Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Analyzing Log


  • This topic is locked This topic is locked
16 replies to this topic

#1 goatman1969

goatman1969

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 13 February 2012 - 08:46 AM

My laptop is becoming increasingly slower. I run normal malware, spyware removers, but nothing seems to help. Can someone analyze my HijackThis log and see if there is anything in it. Thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:07 AM, on 2/13/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://*.roxionow.com
O15 - Trusted Zone: http://*.sonic.com
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_96d42668\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files (x86)\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_96d42668\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12815 bytes

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 18 February 2012 - 06:43 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 goatman1969

goatman1969
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 19 February 2012 - 02:02 PM

etavares,
Thanks for the help. Posted below are the logs you requested:


OTL logfile created on: 2/19/2012 10:39:21 AM - Run 3
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Nikki.Morris-PC\Contacts\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 43.79% Memory free
7.71 Gb Paging File | 5.69 Gb Available in Paging File | 73.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.18 Gb Total Space | 160.70 Gb Free Space | 56.35% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS

Computer Name: MORRIS-PC | User Name: Nikki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nikki.Morris-PC\Contacts\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_96d42668\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_96d42668\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (Agere Systems)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (nmraapache) -- C:\Program Files (x86)\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\32D.tmp (Sophos Plc)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (pelmouse) -- C:\Windows\SysNative\DRIVERS\pelmouse.sys (Primax Electronics Ltd.)
DRV:64bit: - (pelusblf) -- C:\Windows\SysNative\DRIVERS\pelusblf.sys (Primax Electronics Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 89 3D F2 01 20 4B 1F 40 A6 EA 0A AF 20 00 02 D8 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 89 3D F2 01 20 4B 1F 40 A6 EA 0A AF 20 00 02 D8 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 89 3D F2 01 20 4B 1F 40 A6 EA 0A AF 20 00 02 D8 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 89 3D F2 01 20 4B 1F 40 A6 EA 0A AF 20 00 02 D8 [binary data]

IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 89 3D F2 01 20 4B 1F 40 A6 EA 0A AF 20 00 02 D8 [binary data]
IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Morris\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/23 06:33:23 | 000,000,000 | ---D | M]

[2010/10/28 05:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/04/13 12:41:46 | 000,431,577 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14881 more lines...
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-916651007-1981763186-2707641320-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\SysNative\ICO.EXE (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-916651007-1981763186-2707641320-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-916651007-1981763186-2707641320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-916651007-1981763186-2707641320-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..Trusted Domains: sonic.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96D50C44-296C-4075-9F43-3242863730B1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3FC9B04-B582-4C6F-9982-BFF4E7B3699F}: DhcpNameServer = 192.168.254.254 192.168.254.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Nikki.Morris-PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nikki.Morris-PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpFolder: C:^Users^Morris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk - C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe - (Sony Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: CLMLServer for HP TouchSmart - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: DVDAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: HP Health Check Scheduler - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: hpWirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: iXL_MiddleWare - hkey= - key= - C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe (Fisher-Price)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: nmapp - hkey= - key= - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
MsConfig:64bit - StartUpReg: nmctxth - hkey= - key= - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RoxioNowMediaManagerApp - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: RTHDBPL - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig:64bit - StartUpReg: TSMAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: TVAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePDIRShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/19 10:37:42 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\OTL.exe
[2012/02/12 20:29:50 | 000,000,000 | ---D | C] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\uTorrent
[2009/06/07 10:17:58 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/19 10:40:51 | 000,050,477 | ---- | M] () -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\Defogger.exe
[2012/02/19 10:37:49 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\OTL.exe
[2012/02/19 09:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/19 03:20:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/19 03:20:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 23:23:20 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/18 23:23:20 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/18 23:23:20 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/17 09:28:46 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/13 09:35:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/13 09:19:58 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/27 18:54:49 | 000,407,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/26 19:33:17 | 000,000,104 | ---- | M] () -- C:\Users\Nikki.Morris-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer - Shortcut.lnk
[2012/01/22 13:09:34 | 000,062,086 | ---- | M] () -- C:\Users\Nikki.Morris-PC\Documents\KYIEP2011.pdf
[2012/01/22 13:07:54 | 000,062,086 | ---- | M] () -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\KYIEP2011.pdf
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/19 10:40:50 | 000,050,477 | ---- | C] () -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\Defogger.exe
[2012/02/13 09:19:58 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/02/13 09:19:58 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/26 19:33:17 | 000,000,104 | ---- | C] () -- C:\Users\Nikki.Morris-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer - Shortcut.lnk
[2012/01/22 13:09:34 | 000,062,086 | ---- | C] () -- C:\Users\Nikki.Morris-PC\Documents\KYIEP2011.pdf
[2012/01/22 13:06:51 | 000,062,086 | ---- | C] () -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\KYIEP2011.pdf
[2011/10/20 21:42:22 | 000,000,802 | ---- | C] () -- C:\Users\Nikki.Morris-PC\AppData\Roaming\wklnhst.dat
[2011/09/14 11:11:24 | 000,077,379 | ---- | C] () -- C:\Windows\hpqins05.dat.temp
[2011/05/08 21:16:37 | 000,002,450 | ---- | C] () -- C:\Windows\esdraw.ini
[2011/05/08 21:16:13 | 000,002,411 | ---- | C] () -- C:\Windows\esdrawsa.ini
[2011/05/08 21:16:13 | 000,000,053 | ---- | C] () -- C:\Windows\esdrawkey.ini
[2011/04/09 10:17:12 | 000,000,067 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/01/12 10:20:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/12 10:20:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/12 10:20:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/12 10:20:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/12 10:20:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/07 21:59:07 | 000,000,120 | ---- | C] () -- C:\Users\Nikki.Morris-PC\AppData\Local\Fyamoqoxevuqad.dat
[2011/01/07 21:59:07 | 000,000,000 | ---- | C] () -- C:\Users\Nikki.Morris-PC\AppData\Local\Gboqiw.bin
[2010/01/22 19:08:09 | 000,016,384 | ---- | C] () -- C:\Users\Nikki.Morris-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/12/10 11:17:47 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\AnvSoft
[2009/12/10 11:19:39 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\Any Video Converter
[2010/10/20 18:54:09 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\AVG
[2010/10/28 19:39:28 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\AVG10
[2010/09/11 22:23:21 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/23 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\com.Shutterfly.ExpressUploader
[2011/02/27 14:54:06 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\Fisher-Price
[2009/10/01 21:05:31 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\FreeImageConverter
[2011/04/05 09:09:45 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\FrostWire
[2010/11/05 14:03:33 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\GARMIN
[2009/10/30 14:27:09 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\Hewlett Packard
[2012/01/22 21:48:24 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\ICAClient
[2010/03/05 07:29:42 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\ieSpell
[2011/01/18 20:05:25 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\Individual Software
[2011/08/04 13:35:21 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\IObit
[2011/01/11 19:34:31 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\Logs
[2011/08/07 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\MP3Rocket
[2010/01/12 19:07:28 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\PeerNetworking
[2011/08/04 13:59:08 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\Snapfish
[2009/05/03 23:39:52 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\Template
[2011/04/05 09:09:45 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\uTorrent
[2009/04/25 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\Morris\AppData\Roaming\WildTangent
[2009/04/25 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\WildTangent
[2010/11/28 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\com.Shutterfly.ExpressUploader
[2010/12/22 18:02:31 | 000,000,000 | ---D | M] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\Fisher-Price
[2012/01/13 22:09:37 | 000,000,000 | ---D | M] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\ICAClient
[2010/12/31 18:37:18 | 000,000,000 | ---D | M] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\ieSpell
[2011/08/04 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\IObit
[2011/01/22 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\MP3Rocket
[2010/06/04 11:19:29 | 000,000,000 | ---D | M] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\PlayFirst
[2011/08/02 13:43:30 | 000,000,000 | ---D | M] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\Snapfish
[2011/10/20 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\Template
[2012/02/12 22:07:40 | 000,000,000 | ---D | M] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\uTorrent
[2012/02/13 09:35:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/29 08:47:33 | 000,022,528 | ---- | M] () -- C:\aaw7boot.log
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/08/18 23:03:00 | 000,193,867 | ---- | M] () -- C:\ComboFix.txt
[2012/02/17 09:28:46 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/06 21:13:41 | 000,359,256 | ---- | M] (Hewlett-Packard) -- C:\hpzids40.dll
[2010/05/30 11:30:22 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/02/17 09:28:42 | 042,876,927 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/11/03 00:11:36 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/11/03 00:11:36 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/11/03 00:11:36 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-19 14:01:41
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bff1e3
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186bff1e3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186bff1e3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186bff1e3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186bff1e3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186bff1e3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186bff1e3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186bff1e3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186bff1e3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\002186bff1e3 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 5120 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{1e317c09-5637-11e0-a809-00235a2c1c8d}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{1e317c09-5637-11e0-a809-00235a2c1c8d}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{1e317c09-5637-11e0-a809-00235a2c1c8d}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\IEXPLORE.EXE-BC8A94AF.pf 19396 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 476 bytes

---- EOF - GMER 1.0.15 ----

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 20 February 2012 - 08:40 AM

Hello, goatman1969.

Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  • Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  • Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  • Click OK at the first message box.
  • Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  • Click OK.
  • Click Yes to create the new folder.
  • You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.


You're get an error about ERUNT on every boot...just ignore it. It's not harmful and it will go away once we uninstall it once we no longer need the safety net.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    O3 - HKU\S-1-5-21-916651007-1981763186-2707641320-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
    O3 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" File not found
    O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" File not found
    O4 - HKU\S-1-5-21-916651007-1981763186-2707641320-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
    MsConfig:64bit - StartUpReg: RoxioNowMediaManagerApp - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: RTHDBPL - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0B4227B4
    :files
    C:\Users\Nikki.Morris-PC\AppData\Local\Fyamoqoxevuqad.dat
    C:\Users\Nikki.Morris-PC\AppData\Local\Gboqiw.bin
    :commands
    [EmptyTemp]
    
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 4

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 goatman1969

goatman1969
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 20 February 2012 - 01:54 PM

etavares,

Thanks so much for the help. Below are the requested logs:


All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-916651007-1981763186-2707641320-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-916651007-1981763186-2707641320-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-916651007-1981763186-2707641320-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_USERS\S-1-5-21-916651007-1981763186-2707641320-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater deleted successfully.
Registry value HKEY_USERS\S-1-5-21-916651007-1981763186-2707641320-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Registry value HKEY_USERS\S-1-5-21-916651007-1981763186-2707641320-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\RoxioNowMediaManagerApp\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\RTHDBPL\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SunJavaUpdateSched\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\WMPNSCFG\ not found.
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
========== FILES ==========
C:\Users\Nikki.Morris-PC\AppData\Local\Fyamoqoxevuqad.dat moved successfully.
C:\Users\Nikki.Morris-PC\AppData\Local\Gboqiw.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Morris
->Temp folder emptied: 1317260333 bytes
->Temporary Internet Files folder emptied: 81040360 bytes
->Java cache emptied: 5615988 bytes
->Flash cache emptied: 57010 bytes

User: Nikki
->Temp folder emptied: 11081728 bytes

User: Nikki.Morris-PC
->Temp folder emptied: 851002 bytes
->Temporary Internet Files folder emptied: 70626658 bytes
->Java cache emptied: 687625 bytes
->Flash cache emptied: 58684 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1000448 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 639827 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 70287 bytes
RecycleBin emptied: 1179099 bytes

Total Files Cleaned = 1,421.00 mb


OTL by OldTimer - Version 3.2.33.0 log created on 02202012_090102

Files\Folders moved on Reboot...
C:\Users\Morris\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Nikki.Morris-PC\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Nikki.Morris-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYURYH8D\page__p__2595606__fromsearch__1[1].htm moved successfully.
C:\Users\Nikki.Morris-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\SysNative\32D.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\AESTAC64.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\AESTAR64.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\D78A.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\stapo64.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



OTL logfile created on: 2/20/2012 9:13:09 AM - Run 4
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Nikki.Morris-PC\Contacts\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 60.61% Memory free
7.68 Gb Paging File | 6.11 Gb Available in Paging File | 79.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.18 Gb Total Space | 160.54 Gb Free Space | 56.29% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
Drive F: | 7.53 Gb Total Space | 7.53 Gb Free Space | 99.93% Space Free | Partition Type: FAT32

Computer Name: MORRIS-PC | User Name: Nikki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nikki.Morris-PC\Contacts\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_96d42668\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_96d42668\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (Agere Systems)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (nmraapache) -- C:\Program Files (x86)\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\32D.tmp (Sophos Plc)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (pelmouse) -- C:\Windows\SysNative\DRIVERS\pelmouse.sys (Primax Electronics Ltd.)
DRV:64bit: - (pelusblf) -- C:\Windows\SysNative\DRIVERS\pelusblf.sys (Primax Electronics Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 89 3D F2 01 20 4B 1F 40 A6 EA 0A AF 20 00 02 D8 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 89 3D F2 01 20 4B 1F 40 A6 EA 0A AF 20 00 02 D8 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 89 3D F2 01 20 4B 1F 40 A6 EA 0A AF 20 00 02 D8 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 89 3D F2 01 20 4B 1F 40 A6 EA 0A AF 20 00 02 D8 [binary data]

IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Morris\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/23 06:33:23 | 000,000,000 | ---D | M]

[2010/10/28 05:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/04/13 12:41:46 | 000,431,577 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14881 more lines...
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\SysNative\ICO.EXE (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - Startup: C:\Users\Nikki.Morris-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-916651007-1981763186-2707641320-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96D50C44-296C-4075-9F43-3242863730B1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3FC9B04-B582-4C6F-9982-BFF4E7B3699F}: DhcpNameServer = 192.168.254.254 192.168.254.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Nikki.Morris-PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nikki.Morris-PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/20 09:01:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/20 08:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/20 08:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/02/19 18:07:28 | 000,000,000 | ---D | C] -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\New Folder
[2012/02/19 11:21:39 | 000,000,000 | ---D | C] -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\gmer
[2012/02/19 10:37:42 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\OTL.exe
[2012/02/12 20:29:50 | 000,000,000 | ---D | C] -- C:\Users\Nikki.Morris-PC\AppData\Roaming\uTorrent
[2012/01/27 18:23:19 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/27 18:23:14 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/27 18:23:13 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/27 18:23:08 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/27 18:23:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/27 18:23:07 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/27 18:23:07 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/27 18:23:06 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/27 18:23:06 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/27 18:23:05 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/27 18:23:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/27 18:23:05 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/27 18:23:04 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/27 18:23:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/27 18:23:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/27 18:23:04 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/27 18:23:04 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/27 18:23:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/27 18:23:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/27 18:23:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/27 18:23:03 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/27 18:23:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/27 18:23:03 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/27 18:23:03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/27 18:23:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/27 18:22:55 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/27 18:22:55 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/27 18:22:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/27 18:22:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/27 18:22:50 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/01/27 18:22:34 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/27 18:22:32 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/27 18:22:27 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/27 18:22:26 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/27 18:22:25 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/27 18:22:24 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/01/27 18:22:23 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/01/27 18:22:21 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/27 18:22:18 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/27 18:22:17 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/27 18:22:17 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/27 18:22:16 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/27 18:22:12 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2012/01/27 18:22:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll
[2012/01/27 18:22:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll
[2012/01/27 18:22:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll
[2012/01/27 18:22:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
[2012/01/27 18:21:55 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/27 18:21:54 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2009/06/07 10:17:58 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/20 09:14:51 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/20 09:14:51 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/20 09:14:51 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/20 09:08:12 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 09:08:12 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 09:08:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/20 09:07:58 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/20 09:06:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/20 08:56:12 | 000,000,943 | ---- | M] () -- C:\Users\Nikki.Morris-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/19 10:56:35 | 000,000,000 | ---- | M] () -- C:\Users\Nikki.Morris-PC\defogger_reenable
[2012/02/19 10:40:51 | 000,050,477 | ---- | M] () -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\Defogger.exe
[2012/02/19 10:37:49 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\OTL.exe
[2012/02/13 09:19:58 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/27 18:54:49 | 000,407,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/26 19:33:17 | 000,000,104 | ---- | M] () -- C:\Users\Nikki.Morris-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer - Shortcut.lnk
[2012/01/22 13:09:34 | 000,062,086 | ---- | M] () -- C:\Users\Nikki.Morris-PC\Documents\KYIEP2011.pdf
[2012/01/22 13:07:54 | 000,062,086 | ---- | M] () -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\KYIEP2011.pdf
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 08:56:12 | 000,000,943 | ---- | C] () -- C:\Users\Nikki.Morris-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/19 10:56:35 | 000,000,000 | ---- | C] () -- C:\Users\Nikki.Morris-PC\defogger_reenable
[2012/02/19 10:40:50 | 000,050,477 | ---- | C] () -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\Defogger.exe
[2012/02/13 09:19:58 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/02/13 09:19:58 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/26 19:33:17 | 000,000,104 | ---- | C] () -- C:\Users\Nikki.Morris-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer - Shortcut.lnk
[2012/01/22 13:09:34 | 000,062,086 | ---- | C] () -- C:\Users\Nikki.Morris-PC\Documents\KYIEP2011.pdf
[2012/01/22 13:06:51 | 000,062,086 | ---- | C] () -- C:\Users\Nikki.Morris-PC\Contacts\Desktop\KYIEP2011.pdf
[2011/10/20 21:42:22 | 000,000,802 | ---- | C] () -- C:\Users\Nikki.Morris-PC\AppData\Roaming\wklnhst.dat
[2011/09/14 11:11:24 | 000,077,379 | ---- | C] () -- C:\Windows\hpqins05.dat.temp
[2011/05/08 21:16:37 | 000,002,450 | ---- | C] () -- C:\Windows\esdraw.ini
[2011/05/08 21:16:13 | 000,002,411 | ---- | C] () -- C:\Windows\esdrawsa.ini
[2011/05/08 21:16:13 | 000,000,053 | ---- | C] () -- C:\Windows\esdrawkey.ini
[2011/04/09 10:17:12 | 000,000,067 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/01/12 10:20:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/12 10:20:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/12 10:20:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/12 10:20:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/12 10:20:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/22 19:08:09 | 000,016,384 | ---- | C] () -- C:\Users\Nikki.Morris-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.20.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19170
Nikki :: MORRIS-PC [administrator]

2/20/2012 9:31:09 AM
mbam-log-2012-02-20 (09-31-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226095
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Users\Nikki.Morris-PC\Downloads\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application deleted -

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 20 February 2012 - 05:30 PM

Looking good...how is the ESET scan going?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 goatman1969

goatman1969
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 20 February 2012 - 05:40 PM

The last portion of my last post was the results of the ESET scan. It found one thing and removed it. Here is another copy of it:

C:\Users\Nikki.Morris-PC\Downloads\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application deleted -

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 21 February 2012 - 06:28 AM

Hello, goatman1969.

Sorry, I missed that. Nothing major in the logs. When is your computer slow?

Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 30 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 24
    Java 6 Update 26
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 goatman1969

goatman1969
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 23 February 2012 - 07:33 AM

Computer is just normally slow when surfing the web. Seems like it takes forever for pages to load. I have another laptop and it works great. I just thought I may have picked up something that was slowing it down.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 23 February 2012 - 08:43 PM

Potentially. What browser are you using?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 goatman1969

goatman1969
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 23 February 2012 - 09:27 PM

IE 8, with windows vista.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 24 February 2012 - 06:04 PM

Go to Start --> All Programs --> Accessories --> System Tools --> Internet Explorer (no Add-ons)

Try browsing with that...is it still slow with no addons?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 goatman1969

goatman1969
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 24 February 2012 - 06:57 PM

Seems like it helped some. Will I need any of the add-ons?

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 25 February 2012 - 09:06 AM

No, you don't need them, but you want want some of them.

In IE8, go to Tools --> Manage Add Ons. You'll see a list of add ons (specifically Toolbars and Extensions)...right-click and select 'disable' for any you don't really need. You do want to keep Shockwave Flash Object and Microsoft Silverlight as many websites won't display properly without those. That will bring normal mode closer to the no add on mode in terms of speed. YOu can also experiment and see which add on it slowing down your browsing. It may be flash...if so uninstall via Add/Remove Programs and then go to http://get.adobe.com/flashplayer/?promoid=BUIGP to download the current version.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 goatman1969

goatman1969
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 27 February 2012 - 03:22 PM

Thanks for all the help. It seems to be a little faster. It could also be time for an upgrade too.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users