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/07 10:35:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/06 22:31:00 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/07/06 20:35:43 | 056,039,816 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\avira_antivir_personal_en.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 19:38:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/27 19:38:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/27 19:36:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/27 19:36:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/27 19:36:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/27 19:36:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/27 19:36:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/24 16:03:15 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/24 16:03:14 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 22:32:02 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/17 22:32:00 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/17 22:32:00 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Internet Explorer.lnk
[2011/07/17 09:26:23 | 000,004,019 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\attach.zip
[2011/07/17 07:50:24 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/17 07:50:13 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\ERUNT.lnk
[2011/07/17 04:05:27 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/06 22:31:00 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/07/06 20:18:30 | 056,039,816 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\avira_antivir_personal_en.exe
[2011/06/26 22:04:59 | 000,001,392 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\448fqp1244v2itbh10ux24jwrf07
[2011/06/26 22:04:59 | 000,001,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\448fqp1244v2itbh10ux24jwrf07
[2011/06/09 07:44:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/03 20:11:40 | 000,208,153 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010/10/03 20:11:39 | 000,000,918 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2009/05/22 15:30:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2009/05/22 15:30:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\RunSetup.dll
[2009/05/04 02:59:07 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2009/04/29 20:46:53 | 000,090,112 | ---- | C] () -- C:\WINDOWS\RSetupCE.exe
[2009/04/16 13:21:01 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/03 17:19:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/03/25 08:17:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/03/22 16:03:10 | 000,000,596 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2009/03/22 16:03:06 | 001,856,107 | ---- | C] () -- C:\WINDOWS\Treasure Planet.dat
[2009/03/22 16:03:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2009/03/22 11:48:06 | 000,000,640 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2009/03/22 11:48:06 | 000,000,536 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2009/03/22 11:42:27 | 000,000,194 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/03/22 10:12:38 | 000,000,079 | ---- | C] () -- C:\WINDOWS\fsplugin.ini
[2009/03/02 12:45:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/02/27 22:43:24 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2009/02/24 21:12:47 | 000,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll
[2009/02/10 23:44:52 | 000,001,747 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/02/10 18:37:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/05 06:10:07 | 000,001,658 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/03 21:52:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/02/03 14:21:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/03 13:31:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/03 13:27:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/03 07:24:22 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2009/02/03 07:24:21 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2009/02/03 07:12:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/03 07:11:23 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/09/03 12:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 12:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 11:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 11:52:00 | 000,436,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 11:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 11:51:54 | 000,069,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 11:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 11:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 11:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 11:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 11:30:33 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/01/22 04:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
[2000/02/23 20:31:22 | 000,003,961 | ---- | C] () -- C:\WINDOWS\System32\HPKBDUNI.DAT
[1999/10/17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL
[1999/10/17 20:01:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20ENU(2).DLL

========== LOP Check ==========

[2011/06/27 06:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/14 17:55:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/17 05:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2009/03/03 05:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/04/10 15:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstalledPackages
[2009/03/04 05:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\livepim
[2010/08/24 14:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/07/06 20:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/05/05 09:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/02/10 21:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/16 00:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SyncClient
[2010/10/03 21:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2009/03/15 16:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/17 05:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{63A9FDE6-FCC7-4E26-A4CF-552A08431B32}
[2009/05/11 13:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/17 12:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hjh\Application Data\AVG10
[2011/07/23 00:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hjh\Application Data\mjusbsp
[2011/07/17 06:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hjh\Application Data\vmntemplate
[2011/07/17 06:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar
[2011/06/14 15:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\whitesmoketoolbar
[2011/08/01 01:30:18 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
 
Oldtimer Logs part 2 of 2

Extras log:

OTL Extras logfile created on: 8/1/2011 6:33:49 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\hjh\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 500.67 Mb Available Physical Memory | 48.97% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 130.55 Gb Free Space | 85.52% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: hjh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1772:UDP" = 1772:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"1870:UDP" = 1870:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"1894:UDP" = 1894:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\hjh\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\hjh\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\PhotoJoy\Bin\PjApp.exe" = C:\Program Files\PhotoJoy\Bin\PjApp.exe:*:Enabled:PhotoJoy


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E190C8E-682A-409D-9329-539E24C9D1C1}" = Opera 10.63
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{465DE3B1-1207-4BBA-828A-0F3ABED81603}" = Treasure Planet: Battle at Procyon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = B44Inst
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D54049D3-256C-4E19-AAE9-861F6B00BF29}" = AGEIA GAME System Software
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2D45137-7631-4824-B285-52742329DE4B}" = Documents To Go
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dungeon Siege Legends of Aranna 1.0" = Dungeon Siege Legends of Aranna
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Flatspace" = Flatspace (remove only)
"Google Updater" = Google Updater
"Heretic Kingdoms" = Heretic Kingdoms - The Inquisition
"Hewlett-Packard Extended Keyboard" = Hewlett-Packard Extended Keyboard
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageElements Picture Framer" = ImageElements Picture Framer
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x Driver Installer
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"LucasArts' TIE Fighter" = LucasArts' TIE Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Maximus XV (Demo)" = Maximus XV (Demo)
"MetalShard Game Engine" = MetalShard Game Engine
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Once Upon a Knight" = Once Upon a Knight
"Pocket Tunes" = Pocket Tunes 5.0.0
"Pocket War" = MetalShard Pocket War
"Product_Name" = Geneforge
"RealPlayer 6.0" = RealPlayer
"RiftSpace" = RiftSpace
"Shop for HP Supplies" = Shop for HP Supplies
"Space Hack Demo" = Space Hack Demo
"Star Wars Galaxy Screensaver_is1" = Star Wars Galaxy Screensaver
"Stickies 6.7a" = Stickies 6.7a
"SwitchSync Ex_is1" = SwitchSync Ex 4.6.1
"System47" = System47 Screen Saver
"Tachyon" = Tachyon
"TVAnts 1.0" = TVAnts 1.0
"Ultravnc2_is1" = UltraVNC 1.0.5
"Universal Document Converter_is1" = Universal Document Converter
"WeatherBug" = WeatherBug
"whitesmoketoolbar" = WhiteSmoke Toolbar
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2011 1:41:26 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/23/2011 2:39:00 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/24/2011 2:39:02 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/24/2011 5:04:33 PM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/25/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/26/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/27/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/29/2011 11:51:45 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

Error - 7/29/2011 11:52:46 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

Error - 7/29/2011 11:58:27 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

[ Application Events ]
Error - 7/23/2011 1:41:26 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/23/2011 2:39:00 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/24/2011 2:39:02 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/24/2011 5:04:33 PM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/25/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/26/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/27/2011 2:38:01 AM | Computer Name = OFFICE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/29/2011 11:51:45 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

Error - 7/29/2011 11:52:46 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

Error - 7/29/2011 11:58:27 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11316
Description = Product: Ask.com Toolbar -- Error 1316.A network error occurred while
attempting to read from the file C:\WINDOWS\Installer\Ask.com Toolbar.msi

[ System Events ]
Error - 7/29/2011 11:52:56 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:56 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/29/2011 11:52:57 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
 
Just some leftovers to remove


Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe







Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses

:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - Reg Error: Key error. File not found
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
[2009/04/16 13:25:48 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
O4 - HKU\.DEFAULT..\Run: [PhotoJoy] File not found
O4 - HKU\S-1-5-18..\Run: [PhotoJoy] File not found
[2011/07/29 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/07/17 06:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit
[2011/07/17 06:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/17 06:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine
[2011/07/06 20:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/06 20:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PhotoJoy_Bar
[2011/07/06 20:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/07/06 20:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
[2011/07/06 20:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar
[2011/07/17 06:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar
[2011/06/14 15:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\whitesmoketoolbar


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
Oldtimer RunFix Log and Run Scan Log

Here is the log produced after the RunFix:

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cf45c54f-801c-41b5-ac77-57f2bf418edc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf45c54f-801c-41b5-ac77-57f2bf418edc}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cf45c54f-801c-41b5-ac77-57f2bf418edc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf45c54f-801c-41b5-ac77-57f2bf418edc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA\ deleted successfully.
C:\Program Files\DNA\plugins\npbtdna.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\PhotoJoy deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\PhotoJoy not found.
C:\Program Files\Ask.com folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\Conduit folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\PhotoJoy_Bar\CacheIcons folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\PhotoJoy_Bar folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Repository\conduit_ConduitEngine\dynamicDialogs folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Repository\conduit_ConduitEngine folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Repository folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\DetectedAppDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\DefualtImages folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs\AddedAppDialog folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine\Dialogs folder moved successfully.
C:\Documents and Settings\hjh\Local Settings\Application Data\ConduitEngine folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\PhotoJoy_Bar\Logs folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\PhotoJoy_Bar folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\PhotoJoy_Bar\Logs folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\PhotoJoy_Bar folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit folder moved successfully.
C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar\weather folder moved successfully.
C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar folder moved successfully.
Folder C:\Documents and Settings\hjh\Application Data\whitesmoketoolbar\ not found.
C:\Documents and Settings\LocalService\Application Data\whitesmoketoolbar folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\hjh\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\hjh\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : comcast.net
IP Address. . . . . . . . . . . . : 192.168.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
C:\Documents and Settings\hjh\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\hjh\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\hjh\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\hjh\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.OFFICE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: hjh
->Temp folder emptied: 9075362 bytes
->Temporary Internet Files folder emptied: 6595999 bytes
->Java cache emptied: 432 bytes
->FireFox cache emptied: 81232949 bytes
->Flash cache emptied: 2747228 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9011334 bytes
->Flash cache emptied: 185898 bytes

User: NetworkService
->Temp folder emptied: 7952 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1712 bytes
->Flash cache emptied: 84418 bytes

User: Owner

%systemdrive% .tmp files removed: 14640 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42883 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 104.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08022011_061652

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\hjh\Local Settings\Temp\~DF5295.tmp not found!
File\Folder C:\Documents and Settings\hjh\Local Settings\Temp\~DFF429.tmp not found!
C:\Documents and Settings\hjh\Local Settings\Temporary Internet Files\Content.IE5\Z5DVG9XB\showthread[3].htm moved successfully.
C:\WINDOWS\temp\HPSLPSVC0000.log moved successfully.

Registry entries deleted on Reboot...

And the OTL and Extra logs after RunScan:

OTL.txt log:

OTL logfile created on: 8/2/2011 6:23:34 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\hjh\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 449.37 Mb Available Physical Memory | 43.95% Memory free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 78.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 130.48 Gb Free Space | 85.48% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: hjh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\hjh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\HPMMKBD.EXE (Hewlett-Packard Corp.)
PRC - C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\hjh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Themes) -- File not found
SRV - (HidServ) -- File not found
SRV - (helpsvc) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (StatusAgent4) -- C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV2_01) EPSON V3 Service2(03) -- C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
SRV - (Pctspk) -- C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (kbfilter) -- C:\WINDOWS\System32\drivers\kbfilter.sys (WayTech Development, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- C:\WINDOWS\system32\drivers\ptserlp.sys (PCTEL, INC.)
DRV - (hpmmkbd) -- C:\WINDOWS\system32\drivers\HPMMKBD.SYS (Hewlett-Packard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 75 D1 6D 6B 4E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cb31e56&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/02/05 06:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/06 20:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 20:10:13 | 000,000,000 | ---D | M]

[2011/04/25 16:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Extensions
[2011/07/31 23:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Firefox\Profiles\yuhqnjyz.default\extensions
[2011/04/25 16:03:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\hjh\Application Data\Mozilla\Firefox\Profiles\yuhqnjyz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/31 23:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 01:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/13 21:25:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/17 07:02:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/02/05 14:35:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/06/14 15:02:51 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2009/02/09 13:58:27 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/02/09 13:58:27 | 000,001,932 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml

O1 HOSTS File: ([2011/08/02 06:17:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus CX6600 Series on BOTES-LAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] File not found
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HpMmKbd] C:\WINDOWS\System32\HpMmKbd.exe (Hewlett-Packard Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/03 13:29:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/02 06:18:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/02 06:16:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/02 06:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Desktop\erunt
[2011/08/01 06:31:10 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hjh\Desktop\OTL.exe
[2011/07/27 19:38:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/27 19:36:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/27 19:36:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/27 19:36:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/27 19:36:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/27 19:36:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/27 19:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\Avira
[2011/07/27 19:24:46 | 004,155,432 | R--- | C] (Swearware) -- C:\Documents and Settings\hjh\Desktop\ComboFix.exe
[2011/07/24 16:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\Malwarebytes
[2011/07/24 16:03:14 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/24 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/24 16:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/24 16:03:06 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/24 16:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/17 09:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hjh\My Documents\My Videos
[2011/07/17 09:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hjh\Start Menu\Programs\Administrative Tools
[2011/07/17 07:51:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/17 07:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/17 07:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/17 07:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Desktop\Inoculation
[2011/07/17 07:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/17 07:02:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/17 07:02:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/17 07:02:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/17 06:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\Application Data\vmntemplate
[2011/07/17 04:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/07/07 07:57:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/07/06 22:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/07/06 22:30:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/07/06 22:30:13 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/06 22:30:13 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/06 22:30:13 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/07/06 22:30:13 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/07/06 22:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/07/06 22:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/07/06 20:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hjh\My Documents\Downloads

========== Files - Modified Within 30 Days ==========

[2011/08/02 06:23:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/02 06:19:35 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/02 06:19:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 06:19:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/02 06:17:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/02 06:12:24 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\erunt.zip
[2011/08/02 05:59:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 06:31:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hjh\Desktop\OTL.exe
[2011/07/27 19:38:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/27 19:24:53 | 004,155,432 | R--- | M] (Swearware) -- C:\Documents and Settings\hjh\Desktop\ComboFix.exe
[2011/07/24 16:03:15 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/24 16:03:14 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/23 00:37:57 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\magicJack.lnk
[2011/07/23 00:27:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 22:32:00 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/17 09:26:23 | 000,004,019 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\attach.zip
[2011/07/17 07:50:24 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/17 07:50:13 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\ERUNT.lnk
[2011/07/17 04:05:27 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/13 02:00:36 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/13 02:00:36 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/07 10:35:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/06 22:31:00 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/07/06 20:35:43 | 056,039,816 | ---- | M] () -- C:\Documents and Settings\hjh\Desktop\avira_antivir_personal_en.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/02 06:12:16 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\erunt.zip
[2011/07/27 19:38:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/27 19:38:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/27 19:36:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/27 19:36:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/27 19:36:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/27 19:36:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/27 19:36:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/24 16:03:15 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/24 16:03:14 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 22:32:02 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/17 22:32:00 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\hjh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/17 22:32:00 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Internet Explorer.lnk
[2011/07/17 09:26:23 | 000,004,019 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\attach.zip
[2011/07/17 07:50:24 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\hjh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/17 07:50:13 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\ERUNT.lnk
[2011/07/17 04:05:27 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/06 22:31:00 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/07/06 20:18:30 | 056,039,816 | ---- | C] () -- C:\Documents and Settings\hjh\Desktop\avira_antivir_personal_en.exe
[2011/06/26 22:04:59 | 000,001,392 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\448fqp1244v2itbh10ux24jwrf07
[2011/06/26 22:04:59 | 000,001,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\448fqp1244v2itbh10ux24jwrf07
[2011/06/09 07:44:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/03 20:11:40 | 000,208,153 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010/10/03 20:11:39 | 000,000,918 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2009/05/22 15:30:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2009/05/22 15:30:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\RunSetup.dll
[2009/05/04 02:59:07 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2009/04/29 20:46:53 | 000,090,112 | ---- | C] () -- C:\WINDOWS\RSetupCE.exe
[2009/04/16 13:21:01 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/03 17:19:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/03/25 08:17:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/03/22 16:03:10 | 000,000,596 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2009/03/22 16:03:06 | 001,856,107 | ---- | C] () -- C:\WINDOWS\Treasure Planet.dat
[2009/03/22 16:03:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2009/03/22 11:48:06 | 000,000,640 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2009/03/22 11:48:06 | 000,000,536 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2009/03/22 11:42:27 | 000,000,194 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/03/22 10:12:38 | 000,000,079 | ---- | C] () -- C:\WINDOWS\fsplugin.ini
[2009/03/02 12:45:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/02/27 22:43:24 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2009/02/24 21:12:47 | 000,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll
[2009/02/10 23:44:52 | 000,001,747 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/02/10 18:37:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/05 06:10:07 | 000,001,658 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/03 21:52:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/02/03 14:21:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/03 13:31:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/03 13:27:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/03 07:24:22 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2009/02/03 07:24:21 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2009/02/03 07:12:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/03 07:11:23 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/09/03 12:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 12:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 11:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 11:52:00 | 000,436,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 11:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 11:51:54 | 000,069,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 11:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 11:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 11:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 11:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 11:30:33 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/01/22 04:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
[2000/02/23 20:31:22 | 000,003,961 | ---- | C] () -- C:\WINDOWS\System32\HPKBDUNI.DAT
[1999/10/17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL
[1999/10/17 20:01:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20ENU(2).DLL

< End of report >

I did not find an Extras.txt log from this scan. Should there be one?

The computer is running much, much better now.
I think we're winning the battle!
What's next..................?
 
Looking Good

Everything seems to be running great.

Thank you, so much, for your help, Ken.

I've almost always used trialware or shareware Anti-Virus protection, however it doesn't seem to be quite enough. I've always used SpyBot S&D, of course, along with whicheve flavor of Antivirus I am using, at the time.

It doesn't seem like any one program "does it all" so it takes a group of anti-virus, anti-malware, anti-spyware, programs etc. Could you make a suggestion of which programs you like to have on your own machines? Freeware is preferable, but I'd be happy to pay for shareware or "donation-ware" if I could be more confident it's catching the greatest amount of potential threats.

Other than that, it looks like we are done here. Please let me know if there are any last steps to be performed before we part company and go our seperate ways..............:bow: :wav: :rockon:
 
With Anti Virus, you just want one, more than one is overkill and can hamper system performance and cause all sorts of issues, just keep Avira, keep it updated and run a scan on a regular basis. Its a nice AV, keep it.

Spybot is also fine to keep.

Malwarebytes is the free version and yours to keep, you can upgrade to the Pro Version ( the cost is minamal..like under $25 I believe ) its just a one time fee, not yearly , the Pro Version includes a Protection Moduale, if you wander into a bad site, you will get a page not found and a pop up from Malwarebytes stating it block a potentially malicious site, but this of course is up to you.


  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


    CF-Uninstall.png



Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups




Safe Surfn
Ken
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
 
Status
Not open for further replies.
Back
Top