Jump to content

Recommended Posts

Last week I somehow picked up a typical false positive virus called XP Anti-Spyware 2011, which I was luckily able to remove with ease by doing a system restore. However, a few days ago I got one fairly similar called XP Anti-Virus, except this time it's much worse. Whenever I try to open nearly any program the pseudo virus scanner and security center windows open instead. Pretty much the only things that will open properly are Ad-Aware, my computer/my documents/etc, windows task manager, and the command window.

Malwarebytes will not open, nor will system restore. I have already done a virus scan using Ad-Aware, and although it removed 59 threats, it did not remove the virus. I have also tried installing a better anti-virus program using a disc but that also won't work. So, I was wondering if anyone has any idea as to how I can fix this without reformatting. I recently got a new computer and would really like to be able to keep things like pictures without the risk of contaminating the new one.

Thanks in advance!

Link to post
Share on other sites

Hello MelodyDoll! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here, here or here

Double click dds to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

Thank you very much for your reply!

DDS.txt log:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by scotttracey84@msn.co at 16:11:42.26 on Thu 04/07/2011

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.47 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kontiki\KService.exe

C:\Nexon\Mabinogi\npkcmsvc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\scotttracey84@msn.co\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = About:Blank

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://search.imesh.com/sidebar.html?src=ssb

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File

TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File

TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=313&nc_referer=&age=1&hiscore=&sp=0&questionSet=&r=8124624&&width=520&height=560&quality=high"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\scotttracey84@msn.co\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\documents and settings\scotttracey84@msn.co\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\scotttracey84@msn.co\start menu\programs\imvu\Run IMVU.lnk

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180927264065

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs:

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {29DF35CF-3441-40C1-A0C7-AA7BC21D6373} - rundll32.exe "c:\documents and settings\scotttracey84@msn.co\application data\sun\uvvnx03.dll", UnregisterDll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\scottt~1.co\applic~1\mozilla\firefox\profiles\fs2mge2n.default\

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=2t8EZNIv&q=

FF - plugin: c:\documents and settings\scotttracey84@msn.co\application data\mozilla\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\scotttracey84@msn.co\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

.

---- FIREFOX POLICIES ----

user_pref(security.warn_viewing_mixed,false);

user_pref(security.warn_viewing_mixed.show_once,false);

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

user_pref(security.warn_submit_insecure,false);

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64288]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-19 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-6-4 29584]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-19 243024]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1405384]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cdiskdun;cdiskdun;\??\c:\docume~1\scottt~1.co\locals~1\temp\cdiskdun.sys --> c:\docume~1\scottt~1.co\locals~1\temp\cdiskdun.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [2010-12-11 83584]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [2010-12-11 14976]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [2010-12-11 110464]

S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [2010-12-11 104448]

S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [2010-12-11 25344]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [2010-12-11 100480]

S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [2010-12-11 109952]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 npkycryp;npkycryp;\??\c:\program files\gravity\ro\npkycryp.sys --> c:\program files\gravity\ro\npkycryp.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

.txt=

.

=============== Created Last 30 ================

.

2011-04-04 22:28:50 225805 --sha-w- c:\docume~1\scottt~1.co\locals~1\applic~1\paw.exe

2011-04-04 22:28:48 225805 --sha-w- c:\docume~1\scottt~1.co\locals~1\applic~1\wmw.exe

2011-04-03 23:52:45 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-04-03 23:52:45 -------- d-----w- c:\windows\system32\wbem\Repository

2011-03-14 17:00:07 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

.

==================== Find3M ====================

.

2011-02-11 20:41:17 16432 ----a-w- c:\windows\system32\lsdelete.exe

.

============= FINISH: 16:14:07.06 ===============

Attach.txt log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/31/2007 1:14:08 PM

System Uptime: 4/7/2011 4:08:03 PM (0 hours ago)

.

Motherboard: Hewlett-Packard | | 097Ch

Processor: Intel® Pentium® 4 CPU 2.80GHz | XU1 PROCESSOR | 2793/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 37 GiB total, 6.451 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

Device ID: ACPI\PNP0303\4&1117367&0

Manufacturer: (Standard keyboards)

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&1117367&0

Service: i8042prt

.

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ROOT\MEDIA\0000

Manufacturer:

Name:

PNP Device ID: ROOT\MEDIA\0000

Service:

.

==== System Restore Points ===================

.

RP1033: 2/2/2011 4:22:47 PM - System Checkpoint

RP1034: 2/5/2011 8:42:48 AM - System Checkpoint

RP1035: 2/5/2011 8:35:57 PM - Installed HP USB Disk Storage Format Tool

RP1036: 2/8/2011 7:14:53 AM - System Checkpoint

RP1037: 2/9/2011 4:14:19 PM - System Checkpoint

RP1038: 2/10/2011 4:35:40 PM - System Checkpoint

RP1039: 2/13/2011 12:05:00 AM - System Checkpoint

RP1040: 2/14/2011 3:19:42 PM - System Checkpoint

RP1041: 2/15/2011 4:14:29 PM - System Checkpoint

RP1042: 2/17/2011 11:15:12 PM - System Checkpoint

RP1043: 2/19/2011 11:02:55 PM - System Checkpoint

RP1044: 2/21/2011 2:24:44 AM - System Checkpoint

RP1045: 2/22/2011 5:15:16 PM - System Checkpoint

RP1046: 2/23/2011 10:48:41 PM - Installed PC Inspector smart recovery

RP1047: 2/24/2011 6:42:36 PM - Installed BBC iPlayer Download Manager

RP1048: 2/26/2011 4:41:24 PM - System Checkpoint

RP1049: 2/27/2011 11:20:34 PM - System Checkpoint

RP1050: 3/1/2011 4:46:55 PM - Installed Adobe Photoshop Elements 7.0.

RP1051: 3/4/2011 3:19:10 PM - System Checkpoint

RP1052: 3/6/2011 8:17:56 AM - System Checkpoint

RP1053: 3/7/2011 3:26:33 PM - System Checkpoint

RP1054: 3/10/2011 7:12:32 AM - System Checkpoint

RP1055: 3/11/2011 7:18:48 AM - System Checkpoint

RP1056: 3/13/2011 2:06:18 PM - System Checkpoint

RP1057: 3/14/2011 11:56:27 AM - Avg Update

RP1058: 3/14/2011 11:58:49 AM - Avg Update

RP1059: 3/20/2011 3:37:14 PM - System Checkpoint

RP1060: 3/22/2011 8:31:33 PM - System Checkpoint

RP1061: 3/23/2011 9:05:12 PM - System Checkpoint

RP1062: 3/26/2011 5:15:01 PM - System Checkpoint

RP1063: 3/28/2011 7:37:58 AM - System Checkpoint

RP1064: 3/29/2011 9:14:24 PM - System Checkpoint

RP1065: 3/31/2011 7:47:43 PM - System Checkpoint

RP1066: 4/1/2011 8:07:17 PM - System Checkpoint

RP1067: 4/3/2011 12:26:43 AM - System Checkpoint

RP1068: 4/3/2011 7:46:15 PM - Restore Operation

RP1069: 4/3/2011 7:50:30 PM - Restore Operation

.

==== Installed Programs ======================

.

Ad-Aware

Adobe AIR

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Photoshop Elements 7.0

Adobe Reader 9.3.4

Adobe Setup

Adobe Shockwave Player 11

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 5.5

Audacity 1.2.6

AVG Free 9.0

BBC iPlayer Download Manager

Big Fish Games: Game Manager

BitTorrent

Bonjour

Broadcom Management Programs

Broadcom NetXtreme Ethernet Controller

Canon MP Navigator 2.0

Canon MP500

CardRecovery 5.30

CCleaner (remove only)

Diner Dash

Diner Dash 2 Restaurant Rescue

DivX Setup

DNA

Eraser 6.0.7.1893

Free Studio version 5.0.2

Greenfoot 2.0.0

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB958655-v2)

HP USB Disk Storage Format Tool

Intel® Graphics Media Accelerator Driver

iTunes

J2SE Runtime Environment 5.0 Update 3

Java Auto Updater

Java DB 10.5.3.0

Java 6 Update 20

Java SE Development Kit 6 Update 20

Java SE Runtime Environment 6 Update 1

KeyTweak - Keyboard Remapper (remove only)

LAME v3.98.3 for Audacity

LG Bluetooth Drivers

LG MC USB Modem driver

LG USB Modem Drivers

Messenger Plus! Live

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft AppLocale

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher 2007

Microsoft Office Publisher 2007 Trial

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office XP Professional with FrontPage

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Team Foundation Server 2010 Object Model - ENU

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

Microsoft Visual C++ Run Time Lib Setup

Microsoft Visual F# 2.0 Runtime

Microsoft Visual Studio Macro Tools

Microsoft Windows Application Compatibility Database

Microsoft Windows Journal Viewer

Microsoft WSE 3.0 Runtime

mIRC

Mozilla Firefox (3.6.16)

MSVCRT

MSXML 4.0 SP2 (KB927978)

Paint.NET v3.5.6

PC Inspector smart recovery

Polipo 1.0.4.1

QuickTime

Sansa Media Converter

Segoe UI

Skype

Link to post
Share on other sites

Step 1

First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have two so you need to uninstall one of them. Of the two, I would recommend keeping AVG, so please uninstall Ad-Aware.

Step 2

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smorgasbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 3

Make sure you can see the extensions:

http://www.fileinfo.com/help/windows-show-extensions.html

Locate to C:\Program Files\Malwarebytes and rename mbam.exe to firefox.com .

Step 4

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your next reply, please post the following logs:

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

Steps 1 and 2 unfortunately did not work because the add/remove programs window would not launch (the pseudo virus scanner does instead). I also tried renaming mbam.exe to firefox.com but when I try to open it I receive the message "Run-time error '0'" in a window called vbAccelerator SGrid II Control, then when I click OK I receive the message "Run-time error '404': Automation error" in a window called Malwarebytes' Anti-Malware.

Link to post
Share on other sites

  • Download OTL to your desktop. Otherwise, try OTL.com or OTL.scr.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • -When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\Moved Files
    • in most cases this will be C:\_OTL\Moved Files

Link to post
Share on other sites

Sorry for the late reply! After running OTL I noticed something -- the virus did not appear to be present. To test it I tried opening programs like Malwarebytes and they worked, so I ended up doing what you told me to in your first post.

Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

4/11/2011 11:50:14 PM

mbam-log-2011-04-11 (23-50-14).txt

Scan type: Full scan (C:\|)

Objects scanned: 228191

Time elapsed: 1 hour(s), 39 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 6

Registry Data Items Infected: 3

Folders Infected: 6

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

c:\documents and settings\scotttracey84@msn.co\application data\errorsmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\errorsmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\errorsmart\registry backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

c:\program files\errorsmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

c:\program files\errorsmart\microsoft.vc80.mfc (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmoketranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:

c:\WINDOWS\Tasks\errorsmart scheduled scan.job (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\Sun\cetw.txt (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\errorsmart\Log\2008 feb 23 - 08_59_30 pm_796.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\errorsmart\Log\2008 feb 23 - 09_00_46 pm_109.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\errorsmart\registry backups\2008-02-17_15-40-54.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmoketranslator\stat.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

DDS log:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by scotttracey84@msn.co at 0:15:46.84 on Tue 04/12/2011

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.92 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Nexon\Mabinogi\npkcmsvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\scotttracey84@msn.co\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = About:Blank

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://search.imesh.com/sidebar.html?src=ssb

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=313&nc_referer=&age=1&hiscore=&sp=0&questionSet=&r=8124624&&width=520&height=560&quality=high"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\scotttracey84@msn.co\start menu\programs\imvu\Run IMVU.lnk

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180927264065

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {29DF35CF-3441-40C1-A0C7-AA7BC21D6373} - rundll32.exe "c:\documents and settings\scotttracey84@msn.co\application data\sun\uvvnx03.dll", UnregisterDll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\scottt~1.co\applic~1\mozilla\firefox\profiles\fs2mge2n.default\

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=2t8EZNIv&q=

FF - plugin: c:\documents and settings\scotttracey84@msn.co\application data\mozilla\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\scotttracey84@msn.co\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

.

---- FIREFOX POLICIES ----

user_pref(security.warn_viewing_mixed,false);

user_pref(security.warn_viewing_mixed.show_once,false);

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

user_pref(security.warn_submit_insecure,false);

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64288]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-19 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-6-4 29584]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-19 243024]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cdiskdun;cdiskdun;\??\c:\docume~1\scottt~1.co\locals~1\temp\cdiskdun.sys --> c:\docume~1\scottt~1.co\locals~1\temp\cdiskdun.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [2010-12-11 83584]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [2010-12-11 14976]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [2010-12-11 110464]

S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [2010-12-11 104448]

S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [2010-12-11 25344]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [2010-12-11 100480]

S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [2010-12-11 109952]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 npkycryp;npkycryp;\??\c:\program files\gravity\ro\npkycryp.sys --> c:\program files\gravity\ro\npkycryp.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

.txt=

.

=============== Created Last 30 ================

.

2011-04-12 02:09:17 -------- d-----w- c:\docume~1\scottt~1.co\applic~1\Malwarebytes

2011-04-12 02:09:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-12 02:09:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-12 02:09:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-12 02:09:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-08 11:23:34 -------- d-----w- c:\program files\Malwarebytes

2011-04-04 22:28:50 225805 --sha-w- c:\docume~1\scottt~1.co\locals~1\applic~1\paw.exe

2011-04-03 23:52:45 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-04-03 23:52:45 -------- d-----w- c:\windows\system32\wbem\Repository

2011-03-14 17:00:07 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

.

==================== Find3M ====================

.

.

============= FINISH: 0:16:30.92 ===============

And finally the OTL file:

OTL logfile created on: 4/12/2011 12:04:17 AM - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\scotttracey84@msn.co\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 108.00 Mb Available Physical Memory | 21.00% Memory free

845.00 Mb Paging File | 467.00 Mb Available in Paging File | 55.00% Paging File free

Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 10.82 Gb Free Space | 29.04% Space Free | Partition Type: NTFS

Drive E: | 1.88 Gb Total Space | 0.56 Gb Free Space | 29.71% Space Free | Partition Type: FAT

Computer Name: LOCALCOMPUTER | User Name: scotttracey84@msn.co | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\scotttracey84@msn.co\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\scotttracey84@msn.co\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AresChatServer) -- File not found

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (npkcmsvc) -- C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)

SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)

DRV - (LgBttPort) -- C:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.)

DRV - (LGVMODEM) -- C:\WINDOWS\system32\drivers\lgvmodem.sys (LG Electronics Inc.)

DRV - (lgbusenum) -- C:\WINDOWS\system32\drivers\lgbtbus.sys (LG Electronics Inc.)

DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (lgmcmdm) -- C:\WINDOWS\system32\drivers\lgmcmdm.sys (MCCI Corporation)

DRV - (lgmcunic) LGE Mobile USB WMC Ethernet ELDA (WDM) -- C:\WINDOWS\system32\drivers\lgmcunic.sys (MCCI Corporation)

DRV - (lgmcmgmt) LGE Mobile USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\lgmcmgmt.sys (MCCI Corporation)

DRV - (lgmcobex) -- C:\WINDOWS\system32\drivers\lgmcobex.sys (MCCI Corporation)

DRV - (lgmcnd5) LGE Mobile USB WMC Ethernet ELDA (NDIS) -- C:\WINDOWS\system32\drivers\lgmcnd5.sys (MCCI Corporation)

DRV - (lgmcmdfl) -- C:\WINDOWS\system32\drivers\lgmcmdfl.sys (MCCI Corporation)

DRV - (lgmcbus) LGE Mobile driver (WDM) -- C:\WINDOWS\system32\drivers\lgmcbus.sys (MCCI Corporation)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = About:Blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82}:2.01

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5

FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - prefs.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=2t8EZNIv&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008/12/17 19:10:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 16:36:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/05/12 21:36:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/11 22:19:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/11 22:19:46 | 000,000,000 | ---D | M]

[2010/06/10 20:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Mozilla\Extensions

[2010/06/10 20:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/03/05 12:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2011/04/03 20:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Mozilla\Firefox\Profiles\fs2mge2n.default\extensions

[2010/10/08 15:26:59 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Mozilla\Firefox\Profiles\fs2mge2n.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}

[2010/11/19 23:42:49 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Mozilla\Firefox\Profiles\fs2mge2n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011/03/27 13:17:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Mozilla\Firefox\Profiles\fs2mge2n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/02/24 19:02:34 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Mozilla\Firefox\Profiles\fs2mge2n.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

[2011/02/24 18:42:10 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Mozilla\Firefox\Profiles\fs2mge2n.default\extensions\foxyproxy@eric.h.jung

[2011/03/04 21:48:03 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Mozilla\Firefox\Profiles\fs2mge2n.default\searchplugins\google-search.xml

[2011/04/03 20:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/03/24 07:56:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/12/10 20:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2010/05/12 21:37:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/05/12 21:36:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/03/24 07:56:17 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2011/03/24 07:56:17 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2008/11/24 15:35:00 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

[2010/05/12 21:36:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2011/03/24 07:56:27 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2010/08/13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2011/01/24 08:19:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2011/01/24 08:19:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2011/01/24 08:19:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2011/01/24 08:19:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2011/01/24 08:19:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2011/01/24 08:19:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2011/01/24 08:19:26 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/07/24 22:33:02 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/07/24 22:33:02 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/07/24 22:33:02 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/07/24 22:33:02 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2011/03/04 21:48:03 | 000,002,197 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml

[2010/07/24 22:33:02 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/07/24 22:33:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/07/24 22:33:02 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

Hosts file not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [shockwave Updater] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\scotttracey84@msn.co\Start Menu\Programs\IMVU\Run IMVU.lnk ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} http://login.hanbiton.com/cab/NLSnSSO.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180927264065 (WUWebControl Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/05/31 13:11:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 22:57:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\scotttracey84@msn.co\Recent

[2011/04/11 22:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Malwarebytes

[2011/04/11 22:09:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/04/11 22:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/04/11 22:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/04/11 22:09:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/04/11 22:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/04/11 21:56:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\OTL.exe

[2011/04/08 07:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Malwarebytes' Anti-Malware

[2011/04/08 07:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes

[2011/04/08 07:22:58 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\mbam-setup-1.50.1.1100.exe

[2011/03/26 21:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Anime-Ace-20-BB

[2011/03/24 17:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest

[2011/03/22 08:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\New Folder

[2011/03/14 13:00:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/11 23:52:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/11 22:09:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/11 21:53:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\OTL.exe

[2011/04/11 21:15:25 | 000,016,676 | -HS- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\0810l5u6odc6bt4h

[2011/04/11 21:15:25 | 000,016,676 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0810l5u6odc6bt4h

[2011/04/11 21:13:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/04/11 21:12:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/07 09:47:12 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\dds.scr

[2011/04/04 18:58:09 | 000,000,321 | ---- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\fix.reg

[2011/04/04 18:28:50 | 000,225,805 | -HS- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\paw.exe

[2011/04/04 17:45:12 | 074,235,739 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2011/04/04 17:37:21 | 000,493,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/04 17:37:21 | 000,083,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/04 17:36:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/04/04 07:09:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\prvlcl.dat

[2011/04/03 19:48:28 | 000,013,664 | -HS- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\bp75oi0oq4f3ts58v6af80w8

[2011/04/03 19:48:28 | 000,013,664 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\bp75oi0oq4f3ts58v6af80w8

[2011/04/03 18:16:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\mbam-setup-1.50.1.1100.exe

[2011/04/01 16:37:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1078081533-682003330-1003Core.job

[2011/03/27 13:10:56 | 002,369,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/03/26 21:42:22 | 000,062,927 | ---- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Deka Wanko Episode 4.ass

[2011/03/26 21:38:06 | 000,116,015 | ---- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Anime-Ace-20-BB.zip

[2011/03/26 21:16:41 | 544,275,528 | ---- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Deka Wanko Episode 4.avi

[2011/03/26 15:23:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/03/20 20:20:26 | 000,237,707 | ---- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Sell1-Dmg2.jpg

[2011/03/20 19:58:58 | 000,099,214 | ---- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Sell1-Dmg.jpg

[2011/03/20 19:33:46 | 000,133,471 | ---- | M] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Sell1.jpg

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/11 22:09:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/07 16:10:30 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\dds.scr

[2011/04/04 18:58:09 | 000,000,321 | ---- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\fix.reg

[2011/04/04 18:29:08 | 000,016,676 | -HS- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\0810l5u6odc6bt4h

[2011/04/04 18:29:08 | 000,016,676 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0810l5u6odc6bt4h

[2011/04/04 18:28:50 | 000,225,805 | -HS- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\paw.exe

[2011/04/03 17:02:54 | 000,013,664 | -HS- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\bp75oi0oq4f3ts58v6af80w8

[2011/04/03 17:02:54 | 000,013,664 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bp75oi0oq4f3ts58v6af80w8

[2011/03/26 21:38:04 | 000,116,015 | ---- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Anime-Ace-20-BB.zip

[2011/03/26 21:14:42 | 544,275,528 | ---- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Deka Wanko Episode 4.avi

[2011/03/24 17:34:30 | 000,062,927 | ---- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Deka Wanko Episode 4.ass

[2011/03/20 20:20:23 | 000,237,707 | ---- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Sell1-Dmg2.jpg

[2011/03/20 19:58:51 | 000,099,214 | ---- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Sell1-Dmg.jpg

[2011/03/20 19:33:44 | 000,133,471 | ---- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Desktop\Sell1.jpg

[2010/09/15 21:24:54 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI

[2010/08/14 23:09:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\RAUNINST.EXE

[2010/06/10 20:57:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\prvlcl.dat

[2010/04/25 22:24:31 | 000,026,427 | ---- | C] () -- C:\WINDOWS\CSTBox.INI

[2010/03/18 22:49:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/11/30 23:28:42 | 000,063,152 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/10/25 20:40:49 | 000,000,151 | ---- | C] () -- C:\WINDOWS\option.ini

[2009/04/23 20:02:50 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll

[2009/03/17 17:17:34 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Poladroid prefs.plist

[2009/03/11 21:40:10 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B7147D0E4F.sys

[2009/03/11 21:40:09 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

[2008/12/17 19:09:41 | 000,309,952 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2008/10/28 20:23:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008/09/20 15:18:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/09/08 21:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/09/05 18:02:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL

[2008/06/12 19:49:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CNeuroWizard.ini

[2008/06/01 14:33:55 | 000,270,336 | ---- | C] () -- C:\WINDOWS\UnInstall01.exe

[2008/05/17 00:19:48 | 000,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI

[2008/05/04 13:41:38 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008/05/04 13:41:31 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2008/05/04 13:41:25 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2008/05/03 21:48:19 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat

[2008/05/02 22:55:39 | 000,000,115 | ---- | C] () -- C:\WINDOWS\BuddyBuddy.ini

[2008/01/23 15:26:06 | 000,341,552 | ---- | C] () -- C:\WINDOWS\System32\npesLauncher.exe

[2007/11/22 18:44:48 | 000,946,176 | ---- | C] () -- C:\WINDOWS\System32\npdownv.exe

[2007/08/07 00:31:38 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/07/28 17:02:09 | 000,000,048 | ---- | C] () -- C:\WINDOWS\data.ini

[2007/07/23 13:25:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2007/06/24 17:14:30 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/06/04 20:44:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/06/04 17:12:45 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2007/06/03 16:53:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll

[2007/06/03 16:51:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll

[2007/05/31 14:03:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/05/31 14:02:34 | 002,369,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/05/31 13:14:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2007/05/31 13:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2007/04/16 17:48:52 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\nps_kor.ini

[2006/06/19 15:38:46 | 000,005,375 | ---- | C] () -- C:\WINDOWS\System32\nps_eng.ini

[2006/06/07 13:11:30 | 000,005,330 | ---- | C] () -- C:\WINDOWS\System32\nps_jpn.ini

[2005/10/09 22:33:54 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\secdel.dll

[2004/08/13 06:55:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/13 06:55:02 | 000,493,054 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/13 06:55:02 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/13 06:55:02 | 000,083,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/13 06:55:02 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/13 06:54:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/13 06:54:59 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/13 06:54:55 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/13 06:54:40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/13 06:54:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/13 06:54:22 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/13 06:54:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2002/01/18 21:56:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\mp3enc.dll

[2001/01/22 03:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL

[1999/07/06 20:00:00 | 000,000,006 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D81EDBF9-D167-4011-B77D-211DF920EB80

[1999/07/06 20:00:00 | 000,000,006 | RHS- | C] () -- C:\WINDOWS\@@desktop.dat

========== LOP Check ==========

[2009/12/25 09:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14196

[2010/02/21 11:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2011/04/11 22:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games

[2009/12/07 17:33:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011/03/14 13:00:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/03/01 18:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData

[2010/03/27 13:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2010/09/23 18:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2009/04/23 20:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2010/02/07 16:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5

[2009/01/25 00:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/03/08 20:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller

[2010/05/22 17:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/07/19 04:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/14 13:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/08/10 16:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2011/03/01 21:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\BitTorrent

[2010/04/25 22:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Canon

[2010/06/07 21:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\DemoCreator

[2009/06/16 11:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\DNA

[2010/12/11 18:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\DVDVideoSoftIEHelpers

[2010/04/22 23:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\FreeAudioPack

[2010/08/07 18:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\GetRightToGo

[2009/11/18 21:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\gtk-2.0

[2010/12/11 18:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\LG Electronics

[2009/04/23 20:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\NCH Swift Sound

[2010/01/26 12:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\NJStar

[2009/11/25 19:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\OpenOffice.org

[2007/08/26 17:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Opera

[2010/02/07 15:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\scar5

[2010/08/07 00:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\SecondLife

[2010/09/30 16:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\ShanghaiAlice

[2009/11/24 19:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\SmartDraw

[2010/09/03 12:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\SystemRequirementsLab

[2011/02/26 23:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\TeamViewer

[2010/03/05 14:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Vivox

[2010/09/30 22:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\WhiteSmokeSetup

[2008/11/30 14:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\Workrave

[2010/12/11 18:23:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\scotttracey84@msn.co\Application Data\{D94BA408-F110-488B-A65E-3AE7945F79E6}

[2011/04/11 21:13:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

< End of report >

It did not give me the Extras file after scanning a second time (this was after running Malwarebytes), so if you would like me to post that still just let me know.

Link to post
Share on other sites

Oops, just noticed what you wrote about the Extras file after posting. Also wanted to mention that my Malwarebytes is 112 days outdated. It was unable to update. Is this due to my network cable being unplugged? Wasn't sure if I should risk plugging it back in at the moment to test it out. Anyway, here is the updated Extras file:

OTL Extras logfile created on: 4/12/2011 12:20:56 AM - Run 3

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\scotttracey84@msn.co\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free

845.00 Mb Paging File | 474.00 Mb Available in Paging File | 56.00% Paging File free

Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 10.82 Gb Free Space | 29.04% Space Free | Partition Type: NTFS

Computer Name: LOCALCOMPUTER | User Name: scotttracey84@msn.co | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

.js [@ = jsfile] -- Reg Error: Key error. File not found

.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)

.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)

hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- Reg Error: Key error.

jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe" = C:\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe:*:Enabled:SoF2MP

"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe

"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe

"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe

"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA

"C:\Program Files\BuddyBuddy\BuddyBuddy\BuddyBuddy.exe" = C:\Program Files\BuddyBuddy\BuddyBuddy\BuddyBuddy.exe:*:Enabled:BuddyBuddy Main

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\DazoinEng\TCrewOnline\TCrew_Client_R_P_Eng.exe" = C:\Program Files\DazoinEng\TCrewOnline\TCrew_Client_R_P_Eng.exe:*:Enabled:TCrew_Client

"C:\Program Files\MAIET\Gunz\GunzLauncher.exe" = C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher

"C:\ijji\ENGLISH\u_gbound.exe" = C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe

"C:\Program Files\alaplaya\S4League\S4Client.exe" = C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\aMSN\bin\wish.exe" = C:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)

"C:\Program Files\Graboid\GraboidVideo\1.4.0.0\DLManager\GraboidDLManager.exe" = C:\Program Files\Graboid\GraboidVideo\1.4.0.0\DLManager\GraboidDLManager.exe:*:Enabled:SABnzbd-0.2.5

"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird

"C:\Program Files\Graboid\GraboidVideo\1.4.0.0\GraboidClient.exe" = C:\Program Files\Graboid\GraboidVideo\1.4.0.0\GraboidClient.exe:*:Enabled:

"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager

"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify

"C:\Program Files\Gravity\RagnarokOnline\Valkyrie.exe" = C:\Program Files\Gravity\RagnarokOnline\Valkyrie.exe:*:Enabled:Valkyrie.exe

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application

"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java SE Development Kit 6 Update 20

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893

"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support

"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver

"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6

"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime

"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom NetXtreme Ethernet Controller

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes

"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup

"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4

"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{BA4DF4C3-196E-4128-969A-00996B5A46F8}" = Canon MP500

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers

"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter

"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup

"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Uninstall LG PC Suite III

"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype

Link to post
Share on other sites

Here are the results:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6365

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

4/14/2011 9:13:29 PM

mbam-log-2011-04-14 (21-13-29).txt

Scan type: Quick scan

Objects scanned: 168013

Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 14

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\wmw.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\wmw.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\scotttracey84@msn.co\Local Settings\Application Data\wmw.exe" -a "C:\Program Files\Intern) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:

c:\documents and settings\scotttracey84@msn.co\local settings\application data\paw.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\0x0409.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\config.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\data1.cab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\data1.hdr (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\data2.cab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\ISSetup.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\layout.bin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\setup.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\setup.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\setup.inx (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\setup.iss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\setup.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\scotttracey84@msn.co\application data\whitesmokesetup\setup.ocx (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Good job

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Link to post
Share on other sites

Good job

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Done! Thank you very much for your help. I'll keep these things in mind next time my computer is infected.

Link to post
Share on other sites

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.