Malwarebytes won't update or run

chefhop · March 25, 2012

Have tried everything. Here's my OTL log. Thanks.

OTL logfile created on: 3/25/2012 10:40:15 AM - Run 2

OTL by OldTimer - Version 3.2.37.0 Folder = H:\Documents and Settings\Family\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 79.76% Memory free

4.83 Gb Paging File | 4.29 Gb Available in Paging File | 88.75% Paging File free

Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files

Drive D: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive H: | 931.50 Gb Total Space | 555.75 Gb Free Space | 59.66% Space Free | Partition Type: NTFS

Drive J: | 1862.36 Gb Total Space | 1505.95 Gb Free Space | 80.86% Space Free | Partition Type: NTFS

Computer Name: ROBERTSON | User Name: Family | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.) -- H:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2012/03/15 10:30:12 | 000,594,432 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe

PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/21 08:21:12 | 000,429,040 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\ppgooglenaclpluginchrome.dll

MOD - [2012/03/21 08:21:11 | 003,772,912 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll

MOD - [2012/03/21 08:19:37 | 000,122,880 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\avutil-51.dll

MOD - [2012/03/21 08:19:35 | 000,220,672 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\avformat-53.dll

MOD - [2012/03/21 08:19:34 | 001,747,456 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\avcodec-53.dll

MOD - [2010/06/06 10:20:02 | 000,065,344 | ---- | M] () -- H:\WINDOWS\system32\PDFreDirectMonNT.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- H:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/09/06 20:12:06 | 000,045,056 | ---- | M] (Intuit) [Disabled | Stopped] -- H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- H:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2010/08/19 16:25:00 | 000,272,864 | ---- | M] () [Disabled | Stopped] -- H:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)

SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- H:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- H:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- H:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Disabled | Stopped] -- H:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- H:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- H:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOCUME~1\Family\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2012/03/25 09:56:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2010/02/03 12:20:32 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2010/01/06 05:21:00 | 000,594,048 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)

DRV - [2009/11/06 09:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)

DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2008/01/28 16:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008/01/28 16:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/05/02 17:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2003/07/16 12:05:32 | 000,001,247 | ---- | M] () [Kernel | System | Stopped] -- H:\Program Files\Land Desktop 2004\Land\changer.lsp -- (Changer)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {17DB2045-0C50-4102-BB7E-7D79B78F489D}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{17DB2045-0C50-4102-BB7E-7D79B78F489D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{11FC9A64-3DD3-4EE1-8330-843181AE3E5C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4d19e2f1&v=7.4.22.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: h:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: h:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: h:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: H:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:35:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/06 09:24:36 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)

CHR - default_search_provider: search_url = http://search.avg.com/?d=4dde38c6&v=7.4.22.4&i=26&tp=ggl-chrome&q={searchTerms}

CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?output=chrome&client=chrome&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = H:\Program Files\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = H:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = H:\Program Files\Google\Chrome\Application\17.0.963.83\gcswf32.dll

CHR - plugin: AVG Internet Security (Enabled) = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Enabled) = H:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = H:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = h:\program files\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = h:\program files\real\realplayer\Netscape6\nprpjplug.dll

CHR - plugin: Google Update (Enabled) = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Silverlight Plug-In (Enabled) = H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Unity Player (Enabled) = H:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: iTunes Application Detector (Enabled) = H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = h:\program files\real\realplayer\Netscape6\nprjplug.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: AVG Safe Search = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

CHR - Extension: Gmail = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: E&xport to Microsoft Excel - H:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Se&nd to OneNote - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B89743E-7BB8-436C-914D-565D6D227A52}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - H:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: H:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: H:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/01/28 16:00:27 | 000,000,088 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{5ec0eb8a-696a-11e0-a746-8aaf280856b2}\Shell - "" = AutoRun

O33 - MountPoints2\{5ec0eb8a-696a-11e0-a746-8aaf280856b2}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{5ec0eb8a-696a-11e0-a746-8aaf280856b2}\Shell\AutoRun\command - "" = K:\KODAK_Software_Downloader.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/25 10:28:54 | 000,594,432 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe

[2012/03/16 15:41:17 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Application Data\Malwarebytes

[2012/03/16 15:41:16 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/16 15:41:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/03/16 15:41:13 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/03/16 15:41:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys

[2012/03/16 15:41:12 | 000,000,000 | ---D | C] -- H:\Program Files\Malwarebytes' Anti-Malware

[2012/03/16 07:38:44 | 000,000,000 | RHSD | C] -- H:\cmdcons

[2012/03/16 07:35:59 | 000,518,144 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe

[2012/03/16 07:35:59 | 000,406,528 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe

[2012/03/16 07:35:59 | 000,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe

[2012/03/16 07:35:59 | 000,060,416 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe

[2012/03/16 07:35:53 | 000,000,000 | ---D | C] -- H:\WINDOWS\ERDNT

[2012/03/16 07:35:52 | 000,000,000 | --SD | C] -- H:\ComboFix

[2012/03/15 10:14:48 | 000,000,000 | ---D | C] -- H:\Qoobox

[2012/03/14 12:06:34 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\jorgen

[2012/03/13 08:06:54 | 000,000,000 | ---D | C] -- H:\WINDOWS\Minidump

[2012/03/12 23:32:24 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\ships

[2012/03/10 20:37:49 | 000,000,000 | ---D | C] -- H:\Malwarebytes

[2012/03/08 14:28:45 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- H:\WINDOWS\System32\drivers\mcdbus.sys

[2012/03/08 14:28:44 | 000,000,000 | ---D | C] -- H:\Program Files\MagicDisc

[2012/03/08 09:11:44 | 000,000,000 | ---D | C] -- H:\Program Files\MagicISO

[2012/03/06 15:29:46 | 000,000,000 | ---D | C] -- H:\Program Files\BitTorrent

[2012/03/06 15:28:02 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Application Data\BitTorrent

[2012/03/06 12:33:33 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

[2012/03/03 23:19:54 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Application Data\.minecraft

[6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/25 10:41:00 | 000,000,886 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/25 10:20:14 | 000,000,280 | ---- | M] () -- H:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-527237240-839522115-1003.job

[2012/03/25 10:20:13 | 000,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl

[2012/03/25 10:20:13 | 000,000,288 | ---- | M] () -- H:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-527237240-839522115-1003.job

[2012/03/25 10:20:02 | 000,000,882 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/25 10:20:01 | 000,000,266 | ---- | M] () -- H:\WINDOWS\tasks\AutoKMS.job

[2012/03/25 10:19:53 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat

[2012/03/25 09:56:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/03/25 09:56:39 | 000,000,802 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/03/25 09:56:39 | 000,000,784 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/25 09:13:46 | 092,621,341 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/03/25 00:49:56 | 000,278,561 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\Minecraft.exe

[2012/03/24 17:42:36 | 000,113,434 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\shavedmonkeyalien.rns

[2012/03/23 18:04:00 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/03/21 14:23:14 | 000,505,612 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat

[2012/03/21 14:23:14 | 000,089,332 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat

[2012/03/20 22:24:43 | 000,246,024 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\doing it.rns

[2012/03/20 12:20:55 | 000,000,616 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\ReCycle.lnk

[2012/03/18 17:12:32 | 000,290,434 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/03/18 14:10:47 | 000,262,826 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\the killing mist.rns

[2012/03/18 14:09:08 | 000,181,652 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\practicewobble.rns

[2012/03/16 14:36:27 | 000,188,633 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\census.cache

[2012/03/16 14:36:24 | 000,195,586 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\ars.cache

[2012/03/16 14:29:43 | 000,000,036 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\housecall.guid.cache

[2012/03/16 07:38:49 | 000,000,327 | RHS- | M] () -- H:\boot.ini

[2012/03/15 13:00:10 | 000,046,592 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/03/15 10:30:12 | 000,594,432 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe

[2012/03/13 22:04:05 | 000,411,080 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT

[2012/03/13 21:52:53 | 000,001,374 | ---- | M] () -- H:\WINDOWS\imsins.BAK

[2012/03/12 11:02:39 | 000,008,143 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\fishtank.jpg

[2012/03/12 07:20:21 | 000,161,968 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\swing chop.1.rns

[2012/03/10 10:11:43 | 000,001,039 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/03/09 19:04:37 | 000,001,021 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\Google Gold.lnk

[2012/03/09 19:00:32 | 000,001,039 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\Google Chrome.lnk

[2012/03/09 00:01:24 | 000,133,884 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\crazyshit.rns

[2012/03/06 15:29:49 | 000,000,668 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2012/03/02 09:07:09 | 000,182,512 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\swing chop.rns

[2012/03/01 00:29:44 | 000,208,056 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\hard.1.rns

[2012/02/27 00:02:04 | 000,007,260 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\smakit.drp

[2012/02/25 18:32:45 | 000,174,150 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\hard.rns

[2012/02/24 17:02:41 | 000,265,438 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\begin the nibeg.rns

[2012/02/24 17:01:05 | 000,181,822 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\stabacat.1.rns

[2012/02/24 11:06:18 | 000,157,288 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\groovydoob.rns

[6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/25 09:56:39 | 000,000,802 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/03/25 09:56:39 | 000,000,784 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/25 00:49:56 | 000,278,561 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\Minecraft.exe

[2012/03/24 17:42:36 | 000,113,434 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\shavedmonkeyalien.rns

[2012/03/20 12:20:55 | 000,000,616 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\ReCycle.lnk

[2012/03/19 22:43:26 | 000,246,024 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\doing it.rns

[2012/03/16 14:36:27 | 000,188,633 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\census.cache

[2012/03/16 14:36:24 | 000,195,586 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\ars.cache

[2012/03/16 14:29:43 | 000,000,036 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\housecall.guid.cache

[2012/03/16 07:38:49 | 000,000,210 | ---- | C] () -- H:\Boot.bak

[2012/03/16 07:38:46 | 000,260,272 | RHS- | C] () -- H:\cmldr

[2012/03/16 07:35:59 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe

[2012/03/16 07:35:59 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe

[2012/03/16 07:35:59 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe

[2012/03/16 07:35:59 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe

[2012/03/16 07:35:59 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe

[2012/03/12 11:02:51 | 000,008,143 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\fishtank.jpg

[2012/03/10 10:11:43 | 000,001,039 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/03/09 19:04:18 | 000,001,021 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\Google Gold.lnk

[2012/03/09 00:26:15 | 000,262,826 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\the killing mist.rns

[2012/03/06 15:29:49 | 000,000,668 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2012/03/06 12:37:37 | 000,001,039 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\Google Chrome.lnk

[2012/03/02 10:56:21 | 000,181,652 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\practicewobble.rns

[2012/03/02 10:14:01 | 000,161,968 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\swing chop.1.rns

[2012/03/01 00:42:20 | 000,182,512 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\swing chop.rns

[2012/02/27 00:04:54 | 000,133,884 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\crazyshit.rns

[2012/02/27 00:02:04 | 000,007,260 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\smakit.drp

[2012/02/25 18:32:51 | 000,208,056 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\hard.1.rns

[2012/02/24 20:10:50 | 000,174,150 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\hard.rns

[2012/02/15 19:48:01 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll

[2012/02/14 13:47:00 | 000,331,263 | ---- | C] () -- H:\WINDOWS\LOOP.exe

[2011/09/01 15:27:54 | 000,000,000 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\prvlcl.dat

[2011/08/04 17:58:40 | 000,000,564 | ---- | C] () -- H:\WINDOWS\link32.INI

[2011/07/11 15:18:32 | 000,002,528 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\$_hpcst$.hpc

[2011/05/20 07:12:04 | 000,000,059 | ---- | C] () -- H:\WINDOWS\ANS2000.INI

[2011/05/20 07:12:04 | 000,000,020 | -H-- | C] () -- H:\WINDOWS\akebook.ini

[2011/05/20 07:12:04 | 000,000,004 | -H-- | C] () -- H:\WINDOWS\a3kebook.ini

[2011/02/28 13:25:30 | 000,053,299 | ---- | C] () -- H:\WINDOWS\System32\pthreadVC.dll

[2011/02/11 22:11:08 | 000,048,588 | -H-- | C] () -- H:\WINDOWS\System32\mlfcache.dat

[2011/02/03 11:51:41 | 000,046,592 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/05 00:18:14 | 000,000,376 | ---- | C] () -- H:\WINDOWS\ODBC.INI

[2010/12/30 12:08:00 | 000,000,129 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat

[2010/12/30 11:56:05 | 000,112,410 | ---- | C] () -- H:\WINDOWS\hpoins07.dat

[2010/12/30 11:56:05 | 000,021,124 | ---- | C] () -- H:\WINDOWS\hpomdl07.dat

[2010/12/28 13:18:32 | 000,000,090 | ---- | C] () -- H:\WINDOWS\QBChanUtil_Trigger.ini

[2010/12/28 08:46:38 | 000,204,800 | ---- | C] () -- H:\WINDOWS\System32\igfxCoIn_v4820.dll

[2010/12/28 08:34:30 | 000,049,152 | ---- | C] () -- H:\WINDOWS\System32\ChCfg.exe

[2010/12/27 16:28:52 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat

[2010/12/27 16:24:54 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat

[2010/12/27 11:13:49 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI

[2010/12/27 11:12:49 | 000,411,080 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/06 10:20:02 | 000,065,344 | ---- | C] () -- H:\WINDOWS\System32\PDFreDirectMonNT.dll

========== LOP Check ==========

[2011/07/27 20:35:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Autodesk

[2011/11/08 23:41:00 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG2012

[2010/12/28 13:18:31 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\Common Files

[2012/03/25 09:13:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\MFAData

[2010/12/28 13:18:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Nuance

[2011/01/27 13:31:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PDF reDirect

[2012/02/14 13:48:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2010/12/28 13:24:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\SQL Anywhere 11

[2011/01/05 09:00:07 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon

[2011/01/05 08:55:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Western Digital

[2010/12/29 08:43:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/01/11 21:19:05 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}

[2011/01/12 07:14:46 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\{C5A0D307-9319-4B00-9734-C0F4B0454A7B}

[2012/03/25 00:50:57 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\.minecraft

[2011/07/27 20:43:57 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Autodesk

[2011/11/08 23:32:27 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\AVG2012

[2012/03/14 09:18:16 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\BitTorrent

[2011/10/20 10:13:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\ChessBase

[2011/01/23 23:13:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\dtband

[2011/08/18 22:04:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\DVDVideoSoft

[2011/03/13 22:00:28 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\DVDVideoSoftIEHelpers

[2010/12/28 14:22:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\NetMedia Providers

[2010/12/30 11:43:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\OpenOffice.org

[2011/01/27 13:31:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\PDF reDirect

[2011/12/27 12:57:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\PhotoScape

[2012/02/14 13:48:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Propellerhead Software

[2010/12/28 14:22:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Publish Providers

[2011/01/23 23:13:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\somototoolbar

[2010/12/28 14:24:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Sony

[2010/12/29 01:05:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Unity

[2012/03/06 15:25:26 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\uTorrent

[2011/01/05 08:55:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Western Digital

[2012/03/25 10:20:01 | 000,000,266 | ---- | M] () -- H:\WINDOWS\Tasks\AutoKMS.job

========== Purity Check ==========

< End of report >

Maniac · March 25, 2012

Hello chefhop and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Follow the instructions here and then post the log file:

http://forums.malwarebytes.org/index.php?showtopic=85715&view=findpost&p=434002

chefhop · March 25, 2012

Am I supposed to continue with the other methods when chameleon doesn't work?

Maniac · March 25, 2012

Proceed and let me know.

chefhop · March 25, 2012

I have tried everything on that list that could or would run. Posting here is my last effort to try and remove or fix whatever this is. I will try them again. Thanks.

Maniac · March 25, 2012

Manually delete your OTL, because is old program version.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

chefhop · March 25, 2012

OTL logfile created on: 3/25/2012 11:46:33 AM - Run 3

OTL by OldTimer - Version 3.2.39.2 Folder = H:\Documents and Settings\Family\Desktop