Open Cloud Av

jacquefromla · Oct 26, 2011

I just noticed my MSE had turned orange down by the clock so I clicked on it and it said it hadnt been updated in 7 days. It wasnt on the first try when clicked the update tab but after clicking around a bit I got the update to install tonight. I am running a MSE quick scan now that I got that updated manually but the windows security alerts is still red because auto updates is off.

i did erunt
I did OTL but it did not reboot itself after.......this is the log from step 2 run Fix

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1835168029-1601604798-751144177-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\nA01602EgMcH01602 folder moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 10262011_000952

jacquefromla · Oct 26, 2011

Step 2 run OTL scan - I see that Ask.com on this log but I swear it is not on my add/remove programs list?

OTL logfile created on: 10/26/2011 12:14:18 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 71.62 Mb Available Physical Memory | 14.23% Memory free
1.20 Gb Paging File | 0.57 Gb Available in Paging File | 47.25% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 128.04 Gb Free Space | 70.94% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.06% Space Free | Partition Type: FAT32
Drive K: | 1.90 Gb Total Space | 1.87 Gb Free Space | 98.26% Space Free | Partition Type: FAT

Computer Name: YOUR-AE066C3A9B | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/24 10:59:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2011/09/28 23:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/03/31 20:34:36 | 000,243,000 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Search Protection\YspService.exe
PRC - [2010/02/06 10:45:24 | 003,043,840 | ---- | M] (abelhadigital.com) -- C:\Program Files\HostsMan\hm.exe
PRC - [2009/05/08 03:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\common\YMailAdvisor.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/06 01:05:48 | 002,550,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/07/01 18:58:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/03/12 04:23:52 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/18 08:20:01 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/28 23:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/23 10:44:42 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko7\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/13 17:11:52 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/03/18 23:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/10/25 23:51:08 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDAB53FA-DA6F-431C-90AD-4912678E0A44}\MpKsl06127d58.sys -- (MpKsl06127d58)
DRV - [2006/12/20 04:01:08 | 000,094,848 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bsusbser.sys -- (bsusbser)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/19 17:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/07/17 04:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/06 23:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 17:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 18:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/07/18 16:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 11:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 17:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 14:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D3F9D703-682F-4A54-B106-7D19FA44DD72}: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{D3F9D703-682F-4A54-B106-7D19FA44DD72}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 18:47:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/16 20:03:29 | 000,000,000 | ---D | M]

[2010/01/12 11:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2010/01/12 11:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/25 10:28:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions
[2010/07/06 09:14:32 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/16 14:16:08 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}(2)
[2011/10/24 23:14:05 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/10/21 21:30:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/18 23:30:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/16 14:16:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)
[2011/10/25 11:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\staged
[2011/10/16 12:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/16 12:46:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/16 12:46:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/16 12:46:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/25 09:12:46 | 000,000,056 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe ()
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCA507B5-39ED-4482-9891-99716DCB2EC4}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/27 11:55:35 | 000,000,752 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2005/08/13 15:48:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 00:09:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/24 23:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\FireShot
[2011/10/24 11:26:10 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\HP_Owner\Desktop\aswMBR.exe
[2011/10/24 10:59:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/10/20 20:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/10/20 12:43:25 | 000,423,952 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\msgr11us.exe
[2011/10/16 13:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/16 13:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/16 13:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/10/16 13:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/16 12:46:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/16 12:46:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/16 12:46:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/16 12:46:37 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/16 12:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups
[2011/10/16 12:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\abelhadigital.com
[2011/10/16 12:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2011/10/16 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HostsMan
[2011/10/16 12:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan
[2011/10/11 13:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/10 18:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/10/10 18:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/10/08 18:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/08 18:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/08 18:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/08 11:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\WINDOWS
[2011/10/08 11:44:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/08 11:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/10/06 23:32:56 | 000,000,000 | ---D | C] -- C:\Junction

========== Files - Modified Within 30 Days ==========

[2011/10/26 00:07:05 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 00:06:27 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/26 00:06:18 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\NTREGOPT.lnk
[2011/10/26 00:06:18 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ERUNT.lnk
[2011/10/26 00:04:02 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to erunt-setup.lnk
[2011/10/25 23:22:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/25 23:07:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/25 09:12:46 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/10/25 08:20:15 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/25 08:16:31 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/10/25 08:15:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/24 11:29:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\MBR.dat
[2011/10/24 11:26:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Owner\Desktop\aswMBR.exe
[2011/10/24 10:59:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/10/24 10:49:05 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2011/10/24 10:23:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/21 23:12:13 | 000,690,581 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\DSC02287.JPG
[2011/10/20 20:07:57 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/20 20:07:57 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/10/20 12:43:20 | 000,423,952 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\msgr11us.exe
[2011/10/19 12:56:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/18 08:20:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/17 21:11:20 | 000,502,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.ehm
[2011/10/17 21:08:51 | 000,502,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak
[2011/10/16 13:32:29 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/16 12:46:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/16 12:46:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/16 12:46:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/16 12:46:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/16 12:46:19 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/15 23:31:23 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 14:08:30 | 000,024,876 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ns3.jpg
[2011/10/14 14:08:14 | 000,818,659 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ns2.png
[2011/10/14 14:07:54 | 000,032,799 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ns1.jpg
[2011/10/08 18:47:11 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/08 14:05:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/08 11:56:09 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/08 11:56:09 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/06 23:29:01 | 000,079,623 | ---- | M] () -- C:\Junction.zip

========== Files Created - No Company Name ==========

[2011/10/26 00:06:27 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/26 00:04:34 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\NTREGOPT.lnk
[2011/10/26 00:04:34 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ERUNT.lnk
[2011/10/26 00:04:02 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to erunt-setup.lnk
[2011/10/24 11:29:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\MBR.dat
[2011/10/24 10:49:05 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2011/10/22 21:21:52 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/20 20:07:57 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/10/20 20:07:56 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/16 13:32:29 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/16 13:18:29 | 000,818,659 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ns2.png
[2011/10/16 13:18:29 | 000,032,799 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ns1.jpg
[2011/10/16 13:18:29 | 000,024,876 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ns3.jpg
[2011/10/16 12:30:52 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/08 18:47:11 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/08 14:05:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/08 11:56:09 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/06 23:29:34 | 000,079,623 | ---- | C] () -- C:\Junction.zip
[2011/03/31 23:27:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/12 18:44:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/08 01:20:59 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2010/02/25 18:43:07 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/22 09:58:35 | 000,007,337 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2010/02/22 09:58:17 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010/02/18 14:52:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2010/01/10 17:22:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/01/10 16:52:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/01/10 14:34:00 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/07 04:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2006/06/10 09:17:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/06/08 21:03:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/08/13 15:50:16 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2005/08/13 15:46:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/13 15:46:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/13 15:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/13 15:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/13 15:46:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/13 15:46:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/19 11:08:56 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/02/27 11:28:59 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/19 00:29:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/10/14 14:22:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/16 14:09:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/16 14:09:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/16 14:08:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/16 14:08:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/16 14:08:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/16 14:08:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/16 14:08:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/16 14:07:43 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/08 08:16:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 14:39:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/08/07 14:39:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/07 14:39:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/07 14:34:39 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/07 14:33:31 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/08/07 14:28:27 | 000,026,939 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/07 14:27:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/07 14:17:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/07 13:50:45 | 000,094,339 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2004/08/07 13:50:45 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2004/08/07 13:33:07 | 000,089,028 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2004/08/07 13:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2004/08/07 13:24:38 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2004/08/07 13:24:38 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2004/08/07 13:17:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/07 13:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/08/07 13:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/08/07 13:02:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/08/07 12:26:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/07 12:26:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/07 12:25:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/07 12:07:48 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 12:06:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 12:01:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/07 11:47:30 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/07 11:47:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/07 11:47:05 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 11:47:05 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 11:46:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/07 04:55:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 04:54:52 | 000,197,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/06/29 05:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/07 18:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2004/02/27 17:10:30 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/05/15 21:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin
[2003/03/06 22:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/23 10:30:00 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2003/01/23 10:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/24 18:38:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll

< End of report >

jacquefromla · Oct 26, 2011

step 3 in process will post log when I get on my pc next.

etavares · Oct 26, 2011

OK, I'll keep an eye out for the ESET Log.

jacquefromla · Oct 26, 2011

eset scan

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP742\A0111187.exe probably a variant of Win32/Adware.Gamevance.BE application cleaned by deleting - quarantined

etavares · Oct 27, 2011

Hello, jacquefromla.
Interesting...nothing wrong with that...just an inactive remannt of a past adware program. Let's bring out Combofix again.

Step 1

We need run an OTL Script
Please download OTL from one of the following mirrors if you do not still have it.

This is first Mirror

This is the second mirror

Save it to your desktop.

Double click on the icon on your desktop.
Paste the following code under the Custom Scans/Fixes box at the bottom.
Code:
:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
Click the Run Fix button at the top.

let the program run unhindered and reboot when it is done.

You will get a log when it is done, please post that in your reply.

Please then create a new OTL report....

Click the "Scan All Users" checkbox.

Push the button.

A report will open, copy and paste it in a reply here.
Step 2

Next, please download ComboFix from one of these locations:

Bleepingcomputer

InfoSpyware

* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)

Double click on etavaresCF.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares

jacquefromla · Oct 27, 2011

:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"

jacquefromla · Oct 27, 2011

ComboFix 11-10-27.06 - HP_Owner 10/27/2011 17:59:31.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.122 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Owner\Application Data\qaaQH66dW7fR9TXOpen Cloud AV.ico
c:\documents and settings\HP_Owner\WINDOWS
c:\documents and settings\Jacque2\WINDOWS
c:\program files\msn\msncorefiles\copymar.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-27 16:10 . 2011-10-27 16:10 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2008D7B4-759D-46B1-A284-5DD2E944C96C}\MpKsl857ee6bd.sys
2011-10-27 16:10 . 2011-10-27 16:10 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2008D7B4-759D-46B1-A284-5DD2E944C96C}\offreg.dll
2011-10-26 17:21 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2008D7B4-759D-46B1-A284-5DD2E944C96C}\mpengine.dll
2011-10-26 07:09 . 2011-10-26 07:09 -------- d-----w- C:\_OTL
2011-10-25 06:22 . 2011-10-25 06:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\FireShot
2011-10-16 20:31 . 2011-10-16 20:31 -------- d-----w- c:\program files\iPod
2011-10-16 20:27 . 2011-10-16 20:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-10-16 20:26 . 2011-10-16 20:26 -------- d-----w- c:\program files\Bonjour
2011-10-16 19:46 . 2011-10-03 09:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-16 19:06 . 2011-10-18 03:52 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\abelhadigital.com
2011-10-16 19:06 . 2011-10-16 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\abelhadigital.com
2011-10-16 19:05 . 2011-10-16 19:05 -------- d-----w- c:\program files\HostsMan
2011-10-11 20:22 . 2011-10-11 20:22 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-10-11 01:16 . 2011-10-26 07:06 -------- d-----w- c:\program files\ERUNT
2011-10-09 01:56 . 2011-10-16 20:32 -------- d-----w- c:\program files\iTunes
2011-10-08 18:45 . 2011-10-08 18:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-08 18:07 . 2011-10-08 18:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-10-07 06:32 . 2011-10-08 18:44 -------- d-----w- C:\Junction
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 00:56 . 2010-02-18 22:28 60416 -c--a-w- c:\windows\ALCFDRTM.VER
2011-10-18 15:20 . 2011-05-20 16:23 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 06:29 . 2011-10-07 06:29 79623 ----a-w- C:\Junction.zip
2011-10-07 03:48 . 2011-08-09 09:16 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 12:06 . 2011-01-13 18:22 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-29 06:53 . 2011-05-29 18:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-04 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-04-01 243000]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"SoundMan"="SOUNDMAN.EXE" [2004-07-02 73728]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 2550272]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-12 172032]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
.
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-7 16423]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 MpKsl857ee6bd;MpKsl857ee6bd;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2008D7B4-759D-46B1-A284-5DD2E944C96C}\MpKsl857ee6bd.sys [10/27/2011 9:10 AM 28752]
S1 MpKsl049efb00;MpKsl049efb00;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F607885-F432-49E0-AFCF-10442A397CCA}\MpKsl049efb00.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F607885-F432-49E0-AFCF-10442A397CCA}\MpKsl049efb00.sys [?]
S1 MpKsl249fbd53;MpKsl249fbd53;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D8F8F72-D226-4045-80A6-4592A3B4E1E6}\MpKsl249fbd53.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D8F8F72-D226-4045-80A6-4592A3B4E1E6}\MpKsl249fbd53.sys [?]
S1 MpKsl3cee1944;MpKsl3cee1944;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{037819EF-4BEA-41D9-9967-2E5B968F4363}\MpKsl3cee1944.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{037819EF-4BEA-41D9-9967-2E5B968F4363}\MpKsl3cee1944.sys [?]
S1 MpKsl45223b5f;MpKsl45223b5f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BB1A852-CF19-492C-97E8-37E0CB7C10E4}\MpKsl45223b5f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BB1A852-CF19-492C-97E8-37E0CB7C10E4}\MpKsl45223b5f.sys [?]
S1 MpKsl5e722e23;MpKsl5e722e23;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B808906-70BA-48A0-8161-C5B55E75244D}\MpKsl5e722e23.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B808906-70BA-48A0-8161-C5B55E75244D}\MpKsl5e722e23.sys [?]
S1 MpKsl7724aec5;MpKsl7724aec5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{202F7923-48F5-45BC-9B3E-7685C6F11198}\MpKsl7724aec5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{202F7923-48F5-45BC-9B3E-7685C6F11198}\MpKsl7724aec5.sys [?]
S1 MpKsle60d8728;MpKsle60d8728;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6E56731-67B9-4D97-851C-3E533853BC8A}\MpKsle60d8728.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6E56731-67B9-4D97-851C-3E533853BC8A}\MpKsle60d8728.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 3:16 PM 135664]
S3 bsusbser;Basecom USB Adapter;c:\windows\system32\drivers\bsusbser.sys [12/20/2006 4:01 AM 94848]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 3:16 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL857EE6BD
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:16]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:16]
.
2011-10-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-27 18:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-27 18:11:11
ComboFix-quarantined-files.txt 2011-10-28 01:11
.
Pre-Run: 138,608,111,616 bytes free
Post-Run: 138,655,731,712 bytes free
.
- - End Of File - - 84AC41163264924347DD180F35751CA0

etavares · Oct 28, 2011

Hello, jacquefromla.

Can you update now?

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:
Code:
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares

jacquefromla · Oct 28, 2011

Well its finally able to download and install the updates, hopefully this log looks good to you.
I regret ever admitting to recently downloading a torrent. I thought it might show up in the logs so I didnt hesitate to tell you, sorry for the hassle as this might be a record for trying to remove a bug off my PC. Thank You for your patience too.

ComboFix 11-10-27.06 - HP_Owner 10/28/2011 10:58:50.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.175 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 17:53 . 2011-10-28 17:53 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11B696E5-0081-41E6-B9C7-F7580D8D2E86}\MpKsldce2dcb1.sys
2011-10-28 17:50 . 2011-10-28 17:50 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11B696E5-0081-41E6-B9C7-F7580D8D2E86}\offreg.dll
2011-10-28 17:50 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11B696E5-0081-41E6-B9C7-F7580D8D2E86}\mpengine.dll
2011-10-28 16:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-28 16:16 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-10-26 07:09 . 2011-10-26 07:09 -------- d-----w- C:\_OTL
2011-10-25 06:22 . 2011-10-25 06:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\FireShot
2011-10-16 20:31 . 2011-10-16 20:31 -------- d-----w- c:\program files\iPod
2011-10-16 20:27 . 2011-10-16 20:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-10-16 20:26 . 2011-10-16 20:26 -------- d-----w- c:\program files\Bonjour
2011-10-16 19:46 . 2011-10-03 09:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-16 19:06 . 2011-10-18 03:52 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\abelhadigital.com
2011-10-16 19:06 . 2011-10-16 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\abelhadigital.com
2011-10-16 19:05 . 2011-10-16 19:05 -------- d-----w- c:\program files\HostsMan
2011-10-11 20:22 . 2011-10-11 20:22 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-10-11 01:16 . 2011-10-26 07:06 -------- d-----w- c:\program files\ERUNT
2011-10-09 01:56 . 2011-10-16 20:32 -------- d-----w- c:\program files\iTunes
2011-10-08 18:45 . 2011-10-08 18:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-08 18:07 . 2011-10-08 18:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-10-07 06:32 . 2011-10-08 18:44 -------- d-----w- C:\Junction
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 00:56 . 2010-02-18 22:28 60416 -c--a-w- c:\windows\ALCFDRTM.VER
2011-10-18 15:20 . 2011-05-20 16:23 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 06:29 . 2011-10-07 06:29 79623 ----a-w- C:\Junction.zip
2011-10-07 03:48 . 2011-08-09 09:16 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 12:06 . 2011-01-13 18:22 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-09-26 18:41 . 2011-09-26 18:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-16 21:08 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-16 21:08 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-07 18:46 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-07 18:47 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 23:48 . 2004-08-07 18:47 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-07 18:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-07 18:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-07 18:46 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-07 18:46 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-29 06:53 . 2011-05-29 18:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-04 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-28_01.08.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-28 17:02 . 2011-10-28 17:02 16384 c:\windows\Temp\Perflib_Perfdata_7f0.dat
- 2010-01-09 16:30 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2010-01-09 16:30 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2004-08-07 18:47 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-07 18:47 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 12:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 12:31 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-07 18:46 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-07 18:46 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-16 21:08 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2011-02-14 18:38 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-02-14 18:38 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-16 21:08 . 2011-09-26 18:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
- 2004-08-07 18:47 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-07 18:47 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2011-02-14 18:38 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-02-14 18:38 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-07 18:46 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-07 18:46 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-07 18:46 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-07 18:46 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-07-08 21:00 . 2011-07-08 21:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-09-23 23:55 . 2010-09-23 23:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-07-07 19:04 . 2011-07-07 19:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 10:26 . 2010-09-23 10:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 10:26 . 2010-09-23 10:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-07-07 19:04 . 2011-07-07 19:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-09-23 10:26 . 2010-09-23 10:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-07-07 19:03 . 2011-07-07 19:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-07-07 20:09 . 2011-07-07 20:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-09-23 11:17 . 2010-09-23 11:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-09-23 11:17 . 2010-09-23 11:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-07-07 20:09 . 2011-07-07 20:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2004-08-07 21:17 . 2011-07-13 10:02 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2004-08-07 21:17 . 2011-10-28 16:52 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2004-08-07 21:17 . 2011-07-13 10:02 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2004-08-07 21:17 . 2011-10-28 16:52 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2004-08-07 21:17 . 2011-10-28 16:52 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2004-08-07 21:17 . 2011-07-13 10:02 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2004-08-07 21:17 . 2011-10-28 16:52 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2004-08-07 21:17 . 2011-07-13 10:02 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-10-24 03:02 . 2011-04-22 09:04 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-24 03:02 . 2011-10-28 16:54 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 10240 c:\windows\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_29dea58e\VJSWfcBrowserStubLib.dll
+ 2011-10-28 16:41 . 2011-10-28 16:41 16896 c:\windows\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_09c7c76f\VJSWfcBrowserStubLib.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 32768 c:\windows\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a_3e439e75\vjslibcw.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 69632 c:\windows\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_7636f52c\VJSharpCodeProvider.dll
+ 2011-10-28 16:41 . 2011-10-28 16:41 18432 c:\windows\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_426f027b\vjscor.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 20480 c:\windows\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_0eda052f\vjscor.dll
+ 2011-10-28 16:39 . 2011-10-28 16:39 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e6b49598\System.Drawing.Design.dll
+ 2011-10-28 16:39 . 2011-10-28 16:39 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c1fb36f0\CustomMarshalers.dll
+ 2011-10-28 16:39 . 2011-10-28 16:39 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-02-25 11:03 . 2011-02-25 11:03 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2004-08-07 21:17 . 2011-07-13 10:02 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-08-07 21:17 . 2011-10-28 16:52 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-08-07 18:47 . 2011-04-26 11:07 293376 c:\windows\system32\winsrv.dll
+ 2004-08-07 18:47 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll
+ 2004-08-07 18:47 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
- 2004-08-07 18:47 . 2009-03-08 12:34 105984 c:\windows\system32\url.dll
+ 2004-08-07 18:47 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
- 2004-08-07 18:47 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
- 2004-08-07 18:47 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
+ 2004-08-07 18:47 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 12:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 12:32 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
- 2004-08-07 18:46 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
+ 2004-08-07 18:46 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
- 2004-08-07 18:46 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-07 18:46 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-07 18:46 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
- 2004-08-07 11:54 . 2011-10-16 06:31 197752 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-07 11:54 . 2011-10-28 17:02 197752 c:\windows\system32\FNTCACHE.DAT
- 2004-08-07 18:59 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2004-08-07 18:59 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2004-08-07 18:47 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
- 2004-08-07 18:47 . 2011-04-29 16:19 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2010-10-25 05:25 . 2011-04-18 20:18 165648 c:\windows\system32\drivers\MpFilter.sys
- 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
- 2004-08-07 18:47 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-07 18:47 . 2011-08-22 23:48 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-07 18:47 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-07 18:47 . 2009-03-08 12:34 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-07 18:59 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2004-08-07 18:59 . 2008-04-14 00:13 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2004-08-16 21:08 . 2011-09-26 18:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2004-08-07 18:47 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-07 18:47 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-07 18:47 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-07 18:47 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
+ 2011-02-14 18:38 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2011-02-14 18:38 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-01-09 16:26 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-01-09 16:26 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2011-02-14 18:38 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2011-02-14 18:38 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2004-08-07 18:46 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-07 18:46 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-02-14 18:38 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2011-02-14 18:38 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-07 18:46 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-07 18:46 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-07 18:46 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-09-09 09:12 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
- 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2010-09-23 10:26 . 2010-09-23 10:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-07-07 19:04 . 2011-07-07 19:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-07-07 19:01 . 2011-07-07 19:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-09-23 10:25 . 2010-09-23 10:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-07-07 20:09 . 2011-07-07 20:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-09-23 11:17 . 2010-09-23 11:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-10-28 16:17 . 2011-10-28 16:17 785920 c:\windows\Installer\1592f.msi
+ 2011-10-28 16:16 . 2011-10-28 16:16 483840 c:\windows\Installer\1590d.msi
+ 2011-10-28 16:15 . 2011-10-28 16:15 301056 c:\windows\Installer\15904.msi
+ 2004-08-07 21:17 . 2011-10-28 16:52 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2004-08-07 21:17 . 2011-07-13 10:02 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2004-08-07 21:17 . 2011-07-13 10:02 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2004-08-07 21:17 . 2011-10-28 16:52 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2004-08-07 21:17 . 2011-07-13 10:02 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2004-08-07 21:17 . 2011-10-28 16:52 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2004-08-07 21:17 . 2011-07-13 10:02 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2004-08-07 21:17 . 2011-10-28 16:52 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2004-08-07 21:17 . 2011-10-28 16:52 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2004-08-07 21:17 . 2011-07-13 10:02 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-10-28 16:42 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll
+ 2011-10-28 16:42 . 2009-03-08 12:34 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll
+ 2011-10-28 16:42 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll
+ 2011-10-28 16:42 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe
+ 2011-10-28 16:42 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll
+ 2011-10-28 16:42 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe
+ 2011-10-28 15:58 . 2011-10-28 15:58 212992 c:\windows\ERDNT\AutoBackup\10-28-2011\Users\00000002\UsrClass.dat
+ 2011-10-28 15:58 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-28-2011\ERDNT.EXE
- 2010-01-09 16:26 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-01-09 16:26 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-10-28 16:41 . 2011-10-28 16:41 155648 c:\windows\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_2a7dddf9\VJSharpCodeProvider.dll
+ 2011-10-28 16:39 . 2011-10-28 16:39 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b3c5e9b2\System.Drawing.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6b34a804\System.Drawing.Design.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_fb550001\CustomMarshalers.dll
+ 2004-08-07 18:47 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-07 18:47 . 2011-10-03 08:35 5971456 c:\windows\system32\mshtml.dll
+ 2009-03-08 12:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
- 2009-08-14 13:21 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2009-08-14 13:21 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-07 18:47 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-07 18:47 . 2011-10-03 08:35 5971456 c:\windows\system32\dllcache\mshtml.dll
+ 2011-02-14 18:38 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-07-08 20:59 . 2011-07-08 20:59 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-09-23 23:55 . 2010-09-23 23:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-09-23 23:55 . 2010-09-23 23:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-07-08 20:59 . 2011-07-08 20:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-07-07 19:02 . 2011-07-07 19:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2010-09-23 10:26 . 2010-09-23 10:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-07-07 19:02 . 2011-07-07 19:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2010-09-23 23:55 . 2010-09-23 23:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-07-08 20:59 . 2011-07-08 20:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-07-26 15:17 . 2011-07-26 15:17 6824960 c:\windows\Installer\2595a2.msp
+ 2011-09-20 22:36 . 2011-09-20 22:36 5521408 c:\windows\Installer\25958f.msp
+ 2011-10-28 16:42 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll
+ 2011-10-28 16:42 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
+ 2011-10-28 16:42 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll
+ 2011-10-28 15:58 . 2011-10-28 15:58 4661248 c:\windows\ERDNT\AutoBackup\10-28-2011\Users\00000001\ntuser.dat
+ 2011-10-28 16:40 . 2011-10-28 16:40 4468736 c:\windows\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_b1a6bc45\vjslib.dll
+ 2011-10-28 16:39 . 2011-10-28 16:39 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7a1aa547\System.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_38298145\System.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a8913510\System.Xml.dll
+ 2011-10-28 16:39 . 2011-10-28 16:39 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_78226186\System.Xml.dll
+ 2011-10-28 16:39 . 2011-10-28 16:39 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_8ce25f6e\System.Windows.Forms.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_636d2ff5\System.Windows.Forms.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f15cb82a\System.Drawing.dll
+ 2011-10-28 16:39 . 2011-10-28 16:39 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_bd2e093b\System.Design.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_65968414\System.Design.dll
+ 2011-10-28 16:39 . 2011-10-28 16:39 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e54e6c11\mscorlib.dll
+ 2011-10-28 16:40 . 2011-10-28 16:40 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_dae02603\mscorlib.dll
+ 2011-10-28 16:39 . 2011-10-28 16:39 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2011-02-25 11:03 . 2011-02-25 11:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2011-02-25 11:03 . 2011-02-25 11:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-10-28 16:39 . 2011-10-28 16:39 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-04-17 10:03 . 2011-10-05 17:09 48324552 c:\windows\system32\MRT.exe
- 2009-03-08 12:39 . 2011-04-26 17:11 11081728 c:\windows\system32\ieframe.dll
+ 2009-03-08 12:39 . 2011-08-24 00:48 11081728 c:\windows\system32\ieframe.dll
- 2011-02-14 18:38 . 2011-04-26 17:11 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-14 18:38 . 2011-08-24 00:48 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-07-13 05:49 . 2011-07-13 05:49 11459584 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp
+ 2011-10-28 16:53 . 2011-10-28 16:53 20333568 c:\windows\Installer\2595c1.msp
+ 2011-07-26 23:33 . 2011-07-26 23:33 10984448 c:\windows\Installer\2595b5.msp
+ 2011-07-12 22:50 . 2011-07-12 22:50 17555968 c:\windows\Installer\25957d.msp
+ 2011-10-28 16:42 . 2011-04-26 17:11 11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll
+ 2011-10-28 16:41 . 2011-10-28 16:41 12165120 c:\windows\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_83ca633c\vjslib.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-04-01 243000]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"SoundMan"="SOUNDMAN.EXE" [2004-07-02 73728]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 2550272]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-12 172032]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
.
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-7 16423]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 MpKsl6efb4ceb;MpKsl6efb4ceb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB2C952B-DEBC-40CD-9E46-A54CE9457B1F}\MpKsl6efb4ceb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB2C952B-DEBC-40CD-9E46-A54CE9457B1F}\MpKsl6efb4ceb.sys [?]
R1 MpKsldce2dcb1;MpKsldce2dcb1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11B696E5-0081-41E6-B9C7-F7580D8D2E86}\MpKsldce2dcb1.sys [10/28/2011 10:53 AM 28752]
S1 MpKsl049efb00;MpKsl049efb00;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F607885-F432-49E0-AFCF-10442A397CCA}\MpKsl049efb00.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F607885-F432-49E0-AFCF-10442A397CCA}\MpKsl049efb00.sys [?]
S1 MpKsl249fbd53;MpKsl249fbd53;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D8F8F72-D226-4045-80A6-4592A3B4E1E6}\MpKsl249fbd53.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D8F8F72-D226-4045-80A6-4592A3B4E1E6}\MpKsl249fbd53.sys [?]
S1 MpKsl3cee1944;MpKsl3cee1944;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{037819EF-4BEA-41D9-9967-2E5B968F4363}\MpKsl3cee1944.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{037819EF-4BEA-41D9-9967-2E5B968F4363}\MpKsl3cee1944.sys [?]
S1 MpKsl45223b5f;MpKsl45223b5f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BB1A852-CF19-492C-97E8-37E0CB7C10E4}\MpKsl45223b5f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BB1A852-CF19-492C-97E8-37E0CB7C10E4}\MpKsl45223b5f.sys [?]
S1 MpKsl5e722e23;MpKsl5e722e23;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B808906-70BA-48A0-8161-C5B55E75244D}\MpKsl5e722e23.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B808906-70BA-48A0-8161-C5B55E75244D}\MpKsl5e722e23.sys [?]
S1 MpKsl7724aec5;MpKsl7724aec5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{202F7923-48F5-45BC-9B3E-7685C6F11198}\MpKsl7724aec5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{202F7923-48F5-45BC-9B3E-7685C6F11198}\MpKsl7724aec5.sys [?]
S1 MpKsl857ee6bd;MpKsl857ee6bd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2008D7B4-759D-46B1-A284-5DD2E944C96C}\MpKsl857ee6bd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2008D7B4-759D-46B1-A284-5DD2E944C96C}\MpKsl857ee6bd.sys [?]
S1 MpKsle60d8728;MpKsle60d8728;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6E56731-67B9-4D97-851C-3E533853BC8A}\MpKsle60d8728.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6E56731-67B9-4D97-851C-3E533853BC8A}\MpKsle60d8728.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 3:16 PM 135664]
S3 bsusbser;Basecom USB Adapter;c:\windows\system32\drivers\bsusbser.sys [12/20/2006 4:01 AM 94848]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 3:16 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLDCE2DCB1
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:16]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:16]
.
2011-10-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-10-28 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 11:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-28 11:16:15
ComboFix-quarantined-files.txt 2011-10-28 18:16
ComboFix2.txt 2011-10-28 01:11
.
Pre-Run: 137,738,121,216 bytes free
Post-Run: 137,690,865,664 bytes free
.
- - End Of File - - 42CB9AC5887BD27F9E58E0C44416BD59

etavares · Oct 28, 2011

Unfortunately, threads have gone longer before. This is still beyond most. Torrents are very dangerous unless you know what computer you're connecting to on the other end and thoroughly trust it. Please run an OTL Quick Scan and post the log...there's still one line in there that CF couldn't remove, even with the script. Please also try to update MSE tomorrow and see if you're still able to update.

jacquefromla · Oct 29, 2011

OTL logfile created on: 10/29/2011 11:55:50 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 143.89 Mb Available Physical Memory | 28.59% Memory free
1.20 Gb Paging File | 0.72 Gb Available in Paging File | 59.70% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 128.12 Gb Free Space | 70.98% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.05% Space Free | Partition Type: FAT32
Drive K: | 1.90 Gb Total Space | 1.87 Gb Free Space | 98.26% Space Free | Partition Type: FAT

Computer Name: YOUR-AE066C3A9B | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/27 17:17:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2011/09/28 23:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/03/31 20:34:36 | 000,243,000 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Search Protection\YspService.exe
PRC - [2009/05/08 03:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\common\YMailAdvisor.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/07 14:33:31 | 000,016,423 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
PRC - [2004/07/06 01:05:48 | 002,550,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/07/01 18:58:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/03/12 04:23:52 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/18 08:20:01 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/28 23:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/23 10:44:42 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko7\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2004/08/07 14:33:31 | 000,147,493 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll
MOD - [2004/08/07 14:33:31 | 000,094,243 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll
MOD - [2004/08/07 14:33:31 | 000,061,496 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
MOD - [2004/08/07 14:33:31 | 000,024,615 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\frext-309731.dll
MOD - [2004/08/07 14:33:31 | 000,024,615 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\BWfiles-309731.dll
MOD - [2004/08/07 14:33:31 | 000,016,423 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
MOD - [2004/08/07 14:33:28 | 000,114,688 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\HPClientExt.dll
MOD - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/03/18 23:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/10/29 11:24:38 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CE5D35D-9A2E-41D6-8C10-76748E25B726}\MpKsl9e9d7a7d.sys -- (MpKsl9e9d7a7d)
DRV - [2006/12/20 04:01:08 | 000,094,848 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bsusbser.sys -- (bsusbser)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/19 17:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/07/17 04:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/06 23:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 17:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 18:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/07/18 16:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 11:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 17:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 14:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D3F9D703-682F-4A54-B106-7D19FA44DD72}: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{D3F9D703-682F-4A54-B106-7D19FA44DD72}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 18:47:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/16 20:03:29 | 000,000,000 | ---D | M]

[2010/01/12 11:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2010/01/12 11:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/26 10:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions
[2010/07/06 09:14:32 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/16 14:16:08 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}(2)
[2011/10/24 23:14:05 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/10/26 10:15:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/18 23:30:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/16 14:16:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)
[2011/10/26 10:15:47 | 000,000,000 | ---D | M] (???????????? ?? ?????????? Logitech) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\DeviceDetection@logitech.com
[2011/10/26 00:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/16 12:46:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/26 00:28:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/16 12:46:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/17 21:11:20 | 000,502,560 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 0.r.msn.com #[microsoft_adcenter]
O1 - Hosts: 127.0.0.1 005.free-counter.co.uk
O1 - Hosts: 127.0.0.1 006.free-counter.co.uk
O1 - Hosts: 127.0.0.1 007.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counter.co.uk
O1 - Hosts: 127.0.0.1 008.free-counters.co.uk
O1 - Hosts: 127.0.0.1 00fun.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 011707160008.c.mystat-in.net
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 061606084448.c.mystat-in.net
O1 - Hosts: 127.0.0.1 070806142521.c.mystat-in.net
O1 - Hosts: 127.0.0.1 090906042103.c.mystat-in.net
O1 - Hosts: 127.0.0.1 092706152958.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0d7292.r.axf8.net
O1 - Hosts: 127.0.0.1 0f36f3.r.axf8.net
O1 - Hosts: 127.0.0.1 1.adbrite.com
O1 - Hosts: 127.0.0.1 1.googlenews.xorg.pl
O1 - Hosts: 127.0.0.1 1.marketbanker.com
O1 - Hosts: 127.0.0.1 1.ofsnetwork.com
O1 - Hosts: 127.0.0.1 1.sharkadnetwork.com
O1 - Hosts: 127.0.0.1 100-100.ru
O1 - Hosts: 127.0.0.1 100.mbn.com.ua
O1 - Hosts: 127.0.0.1 100.topnews.ru
O1 - Hosts: 14597 more lines...
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe ()
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCA507B5-39ED-4482-9891-99716DCB2EC4}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/27 11:55:35 | 000,000,752 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2005/08/13 15:48:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 09:16:41 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/10/27 17:56:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/27 17:56:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/27 17:56:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/27 17:56:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/27 17:55:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/27 17:54:12 | 004,274,254 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2011/10/26 00:36:15 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
[2011/10/26 00:28:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/26 00:28:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/26 00:28:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/26 00:09:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/24 23:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\FireShot
[2011/10/24 11:26:10 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\HP_Owner\Desktop\aswMBR.exe
[2011/10/24 10:59:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/10/20 20:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/10/20 12:43:25 | 000,423,952 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\msgr11us.exe
[2011/10/16 13:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/16 13:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/16 13:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/10/16 13:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/16 12:46:37 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/16 12:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups
[2011/10/16 12:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\abelhadigital.com
[2011/10/16 12:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2011/10/16 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HostsMan
[2011/10/16 12:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan
[2011/10/11 13:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/10 18:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/10/10 18:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/10/08 18:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/08 18:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/08 18:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/08 11:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/10/06 23:32:56 | 000,000,000 | ---D | C] -- C:\Junction

========== Files - Modified Within 30 Days ==========

[2011/10/29 11:40:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/10/29 11:39:49 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/29 11:18:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/29 11:13:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/28 23:07:04 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/28 22:41:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/28 10:55:18 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Updates from HP.lnk
[2011/10/28 10:55:17 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2011/10/28 10:02:09 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/28 09:53:25 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/28 09:17:39 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/27 17:56:22 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2011/10/27 17:54:18 | 004,274,254 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2011/10/27 17:17:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/10/26 12:56:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/26 00:35:53 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\HP_Owner\Desktop\esetsmartinstaller_enu.exe
[2011/10/26 00:06:27 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/26 00:06:18 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\NTREGOPT.lnk
[2011/10/26 00:06:18 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ERUNT.lnk
[2011/10/26 00:04:02 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to erunt-setup.lnk
[2011/10/24 11:29:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\MBR.dat
[2011/10/24 11:26:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Owner\Desktop\aswMBR.exe
[2011/10/24 10:23:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/21 23:12:13 | 000,690,581 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\DSC02287.JPG
[2011/10/20 20:07:57 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/20 20:07:57 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/10/20 12:43:20 | 000,423,952 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\HP_Owner\Desktop\msgr11us.exe
[2011/10/18 08:20:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/17 21:11:20 | 000,502,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/10/17 21:08:51 | 000,502,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak
[2011/10/16 13:32:29 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/14 14:08:30 | 000,024,876 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ns3.jpg
[2011/10/14 14:08:14 | 000,818,659 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ns2.png
[2011/10/14 14:07:54 | 000,032,799 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ns1.jpg
[2011/10/08 18:47:11 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/08 14:05:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/08 11:56:09 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/08 11:56:09 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/06 23:29:01 | 000,079,623 | ---- | M] () -- C:\Junction.zip
[2011/10/03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/03 05:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/03 02:37:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/03 01:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2011/10/28 10:55:18 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Updates from HP.lnk
[2011/10/28 10:55:17 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2011/10/28 10:14:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/28 09:22:29 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/27 17:56:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/27 17:56:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/27 17:56:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/27 17:56:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/27 17:56:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/26 00:06:27 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/26 00:04:34 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\NTREGOPT.lnk
[2011/10/26 00:04:34 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ERUNT.lnk
[2011/10/26 00:04:02 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to erunt-setup.lnk
[2011/10/24 11:29:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\MBR.dat
[2011/10/20 20:07:57 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/10/20 20:07:56 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/16 13:32:29 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/16 13:18:29 | 000,818,659 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ns2.png
[2011/10/16 13:18:29 | 000,032,799 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ns1.jpg
[2011/10/16 13:18:29 | 000,024,876 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ns3.jpg
[2011/10/16 12:30:52 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/08 18:47:11 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/08 11:56:09 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/06 23:29:34 | 000,079,623 | ---- | C] () -- C:\Junction.zip
[2011/03/31 23:27:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/12 18:44:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/08 01:20:59 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2010/02/25 18:43:07 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/22 09:58:35 | 000,007,337 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2010/02/22 09:58:17 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010/02/18 14:52:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2010/01/10 17:22:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/01/10 16:52:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/01/10 14:34:00 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/07 04:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2006/06/10 09:17:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/06/08 21:03:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/08/13 15:50:16 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2005/08/13 15:46:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/13 15:46:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/13 15:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/13 15:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/13 15:46:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/13 15:46:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/19 11:08:56 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/02/27 11:28:59 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/19 00:29:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/10/14 14:22:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/16 14:09:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/16 14:09:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/16 14:08:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/16 14:08:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/16 14:08:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/16 14:08:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/16 14:08:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/16 14:07:43 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/08 08:16:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 14:39:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/08/07 14:39:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/07 14:39:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/07 14:34:39 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/07 14:33:31 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/08/07 14:28:27 | 000,026,939 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/07 14:27:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/07 14:17:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/07 13:50:45 | 000,094,339 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2004/08/07 13:50:45 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2004/08/07 13:33:07 | 000,089,028 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2004/08/07 13:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2004/08/07 13:24:38 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2004/08/07 13:24:38 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2004/08/07 13:17:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/07 13:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/08/07 13:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/08/07 13:02:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/08/07 12:26:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/07 12:26:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/07 12:25:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/07 12:07:48 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 12:06:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 12:01:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/07 11:47:30 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/07 11:47:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/07 11:47:05 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 11:47:05 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 11:46:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/07 04:55:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 04:54:52 | 000,197,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/06/29 05:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/07 18:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2004/02/27 17:10:30 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/05/15 21:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin
[2003/03/06 22:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/23 10:30:00 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2003/01/23 10:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/24 18:38:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll

========== LOP Check ==========

[2004/08/07 14:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/10/16 12:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2004/10/13 13:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2005/02/13 18:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0205
[2010/04/30 12:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/06/28 18:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/05/19 11:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/16 10:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/07 03:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2004/08/07 14:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2004/08/07 14:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacque2\Application Data\SampleView
[2011/10/29 11:18:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

etavares · Oct 30, 2011

Is MSE updating now? That log looks good.

jacquefromla · Oct 31, 2011

Its updating!!!!

Thank You so much........................how about the programs Ive downloaded for this removal, what ones should I delete?

etavares · Oct 31, 2011

Hello, jacquefromla.

Great! We'll uninstall COmbofix and clean up OTL. After that, you can uninstall any program we used via Add/Remove Programs if it's listed there. IF not, just delete it.

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!

Step 1

Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

Download OTC by OldTimer and save it to your desktop.

If that link doesn't work, try this one.

Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator

Then Click the big button.

You will get a prompt saying "Begin Cleanup Process". Please select Yes.

Restart your computer when prompted.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.

Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:

Double-click the Downloaded installer and install the tool to a location of your choice

Via the Startmenu, navigate to HostsMan and run the program.

Click "Hosts" in the menu

Click "Manage Updates" in the submenu

Out of the three, select atleast one of the three (I have MVPS Host as my main one)

Click "Add Update." After that you will only need to click on the following button to retrieve updates:

Click the X to exit the program.

Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares

Log in or Sign up

Open Cloud Av

jacquefromla Member

jacquefromla Member

jacquefromla Member

etavares Malware Removal Specialist - Moderator

jacquefromla Member

etavares Malware Removal Specialist - Moderator

jacquefromla Member

jacquefromla Member

etavares Malware Removal Specialist - Moderator

jacquefromla Member

etavares Malware Removal Specialist - Moderator

jacquefromla Member

etavares Malware Removal Specialist - Moderator

jacquefromla Member

etavares Malware Removal Specialist - Moderator

Share This Page

Log in or Sign up

Open Cloud Av

jacquefromla Member

jacquefromla Member

jacquefromla Member

etavares Malware Removal Specialist - Moderator

jacquefromla Member

etavares Malware Removal Specialist - Moderator

jacquefromla Member

jacquefromla Member

etavares Malware Removal Specialist - Moderator

jacquefromla Member

etavares Malware Removal Specialist - Moderator

jacquefromla Member

etavares Malware Removal Specialist - Moderator

jacquefromla Member

etavares Malware Removal Specialist - Moderator

Share This Page

Useful Searches