I hope this is not a duplicate but I sent this previously and don't see it.
F. Let's take this one first. IE and Firefox open fine. I can navigate the web etc. Outlook, Office iTunes fine. I tried to open Google Chrome and the message about needing to close came up. Additionally, after I did some additional time on the web it seems something is still not right. When each and every time I do a search for something the first time I click on any of the results I'm taken to some sort of advertising site. So it looks like the computer is not 100% free of problems.
A. Do you have any problems executing the instructions? No
Contents of the most recent MBAM log file See Below
Contents of OTL-fix.txt log file created after OTL Fix Script run See Below
Contents of SystemLook.txt log file See Below
Contents of OTL.txt log file created after after OTL Standard scan See Below
MBAM
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8323
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/6/2011 1:57:43 PM
mbam-log-2011-12-06 (13-57-43).txt
Scan type: Full scan (C:\|)
Objects scanned: 248983
Time elapsed: 32 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\AZ\local settings\Temp\2F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\AZ\local settings\Temp\~!#21.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\AZ\local settings\Temp\~!#23.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\documents and settings\AZ\local settings\Temp\~!#29.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\Desktop\privacy protection.lnk (Malware.Trace) -> Quarantined and deleted successfully.
OTL fix
All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_USERS\S-1-5-21-1275210071-1604221776-839522115-1007\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1604221776-839522115-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE not found.
========== FILES ==========
File\Folder C:\WINDOWS\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-0A4036A9.pf not found.
C:\Documents and Settings\AZ\Cookies\az@searchqu[1].txt moved successfully.
C:\Documents and Settings\AZ\Application Data\searchquband folder moved successfully.
C:\Documents and Settings\BZ\Application Data\searchquband folder moved successfully.
C:\Documents and Settings\BZ\Application Data\searchqutoolbar\weather folder moved successfully.
C:\Documents and Settings\BZ\Application Data\searchqutoolbar\coupons folder moved successfully.
C:\Documents and Settings\BZ\Application Data\searchqutoolbar folder moved successfully.
C:\Documents and Settings\AZ\AppData\LocalLow\DataMngr folder moved successfully.
C:\Documents and Settings\BZ\AppData\LocalLow\DataMngr folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Administrator.ANDREW-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Andrew
User: AZ
->Temp folder emptied: 1052187 bytes
->Temporary Internet Files folder emptied: 195699733 bytes
->Java cache emptied: 18469 bytes
->FireFox cache emptied: 38879057 bytes
->Flash cache emptied: 2743 bytes
User: BZ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 101960 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26190 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 225.00 mb
Error: Unable to interpret <[CREATERESTOREPOINTS]> in the current context!
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: Administrator.ANDREW-PC
->Flash cache emptied: 0 bytes
User: All Users
User: Andrew
User: AZ
->Flash cache emptied: 0 bytes
User: BZ
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: Administrator.ANDREW-PC
User: All Users
User: Andrew
User: AZ
->Java cache emptied: 0 bytes
User: BZ
->Java cache emptied: 0 bytes
User: Default User
User: LocalService
User: NetworkService
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12062011_160042
Files\Folders moved on Reboot...
C:\Documents and Settings\AZ\Local Settings\Temporary Internet Files\Content.IE5\3XQK55NJ\results[1].htm moved successfully.
File move failed. C:\Documents and Settings\AZ\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
SystemLook
SystemLook 30.07.11 by jpshortstuff
Log created at 16:07 on 06/12/2011 by AZ
Administrator - Elevation successful
========== filefind ==========
Searching for "*Searchqu*"
C:\_OTL\MovedFiles\12042011_143259\C_DOCUME~1\AZ\LOCALS~1\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [06:34 12/07/2011] [06:34 12/07/2011] BDD9BB687211DB7604A64BCA36531350
C:\_OTL\MovedFiles\12062011_160042\C_Documents and Settings\AZ\Cookies\az@searchqu[1].txt --a---- 579 bytes [22:36 29/11/2011] [22:36 29/11/2011] FAF6FFAF4299741117CE35AE1A8F4D4B
Searching for "*datamngr*"
No files found.
========== folderfind ==========
Searching for "*Searchqu*"
C:\_OTL\MovedFiles\12062011_160042\C_Documents and Settings\AZ\Application Data\searchquband d------ [21:08 02/08/2011]
C:\_OTL\MovedFiles\12062011_160042\C_Documents and Settings\BZ\Application Data\searchquband d------ [21:32 12/09/2011]
C:\_OTL\MovedFiles\12062011_160042\C_Documents and Settings\BZ\Application Data\searchqutoolbar d------ [21:00 06/12/2011]
Searching for "*datamngr*"
C:\_OTL\MovedFiles\12062011_160042\C_Documents and Settings\AZ\AppData\LocalLow\DataMngr d------ [21:08 02/08/2011]
C:\_OTL\MovedFiles\12062011_160042\C_Documents and Settings\BZ\AppData\LocalLow\DataMngr d------ [21:32 12/09/2011]
========== Regfind ==========
Searching for "Searchqu"
No data found.
Searching for "datamngr"
No data found.
-= EOF =-
OLT Scan
OTL logfile created on: 12/6/2011 4:22:02 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\AZ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
895.48 Mb Total Physical Memory | 423.11 Mb Available Physical Memory | 47.25% Memory free
2.12 Gb Paging File | 1.70 Gb Available in Paging File | 80.09% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 61.71 Gb Free Space | 48.22% Space Free | Partition Type: NTFS
Computer Name: ANDREW-PC | User Name: AZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/04 14:19:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AZ\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/04/24 01:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 12:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
========== Modules (No Company Name) ==========
MOD - [2010/12/30 10:48:23 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
========== Driver Services (SafeList) ==========
DRV - [2011/12/06 16:02:33 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{935D74D5-3065-4672-9124-68E95DDCAAD7}\MpKsl9cec545f.sys -- (MpKsl9cec545f)
DRV - [2011/12/06 13:59:43 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{935D74D5-3065-4672-9124-68E95DDCAAD7}\MpKsl46ef1d87.sys -- (MpKsl46ef1d87)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/20 11:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 11:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 11:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-1604221776-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1275210071-1604221776-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1275210071-1604221776-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1275210071-1604221776-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F B3 A7 67 4E B3 CC 01 [binary data]
IE - HKU\S-1-5-21-1275210071-1604221776-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=421&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 11:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/12 11:13:52 | 000,000,000 | ---D | M]
[2011/12/04 14:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AZ\Application Data\Mozilla\Extensions
[2011/12/04 14:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AZ\Application Data\Mozilla\Firefox\Profiles\yx8detvg.default\extensions
[2011/08/02 16:07:41 | 000,002,497 | -H-- | M] () -- C:\Documents and Settings\AZ\Application Data\Mozilla\Firefox\Profiles\yx8detvg.default\searchplugins\SearchResults.xml
[2011/12/04 15:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/13 07:49:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/13 07:49:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/13 07:49:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/02 16:07:41 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O1 HOSTS File: ([2011/07/09 13:25:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKU\S-1-5-21-1275210071-1604221776-839522115-1007..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1604221776-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-1604221776-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1275210071-1604221776-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-1604221776-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-1604221776-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE038714-5CDA-49F1-A43C-B066D60146DF}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/23 19:56:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/06 13:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/12/06 13:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/06 12:52:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\AZ\Desktop\erunt-setup.exe
[2011/12/04 14:32:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/04 14:21:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AZ\Desktop\OTL.exe
[2011/11/29 18:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/11/29 18:15:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/11/29 17:39:12 | 000,000,000 | --SD | C] -- C:\zzz28210z
[2011/11/12 11:12:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\AZ\Recent
========== Files - Modified Within 30 Days ==========
[2011/12/06 16:24:03 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/06 16:07:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/06 16:03:06 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 16:02:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/06 13:02:02 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\NTREGOPT.lnk
[2011/12/06 13:02:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\ERUNT.lnk
[2011/12/06 12:50:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\AZ\Desktop\erunt-setup.exe
[2011/12/06 11:11:20 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\Microsoft Office Outlook 2003.lnk
[2011/12/06 11:08:49 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\restore.vbs
[2011/12/06 10:58:35 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/04 15:45:39 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2011/12/04 15:43:42 | 000,109,046 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\ATT 1011-1111.pdf
[2011/12/04 15:41:00 | 000,108,740 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\ATT wireless 911-1011.pdf
[2011/12/04 15:38:31 | 000,102,248 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\ATT 911-1011.pdf
[2011/12/04 15:23:00 | 000,408,687 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\Comcast 2011-11-21_bill.pdf
[2011/12/04 14:19:13 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\SystemLook.exe
[2011/12/04 14:19:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AZ\Desktop\OTL.exe
[2011/12/03 13:49:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/02 09:34:27 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/01 10:54:16 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\Microsoft Office Word 2003.lnk
[2011/11/29 22:26:43 | 000,168,058 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\silicon project _2_.pdf
[2011/11/29 22:26:05 | 000,010,767 | ---- | M] () -- C:\Documents and Settings\AZ\Desktop\outbind 2-00000000C4FA11FF0739AB4491209FC2502EA629E4A02A00 .pdf
[2011/11/29 16:25:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/16 21:26:28 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/11/13 11:31:42 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/13 11:31:42 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2011/12/06 13:02:02 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\AZ\Desktop\NTREGOPT.lnk
[2011/12/06 13:02:02 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\AZ\Desktop\ERUNT.lnk
[2011/12/06 11:08:49 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\AZ\Desktop\restore.vbs
[2011/12/04 15:43:40 | 000,109,046 | ---- | C] () -- C:\Documents and Settings\AZ\Desktop\ATT 1011-1111.pdf
[2011/12/04 15:40:59 | 000,108,740 | ---- | C] () -- C:\Documents and Settings\AZ\Desktop\ATT wireless 911-1011.pdf
[2011/12/04 15:38:29 | 000,102,248 | ---- | C] () -- C:\Documents and Settings\AZ\Desktop\ATT 911-1011.pdf
[2011/12/04 15:22:59 | 000,408,687 | ---- | C] () -- C:\Documents and Settings\AZ\Desktop\Comcast 2011-11-21_bill.pdf
[2011/12/04 14:21:40 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\AZ\Desktop\SystemLook.exe
[2011/11/29 22:26:41 | 000,168,058 | ---- | C] () -- C:\Documents and Settings\AZ\Desktop\silicon project _2_.pdf
[2011/11/29 22:26:03 | 000,010,767 | ---- | C] () -- C:\Documents and Settings\AZ\Desktop\outbind 2-00000000C4FA11FF0739AB4491209FC2502EA629E4A02A00 .pdf
[2011/11/29 18:16:23 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/08/02 16:07:34 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/07/11 07:59:42 | 000,015,050 | -HS- | C] () -- C:\Documents and Settings\AZ\Local Settings\Application Data\fw3ij32ar784e3d2
[2011/07/11 07:59:42 | 000,015,050 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fw3ij32ar784e3d2
[2011/06/24 08:40:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 10:36:15 | 000,001,416 | -HS- | C] () -- C:\Documents and Settings\AZ\Local Settings\Application Data\ygy31p65xq2icc
[2011/06/04 10:36:15 | 000,001,416 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ygy31p65xq2icc
[2011/05/20 08:10:51 | 000,001,376 | -HS- | C] () -- C:\Documents and Settings\AZ\Local Settings\Application Data\h52x83l386po06s4q40er033a1tc4n1234a34ye07
[2011/05/20 08:10:51 | 000,001,376 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h52x83l386po06s4q40er033a1tc4n1234a34ye07
[2011/05/16 13:53:42 | 000,001,284 | -HS- | C] () -- C:\Documents and Settings\AZ\Local Settings\Application Data\3k6qy7jn2x21n
[2011/05/16 13:53:42 | 000,001,284 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3k6qy7jn2x21n
[2011/05/12 22:21:39 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\AZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 15:11:35 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\AZ\Local Settings\Application Data\prvlcl.dat
[2011/04/26 16:43:18 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18014004r
[2011/04/26 16:43:17 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18014004
[2011/04/26 16:43:11 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18014004
[2011/02/03 13:50:56 | 000,054,996 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/30 10:48:59 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/12/30 10:48:24 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/12/30 10:48:23 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/12/28 11:37:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/12/24 11:55:26 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/12/24 11:55:26 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/12/24 11:55:26 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/12/24 11:55:26 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/12/24 11:55:26 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/12/24 11:55:26 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/12/24 11:55:26 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/12/24 11:55:26 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/12/24 11:55:26 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/12/24 11:55:26 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/12/24 11:55:26 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/12/24 11:55:26 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/12/24 11:55:26 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/12/24 11:55:26 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/12/24 11:55:26 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/12/24 11:55:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/12/24 03:04:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/24 03:00:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/24 02:51:05 | 000,000,512 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/12/23 20:31:34 | 000,095,248 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2010/12/23 20:31:33 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2010/12/23 20:21:07 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/12/23 20:21:07 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/12/23 19:57:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/23 19:54:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/23 13:45:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/23 13:45:10 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/31 04:03:00 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT
[2004/09/24 02:55:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/09/22 14:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/11/26 16:10:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2003/11/26 16:10:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/18 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 07:00:00 | 000,314,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 07:00:00 | 000,040,836 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
< End of report >