Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Secuirty Suite Infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 mrichardson0220

mrichardson0220

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 29 August 2010 - 09:00 AM

I've been infected with AV Security Suite. I was unable to access the Internet, run Malwarebytes, AVG or HijackThis. I found a few websites to help with removal, but cannot seem to get rid of it completely. I'm able to run Malwarebytes, HijackThis and AVG, but I still cannot access the Internet. When I run Malwarebytes it comes back with no infections. When I run AVG free it comes back with 4 infections, 2 of which are unhealable/unremovable. I'm attaching a Malwarebytes, HijackThis, and AVG scan log. Thanks in advance for any assistance.

I did post this a couple of days ago, and I apologize, but I didn't attach the correct logs and I wasn't sure how to edit my original post.

I've been infected with AV Security Suite. Originally, I was unable to access the Internet, run Malwarebytes, AVG or HijackThis. I found a few websites to help with removal, but cannot seem to get rid of it completely. I'm able to run Malwarebytes, HijackThis and AVG now, but I still cannot access the Internet. When I run Malwarebytes it comes back with no infections. When I run AVG free it comes back with 4 infections, 2 of which are unhealable/unremovable. Thanks in advance for any assistance.

DDS Log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Melissa Richardson at 10:42:22.89 on Wed 09/01/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.110 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesApoint2KApoint.exe
C:WINDOWSAGRSMMSG.exe
svchost.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesHPQQuick Launch ButtonsEabServr.exe
C:PROGRA~1Yahoo!browserybrwicon.exe
C:Program FilesSBC Yahoo!Connection ManagerConnectionManager.exe
C:Program FilesJavajre6binjusched.exe
C:PROGRA~1Yahoo!browserycommon.exe
C:Program FilesLeapFrogLeapFrog ConnectMonitor.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:PROGRA~1AVGAVG9avgtray.exe
C:Program FilesApoint2KApntex.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesWindows Media PlayerWMPNSCFG.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICAA.EXE
C:Program FilesBelkinNostromonost_LM.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkCalRem.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:Program FilesJavajre6binjqs.exe
C:Program FilesLeapFrogLeapFrog ConnectCommandService.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesiPodbiniPodService.exe
E:dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
mStart Page = hxxp://yahoo.sbc.com/dsl
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:program filesyahoo!commonyiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:program filesyahoo!commonYIeTagBm.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:program filesepsonepson web-to-pageEPSON Web-To-Page.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:program filesyahoo!browserYSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpnyt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg9toolbarIEToolbar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:program filesepsonepson web-to-pageEPSON Web-To-Page.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [updateMgr] "c:program filesadobeacrobat 7.0readerAdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
uRun: [EPSON Stylus CX4400 Series] c:windowssystem32spooldriversw32x863e_faticaa.exe /fu "c:windowstempE_S28.tmp" /EF "HKCU"
uRun: [XBV6RD5SZF] c:docume~1meliss~1locals~1tempGh0.exe
mRun: [Apoint] c:program filesapoint2kApoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [nwiz] nwiz.exe /install
mRun: [Cpqset] c:program fileshpqdefault settingscpqset.exe
mRun: [UpdateManager] "c:program filescommon filessonicupdate managersgtray.exe" /r
mRun: [iTunesHelper] c:program filesitunesiTunesHelper.exe
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [eabconfg.cpl] c:program fileshpqquick launch buttonsEabServr.exe /Start
mRun: [YBrowser] c:progra~1yahoo!browserybrwicon.exe
mRun: [SBC Yahoo! Connection Manager] "c:program filessbc yahoo!connection managerConnectionManager.exe"
mRun: [IPInSightMonitor 01] "c:program filessbc yahoo!connection managerip insightIPMon32.exe"
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:program filescommon filesroxio shared9.0sharedcomRoxWatchTray9.exe"
mRun: [Monitor] "c:program filesleapfrogleapfrog connectMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:docume~1meliss~1startm~1programsstartuplimewi~1.lnk - c:program fileslimewireLimeWire.exe
StartupFolder: c:docume~1meliss~1startm~1programsstartupwkcalrem.lnk - c:program filescommon filesmicrosoft sharedworks sharedWkCalRem.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuploadou~1.lnk - c:program filesbelkinnostromonost_LM.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeoffice10OSA.EXE
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:progra~1micros~4office10EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:program filesyahoo!commonyiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office11REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
Trusted Zone: netflix.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:program filesscrabbleimagesstg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper20073151.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.21.01.0/iewwload.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:program filesscrabbleimagesarmhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F80B9305-A013-11D2-BD23-00A024978908} - file://d:vieweraccuradimage.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:program filesavgavg9toolbarIEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:program fileslogitechdesktop messenger8876480programGAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:program filescommon filesmicrosoft sharedweb foldersPKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:docume~1meliss~1applic~1mozillafirefoxprofiles136zlmc5.default
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=
FF - prefs.js: network.proxy.type - 0
FF - component: c:program filesavgavg9firefoxcomponentsavgssff.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils2.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils3.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils35.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsxpavgtbapi.dll
FF - plugin: c:documents and settingsmelissa richardsonapplication datafacebooknpfbplugin_1_0_3.dll
FF - plugin: c:program filescommon filesmotivenpMotive.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpgcplug.dll
FF - plugin: c:program filesrealrealarcadepluginsmozillanpracplug.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll
FF - plugin: c:windowssystem32c2mpnpdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=
FF - user.js: search.clsid - {F88E2E33-DCE9-473B-88BC-819B19E3AD82}
FF - user.js: search.clsid - {F88E2E33-DCE9-473B-88BC-819B19E3AD82}
FF - user.js: search.sid - 15101055100
FF - user.js: search.sid - 15101055100
FF - user.js: extensions.newAddons - false
FF - user.js: extensions.newAddons - false
FF - user.js: search.clsid - {F88E2E33-DCE9-473B-88BC-819B19E3AD82}
FF - user.js: search.sid - 15101055100
FF - user.js: extensions.newAddons - falsec:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("network.buffer.cache.count", 24);
c:program filesmozilla firefoxgreprefsall.js - pref("network.buffer.cache.size", 4096);
c:program filesmozilla firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-9-11 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-9-11 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:windowssystem32driversavgtdix.sys [2009-9-11 243024]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywareSASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2007-2-27 55024]
R2 avg9wd;AVG Free WatchDog;c:program filesavgavg9avgwdsvc.exe [2010-7-16 308136]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:program filesavgavg9toolbarToolbarBroker.exe [2010-3-23 369920]
S3 bcgame;Nostromo HID Device Minidriver;c:windowssystem32driversbcgame.sys [2003-7-23 22821]
S3 FlyUsb;FLY Fusion;c:windowssystem32driversFlyUsb.sys [2008-12-26 18560]
S3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32driversmotccgp.sys [2009-3-21 18688]
S3 motccgpfl;MotCcgpFlService;c:windowssystem32driversmotccgpfl.sys [2009-3-21 8320]
S3 MotDev;Motorola Inc. USB Device;c:windowssystem32driversmotodrv.sys [2009-3-21 42112]
S3 motport;Motorola USB Diagnostic Port;c:windowssystem32driversmotport.sys [2009-3-21 23680]
S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================


==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:windowssystem32dllcacheshell32.dll
2010-07-16 13:05:52 243024 ----a-w- c:windowssystem32driversavgtdix.sys
2010-07-16 13:05:45 12536 ----a-w- c:windowssystem32avgrsstx.dll
2010-07-16 13:03:27 216400 ----a-w- c:windowssystem32driversavgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:windowssystem32schannel.dll
2010-06-30 12:31:35 149504 ------w- c:windowssystem32dllcacheschannel.dll
2010-06-24 12:10:44 81920 ----a-w- c:windowssystem32ieencode.dll
2010-06-24 12:10:44 81920 ------w- c:windowssystem32dllcacheieencode.dll
2010-06-24 12:10:44 667136 ----a-w- c:windowssystem32wininet.dll
2010-06-24 12:10:44 667136 ------w- c:windowssystem32dllcachewininet.dll
2010-06-24 12:10:44 627712 ------w- c:windowssystem32dllcacheurlmon.dll
2010-06-24 12:10:44 3073024 ------w- c:windowssystem32dllcachemshtml.dll
2010-06-24 12:10:44 251904 ------w- c:windowssystem32dllcacheiepeers.dll
2010-06-24 12:10:44 1509888 ------w- c:windowssystem32dllcacheshdocvw.dll
2010-06-24 12:10:44 1025024 ------w- c:windowssystem32dllcachebrowseui.dll
2010-06-23 13:44:04 1851904 ----a-w- c:windowssystem32win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:windowssystem32dllcachewin32k.sys
2010-06-21 15:27:11 354304 ------w- c:windowssystem32dllcachesrv.sys
2010-06-18 13:36:12 3558912 ------w- c:windowssystem32dllcachemoviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:windowssystem32iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:windowssystem32dllcachehelpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:windowssystem32msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:windowssystem32dllcachemsxml3.dll
2007-01-26 19:52:48 774144 ----a-w- c:program filesRngInterstitial.dll

============= FINISH: 10:44:16.32 ===============

Attached Files


Edited by Pandy, 01 September 2010 - 11:48 AM.
2 topics in Malware Removal Logs Forum merged ~Pandy


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:04 PM

Posted 04 September 2010 - 06:19 AM

Hello mrichardson0220, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.



Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If any suspicious items are found, let it skip them for now
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • TDSSKilller log
  • OTL.txt
  • Extra.txt

Thanks



unite.jpg


#3 mrichardson0220

mrichardson0220
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 08 September 2010 - 09:00 AM

TDSSKiller Log
2010/09/08 09:22:05.0328 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/08 09:22:05.0328 ================================================================================
2010/09/08 09:22:05.0328 SystemInfo:
2010/09/08 09:22:05.0328
2010/09/08 09:22:05.0328 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/08 09:22:05.0328 Product type: Workstation
2010/09/08 09:22:05.0328 ComputerName: MELISSA
2010/09/08 09:22:05.0328 UserName: Melissa Richardson
2010/09/08 09:22:05.0328 Windows directory: C:\WINDOWS
2010/09/08 09:22:05.0328 System windows directory: C:\WINDOWS
2010/09/08 09:22:05.0328 Processor architecture: Intel x86
2010/09/08 09:22:05.0328 Number of processors: 1
2010/09/08 09:22:05.0328 Page size: 0x1000
2010/09/08 09:22:05.0328 Boot type: Normal boot
2010/09/08 09:22:05.0328 ================================================================================
2010/09/08 09:22:07.0796 Initialize success
2010/09/08 09:22:11.0734 ================================================================================
2010/09/08 09:22:11.0734 Scan started
2010/09/08 09:22:11.0734 Mode: Manual;
2010/09/08 09:22:11.0734 ================================================================================
2010/09/08 09:22:19.0171 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/08 09:22:19.0343 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/08 09:22:19.0546 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/09/08 09:22:19.0765 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/08 09:22:19.0890 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/08 09:22:20.0109 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/09/08 09:22:20.0609 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/08 09:22:20.0781 AmdK8 (e6a2299284013ec4de3419481a62069f) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/09/08 09:22:21.0015 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/09/08 09:22:21.0218 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/08 09:22:21.0687 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/08 09:22:21.0812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/08 09:22:22.0125 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/08 09:22:22.0281 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/08 09:22:22.0515 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/09/08 09:22:22.0656 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/09/08 09:22:22.0843 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/09/08 09:22:23.0078 bcgame (694a022f3ca43ba0a75ab85a7223cf6c) C:\WINDOWS\system32\drivers\bcgame.sys
2010/09/08 09:22:23.0281 BCM43XX (d87b4e14e890091d8e64fb5c570cf192) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/09/08 09:22:23.0468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/08 09:22:23.0625 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/08 09:22:23.0765 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/08 09:22:24.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/08 09:22:24.0187 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/08 09:22:24.0359 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2010/09/08 09:22:24.0468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/08 09:22:24.0781 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/08 09:22:24.0984 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/08 09:22:25.0515 DevUpper (5dc28c3458fcc7258edd9f817bad8cc7) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
2010/09/08 09:22:25.0750 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/08 09:22:25.0953 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/08 09:22:26.0218 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/08 09:22:26.0359 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/08 09:22:26.0468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/08 09:22:26.0765 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/08 09:22:26.0921 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
2010/09/08 09:22:27.0093 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
2010/09/08 09:22:27.0281 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/08 09:22:27.0390 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/08 09:22:27.0703 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/08 09:22:27.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/08 09:22:27.0984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/08 09:22:28.0125 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
2010/09/08 09:22:28.0343 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/08 09:22:28.0531 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/08 09:22:28.0687 GEARAspiWDM (8210b0b16e674586d331e804f81635bd) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/08 09:22:28.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/08 09:22:29.0046 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/08 09:22:29.0359 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/08 09:22:29.0765 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/08 09:22:32.0750 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/08 09:22:33.0875 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/08 09:22:34.0250 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/08 09:22:34.0375 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/08 09:22:34.0781 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/08 09:22:35.0515 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/08 09:22:36.0203 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/08 09:22:36.0937 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/08 09:22:37.0968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/08 09:22:40.0843 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/08 09:22:41.0859 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/08 09:22:42.0546 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/08 09:22:42.0890 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/08 09:22:43.0640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/08 09:22:44.0093 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/08 09:22:44.0468 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2010/09/08 09:22:45.0281 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2010/09/08 09:22:46.0468 MotDev (80bda4ac4b2834ca522b7386fc1f6a20) C:\WINDOWS\system32\DRIVERS\motodrv.sys
2010/09/08 09:22:46.0937 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/09/08 09:22:47.0421 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
2010/09/08 09:22:47.0562 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/08 09:22:47.0703 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/08 09:22:47.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/08 09:22:48.0015 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/09/08 09:22:48.0109 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/09/08 09:22:48.0265 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/08 09:22:48.0421 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/08 09:22:48.0671 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/08 09:22:48.0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/08 09:22:48.0937 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/08 09:22:49.0156 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/08 09:22:49.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/08 09:22:49.0421 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/08 09:22:49.0609 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/08 09:22:49.0828 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/08 09:22:50.0218 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/08 09:22:50.0312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/08 09:22:50.0468 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/08 09:22:50.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/08 09:22:50.0703 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/08 09:22:50.0890 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/08 09:22:51.0109 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/08 09:22:51.0234 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/08 09:22:51.0421 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/08 09:22:51.0593 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/08 09:22:51.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/08 09:22:51.0875 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/08 09:22:52.0703 nv (0aea8f9dbe202fcfeffb181e1c5cf6d2) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/08 09:22:54.0125 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2010/09/08 09:22:54.0906 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/08 09:22:55.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/08 09:22:56.0531 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/08 09:22:57.0062 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/08 09:22:57.0890 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/08 09:22:58.0421 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/08 09:22:58.0703 PCI (349b8ec80c7fe0b8d735079dc34e4c27) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/08 09:22:58.0703 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: 349b8ec80c7fe0b8d735079dc34e4c27, Fake md5: a219903ccf74233761d92bef471a07b1
2010/09/08 09:22:58.0718 PCI - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/08 09:22:58.0875 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/08 09:22:59.0093 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/08 09:22:59.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/08 09:23:00.0171 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/08 09:23:00.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/08 09:23:00.0531 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/08 09:23:00.0640 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/08 09:23:01.0765 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/08 09:23:01.0875 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/09/08 09:23:02.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/08 09:23:02.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/08 09:23:02.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/08 09:23:02.0515 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/08 09:23:02.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/08 09:23:02.0750 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/08 09:23:02.0937 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/08 09:23:03.0062 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/08 09:23:03.0234 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/08 09:23:03.0421 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/08 09:23:03.0625 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/09/08 09:23:03.0750 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/08 09:23:03.0921 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/09/08 09:23:04.0062 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/09/08 09:23:04.0421 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/08 09:23:04.0546 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/08 09:23:04.0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/08 09:23:04.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/08 09:23:05.0046 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/08 09:23:05.0281 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2010/09/08 09:23:05.0984 smwdm (f41896d591106713649b7eba668324e6) C:\WINDOWS\system32\drivers\smwdm.sys
2010/09/08 09:23:06.0484 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
2010/09/08 09:23:06.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/08 09:23:06.0890 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/08 09:23:07.0140 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/08 09:23:07.0406 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/08 09:23:07.0500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/08 09:23:07.0609 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/08 09:23:08.0375 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/08 09:23:08.0546 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/08 09:23:08.0750 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/08 09:23:08.0890 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/08 09:23:09.0078 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/08 09:23:09.0296 tiumfwl (65e8e81c2f40abce9db98fd232f86bf8) C:\WINDOWS\system32\drivers\tiumfwl.sys
2010/09/08 09:23:09.0546 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/08 09:23:09.0890 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/08 09:23:10.0046 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/08 09:23:10.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/08 09:23:10.0375 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/08 09:23:10.0500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/08 09:23:10.0687 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/08 09:23:10.0812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/08 09:23:10.0921 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/08 09:23:11.0187 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/08 09:23:11.0296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/08 09:23:11.0453 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/08 09:23:11.0640 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/08 09:23:11.0765 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/08 09:23:11.0906 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/08 09:23:12.0312 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/08 09:23:12.0687 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/08 09:23:13.0031 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/09/08 09:23:13.0250 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/08 09:23:13.0375 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/08 09:23:13.0531 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/08 09:23:13.0640 ================================================================================
2010/09/08 09:23:13.0640 Scan finished
2010/09/08 09:23:13.0640 ================================================================================
2010/09/08 09:23:13.0671 Detected object count: 1
2010/09/08 09:24:24.0625 PCI (349b8ec80c7fe0b8d735079dc34e4c27) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/08 09:24:24.0625 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: 349b8ec80c7fe0b8d735079dc34e4c27, Fake md5: a219903ccf74233761d92bef471a07b1
2010/09/08 09:24:26.0437 Backup copy found, using it..
2010/09/08 09:24:26.0468 C:\WINDOWS\system32\DRIVERS\pci.sys - will be cured after reboot
2010/09/08 09:24:26.0468 Rootkit.Win32.TDSS.tdl3(PCI) - User select action: Cure
2010/09/08 09:24:36.0015 Deinitialize success


OTL.txt
OTL logfile created on: 9/8/2010 9:31:03 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 134.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 800 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 3.37 Gb Free Space | 4.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 120.97 Mb Total Space | 111.28 Mb Free Space | 91.99% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MELISSA
Current User Name: Melissa Richardson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/08 09:20:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2010/07/16 09:06:03 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 09:05:47 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 09:05:45 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 09:05:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 09:03:26 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 09:03:19 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/10 11:14:38 | 000,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/01 06:01:00 | 000,180,736 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAA.EXE
PRC - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/03/31 11:26:50 | 000,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2004/08/19 15:50:18 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/06/23 15:23:00 | 000,015,360 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2003/12/09 15:02:04 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2003/08/19 05:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/07/14 15:55:01 | 001,028,096 | ---- | M] (SBC Yahoo!) -- C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
PRC - [2003/06/24 02:31:35 | 000,442,368 | ---- | M] () -- C:\Program Files\Belkin\Nostromo\nost_LM.exe
PRC - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/09/08 09:20:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/05/16 02:01:51 | 000,053,248 | ---- | M] (eTEK Labs) -- C:\Program Files\Belkin\Nostromo\nost_FSH.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/16 09:05:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Lvckap.sys -- (Lvckap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTAL~E\Core\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/07/16 09:05:52 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 09:03:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 10:00:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/04/20 21:33:21 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/11/25 13:39:04 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/08/21 18:49:56 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 18:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/06/07 09:53:59 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2006/02/16 18:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2004/09/03 08:52:00 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 14:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/08 14:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/14 12:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/04/07 15:22:00 | 001,382,634 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/02 10:27:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/10/07 23:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 20:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/07/23 15:16:48 | 000,022,821 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcgame.sys -- (bcgame)
DRV - [2003/06/06 16:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/02/18 20:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/17 16:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: tab@search.com:1.0
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101055100&s="
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101055100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 12:36:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/22 09:01:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/29 21:19:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 07:26:53 | 000,000,000 | ---D | M]

[2010/01/15 20:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Extensions
[2009/11/27 18:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/07/13 21:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2010/09/01 12:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Firefox\Profiles\136zlmc5.default\extensions
[2010/08/27 08:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Firefox\Profiles\136zlmc5.default\extensions\tab@search.com
[2010/09/01 12:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/26 15:52:52 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010/08/22 08:47:08 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2009/09/09 20:04:03 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..\Toolbar\WebBrowser: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No CLSID value found.
O3 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe (SBC Yahoo!)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006..\Run: [XBV6RD5SZF] C:\Documents and Settings\Melissa Richardson\Local Settings\temp\Gh0.exe (ApexDC++ Development Team)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Melissa Richardson\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Melissa Richardson\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O15 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..Trusted Domains: netflix.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\SCRABBLE\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F80B9305-A013-11D2-BD23-00A024978908} file://D:\viewer\accuradimage.cab (Accurad Image Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{104b99a2-b877-11dc-a590-000fb04bb79c}\Shell - "" = AutoRun
O33 - MountPoints2\{104b99a2-b877-11dc-a590-000fb04bb79c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{104b99a2-b877-11dc-a590-000fb04bb79c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4734c4d0-1f5a-11df-a83f-000fb04bb79c}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - (Logitech Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe - (Sony Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^Melissa Richardson^Start Menu^Programs^Startup^Multiply AutoUploader.lnk - C:\Program Files\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe - File not found
MsConfig - StartUpReg: LDM - hkey= - key= - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
MsConfig - StartUpReg: LogitechCameraAssistant - hkey= - key= - C:\Program Files\Logitech\Video\CameraAssistant.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - lvcodec2.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/27 08:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/27 08:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/27 08:17:36 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gziloa.exe
[2010/08/27 08:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\xrpwmpacr
[2010/08/27 08:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melissa Richardson\Application Data\4DE23932D8544C6B3C95288C6A681F8C
[2010/08/27 08:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/08/27 08:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\rpiylcwod
[2010/08/27 08:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\rckalqidh
[2007/01/26 15:53:02 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/08 09:30:50 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\ntuser.dat
[2010/09/08 09:25:57 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/08 09:25:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 09:25:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 09:25:46 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/08 09:24:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Melissa Richardson\ntuser.ini
[2010/09/06 20:38:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 15:46:21 | 000,990,720 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Saved Setting.doc
[2010/08/27 08:51:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 08:16:37 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gziloa.exe
[2010/08/27 08:12:09 | 064,013,829 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/27 07:48:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\prvlcl.dat
[2010/08/25 12:23:42 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 10:40:49 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Microsoft Excel.lnk
[2010/08/20 10:19:45 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Microsoft Word.lnk
[2010/08/12 03:43:03 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:22:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:18:30 | 000,506,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:18:30 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:18:30 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/30 15:46:20 | 000,990,720 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Saved Setting.doc
[2010/08/27 08:30:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 08:17:35 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/03 12:11:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/17 18:46:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\prvlcl.dat
[2010/04/20 13:02:58 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/12/11 14:28:10 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/12/07 22:41:06 | 000,004,932 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kbkwknay.ayh
[2009/12/07 21:49:25 | 002,433,024 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2009/11/21 10:51:58 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/10/27 19:22:08 | 004,835,652 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/27 19:16:44 | 001,632,375 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/10/27 19:16:12 | 000,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/27 19:10:02 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/27 18:46:26 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/27 18:28:08 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/16 19:58:06 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/16 19:57:06 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/16 19:04:24 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/16 19:04:08 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/16 19:03:48 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/16 19:03:44 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/16 19:03:40 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/16 16:53:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/16 16:53:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/16 15:40:42 | 000,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/16 15:38:20 | 000,914,464 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/11 18:10:19 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\PUTTY.RND
[2009/02/23 20:46:48 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/08/04 17:25:58 | 000,004,361 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\Microsoft Excel.NOT
[2008/08/04 17:16:29 | 000,035,995 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\Comma Separated Values (DOS).ADR
[2008/07/19 09:41:21 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/12/08 10:06:46 | 000,000,208 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/05/22 19:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/02/14 20:54:57 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\ViewerApp.dat
[2006/01/27 19:45:57 | 000,000,115 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/24 20:06:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2006/01/10 18:55:37 | 000,000,213 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/01/10 18:53:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/12/07 20:53:53 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\sdi.db
[2005/12/07 09:07:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nsprof.dll
[2005/08/18 18:33:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/10 16:50:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/03/31 20:54:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/03/31 20:53:48 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/26 21:33:59 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\wklnhst.dat
[2004/11/18 22:09:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/18 21:59:11 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/18 21:48:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/16 08:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/14 15:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/02/19 20:00:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/07 01:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 01:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/07 01:45:26 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Wirelss Settings.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\WIC_FoodCard_FINAL-2-English_287322_7.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Reading.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Order 3.14.09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\McAfee Serial Number.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Linksys Configuration.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Internet Usernames and Passwords.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Delta Sky Miles #.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Birthdays.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Activation Code 2.7.09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\2009-01-24_223837_converter_impalas.pdf:Roxio EMC Stream
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D56DDC33
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41BB3EDE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
< End of report >



Extras.txt
OTL Extras logfile created on: 9/8/2010 9:31:03 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 134.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 800 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 3.37 Gb Free Space | 4.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 120.97 Mb Total Space | 111.28 Mb Free Space | 91.99% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MELISSA
Current User Name: Melissa Richardson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1315094685-563806103-3784227781-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3724:TCP" = 3724:TCP:*:Disabled:blizzard downloader
"6112:TCP" = 6112:TCP:*:Disabled:blizzard downloader
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10305:TCP" = 10305:TCP:*:Enabled:Gnutella
"10305:UDP" = 10305:UDP:*:Enabled:gnut
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Logitech\VideoCall\VideoCall.exe" = C:\Program Files\Logitech\VideoCall\VideoCall.exe:*:Disabled:videocall.exe -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00FC6799-866E-44A1-A60C-DCF394CF56FD}" = iTunes
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}" = Nostromo Array Programming Software
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{1EABDDCB-B788-4FD2-BA76-23472D8DD1D6}" = EPSON Easy Photo Print
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}" = First Step Guide
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7228CB73-80E9-48D3-A7FD-C2A242686AB3}" = Microsoft Office Live Meeting 2005
"{7CB1E63B-C999-4D17-8133-E138F41D9ECF}" = BlackBerry Desktop Software 4.6
"{7E15C4B8-85FC-4539-94F2-8280C0B213A3}" = LeapFrog Tag Plugin
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111409220}" = Scrabble Rack Attack Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111433970}" = Scrabble Deluxe
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC33E708-A795-4AB3-908A-8F45919BC097}" = LeapFrog My Pals Plugin
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EA0D3499-6F86-4086-AA98-8C8749C25145}" = Hash Video Converter
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FDE97748-2050-47B1-9BDD-E049626FDE63}" = Smartparts Desktop
"0E5906722E3ECA13747F1633D3F55E9F47120424" = Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
"3DGroove" = 3D Groove Playback Engine
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATT-HSI" = ATT-HSI
"Aura Video Converter_is1" = Aura Video Converter 1.2.3
"Aura4You Software Manager_is1" = Aura4You Software Manager 1.0.1
"AVG9Uninstall" = AVG Free 9.0
"BitZipper_is1" = BitZipper 2009
"BlackBerry_{7CB1E63B-C999-4D17-8133-E138F41D9ECF}" = BlackBerry Desktop Software 4.6
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"HijackThis" = HijackThis 2.0.2
"InstallShield_{00FC6799-866E-44A1-A60C-DCF394CF56FD}" = iTunes
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire 5.3.6
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA GART Driver" = NVIDIA GART Driver
"PhotoParade.exe" = PhotoParade Player
"QuickTime" = QuickTime
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Switch" = Switch Sound File Converter
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebIQ" = WebIQ Client Software
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1315094685-563806103-3784227781-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2010 9:30:57 AM | Computer Name = MELISSA | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 9/8/2010 9:35:58 AM | Computer Name = MELISSA | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

[ System Events ]
Error - 9/7/2010 1:58:58 PM | Computer Name = MELISSA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 240 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/7/2010 1:58:58 PM | Computer Name = MELISSA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 240 minutes. NtpClient has no source of accurate
time.

Error - 9/7/2010 5:58:59 PM | Computer Name = MELISSA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 480 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/7/2010 5:58:59 PM | Computer Name = MELISSA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.

Error - 9/8/2010 9:19:59 AM | Computer Name = MELISSA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 9/8/2010 9:19:59 AM | Computer Name = MELISSA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 9/8/2010 9:21:10 AM | Computer Name = MELISSA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 9/8/2010 9:26:14 AM | Computer Name = MELISSA | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 9/8/2010 9:27:10 AM | Computer Name = MELISSA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 9/8/2010 9:28:32 AM | Computer Name = MELISSA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde ViaIde


< End of report >



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:04 PM

Posted 08 September 2010 - 03:15 PM

Hi,

Can you tell me how the computer is running now and if you are having any more problems?

Peer-to-Peer Programs
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Limewire). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Lvckap.sys -- (Lvckap)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys -- (FilterService)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTAL~E\Core\BVRPMPR5.SYS -- (BVRPMPR5)
    O3 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006\..\Toolbar\WebBrowser: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
    O4 - HKU\S-1-5-21-1315094685-563806103-3784227781-1006..\Run: [XBV6RD5SZF] C:\Documents and Settings\Melissa Richardson\Local Settings\temp\Gh0.exe (ApexDC++ Development Team)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    MsConfig - StartUpFolder: C:^Documents and Settings^Melissa Richardson^Start Menu^Programs^Startup^Multiply AutoUploader.lnk - C:\Program Files\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe - File not found
    MsConfig - StartUpReg: LogitechCameraAssistant - hkey= - key= - C:\Program Files\Logitech\Video\CameraAssistant.exe File not found
    Drivers32: VIDC.I420 - lvcodec2.dll File not found
    [2010/08/27 08:17:36 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gziloa.exe
    [2010/08/27 08:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\xrpwmpacr
    [2010/08/27 08:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melissa Richardson\Application Data\4DE23932D8544C6B3C95288C6A681F8C
    [2010/08/27 08:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
    [2010/08/27 08:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\rpiylcwod
    [2010/08/27 08:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\rckalqidh
    [22 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
    [2010/09/08 09:25:57 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2009/12/07 22:41:06 | 000,004,932 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kbkwknay.ayh
    :Commands
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.

unite.jpg


#5 mrichardson0220

mrichardson0220
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 08 September 2010 - 06:19 PM

I still cannot access the internet from the infected computer. When I try opening any website (i.e., msn.com, yahoo.com, att.net, etc) I get the following message every time:

Server not found
Firefox can't find the server at search.avg.com

Here are my logs.


All processes killed
========== OTL ==========
Error: No service named wanatw) WAN Miniport (ATW was found to stop!
Service\Driver key wanatw) WAN Miniport (ATW not found.
File C:\WINDOWS\System32\DRIVERS\wanatw4.sys not found.
Service SymEvent stopped successfully!
Service SymEvent deleted successfully!
File C:\Program Files\Symantec\SYMEVENT.SYS not found.
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS not found.
Service MREMPR5 stopped successfully!
Service MREMPR5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS not found.
Service Lvckap stopped successfully!
Service Lvckap deleted successfully!
File C:\WINDOWS\System32\drivers\Lvckap.sys not found.
Service FilterService stopped successfully!
Service FilterService deleted successfully!
File C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys not found.
Service BVRPMPR5 stopped successfully!
Service BVRPMPR5 deleted successfully!
File D:\INSTAL~E\Core\BVRPMPR5.SYS not found.
Registry value HKEY_USERS\S-1-5-21-1315094685-563806103-3784227781-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1315094685-563806103-3784227781-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1315094685-563806103-3784227781-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1315094685-563806103-3784227781-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8B79EE88-E62D-4AA8-B530-CC357BA112B7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B79EE88-E62D-4AA8-B530-CC357BA112B7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1315094685-563806103-3784227781-1006\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1315094685-563806103-3784227781-1006\Software\Microsoft\Windows\CurrentVersion\Run\\XBV6RD5SZF deleted successfully.
C:\Documents and Settings\Melissa Richardson\Local Settings\temp\Gh0.exe moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^Melissa Richardson^Start Menu^Programs^Startup^Multiply AutoUploader.lnk\ deleted successfully.
C:\WINDOWS\pss\Multiply AutoUploader.lnkStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LogitechCameraAssistant\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.I420 deleted successfully.
C:\WINDOWS\Gziloa.exe moved successfully.
C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\xrpwmpacr folder moved successfully.
C:\Documents and Settings\Melissa Richardson\Application Data\4DE23932D8544C6B3C95288C6A681F8C folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Update folder moved successfully.
C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\rpiylcwod folder moved successfully.
C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\rckalqidh folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ISx33.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx34.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx37.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx3F.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx40.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx41.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx42.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx43.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx4D.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx4E.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx51.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx5D.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx61.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx62.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx63.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx64.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx8A.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISx8B.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISxA0.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISxA1.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISxB5.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ISxB6.tmp deleted successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Documents and Settings\All Users\Application Data\kbkwknay.ayh moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Melissa Richardson
->Temp folder emptied: 563509851 bytes
->Temporary Internet Files folder emptied: 120270262 bytes
->Java cache emptied: 99702493 bytes
->FireFox cache emptied: 37178151 bytes
->Flash cache emptied: 1794612 bytes

User: NetworkService
->Temp folder emptied: 66268 bytes
->Temporary Internet Files folder emptied: 1961657 bytes
->Flash cache emptied: 1200 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 313566 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8137332 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 63969114 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4214404349 bytes

Total Files Cleaned = 4,875.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Melissa Richardson
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09082010_183828

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\YVSV47MB\main_2;sz=480x70;mpvid=AAR6n24AJ3jTg2L_;!c=2;k2=590;k3=590;klg=en;kvid=hMnk7lh9M3o;ctb=1;kr=F;kt=K;ko=c;kpid=2;kga=-1;shortform=1;u=hMnk7lh9M3o_2;kgg=-1;kcr=us;afv=1;khd[1].asx not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\YVSV47MB\publicsafety_crimejustice;sz=300x250;klg=en;kt=K;kga=-1;kr=F;kw=inmates+dancing;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=4485247675018191[2] not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\WF8R43KH\main_2;sz=300x250;mpvid=AAR6n24AJ3jTg2L_;!c=2;k2=590;k3=590;klg=en;kvid=hMnk7lh9M3o;ctb=1;kr=F;kt=K;ko=c;kpid=2;kga=-1;shortform=1;u=hMnk7lh9M3o_2;kgg=-1;kcr=us;afv=1;kh[1].htm not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\WBIHM327\main_2;sz=450x60;mpvid=AAR6n24AJ3jTg2L_;!c=2;k2=590;k3=590;klg=en;kvid=hMnk7lh9M3o;ctb=1;kr=F;kt=K;ko=c;kpid=2;kga=-1;shortform=1;u=hMnk7lh9M3o_2;kgg=-1;kcr=us;afv=1;khd[1].asx not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E5OBKB4F\1260661101&ga_hid=32813645&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1024&u_w=1280&u_ah=986&u_aw=1280&u_cd=32&u_nplug=0&u_nmime=0&biw=1047&bih=695&ifk=2720262309&fu=0&ifi=1&dtd=484 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E5OBKB4F\CAWDPDL6.jsp&id=9461242261&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E5OBKB4F\flowersgiftsgreetings_partiesoccasions;sz=300x250;klg=en;kt=K;kga=-1;kr=F;kw=party+in+the+usa;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=4879165294[1] not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E5OBKB4F\my_heads;sec0=my_account;sec1=my_heads;pos=atf;tag=adj;mtype=standard;tile=3;sz=160x600;u=_sec0-my_account_sec1-my_heads_pos-atf_tag-adj_mtype-standard_sz-160x600_tile-3[2] not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E5OBKB4F\uestid%3D702865&id=2105005472&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E5OBKB4F\uestid%3D702919&id=1991291515&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E5OBKB4F\uestid%3D702984&id=9447391214&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E5OBKB4F\uestid%3D703039&id=7611693204&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E16VSZQR\CAM827QH.jsp&id=2323397219&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E16VSZQR\everyday_fun;sec0=everyday_fun;sec1=everyday_fun;pos=atf;tag=adj;mtype=standard;tile=2;sz=88x31;u=_sec0-everyday_fun_sec1-everyday_fun_pos-atf_tag-adj_mtype-standard_sz-[2] not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E16VSZQR\uestid%3D702865&id=2105005472&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E16VSZQR\uestid%3D702919&id=1991291515&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\E16VSZQR\uestid%3D703039&id=7611693204&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBW5A9OJ\CAGVO3QZ.jsp&id=2323397219&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBW5A9OJ\CAZD99CT.jsp&id=9461242261&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBW5A9OJ\my_ecards;sec0=my_account;sec1=my_ecards;pos=atf;tag=adj;mtype=standard;tile=3;sz=160x600;u=_sec0-my_account_sec1-my_ecards_pos-atf_tag-adj_mtype-standard_sz-160x600_til[1] not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBW5A9OJ\my_heads;sec0=my_account;sec1=my_heads;pos=atf;tag=adj;mtype=standard;tile=3;sz=160x600;u=_sec0-my_account_sec1-my_heads_pos-atf_tag-adj_mtype-standard_sz-160x600_tile-3[1] not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBW5A9OJ\uestid%3D702865&id=2105005472&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBW5A9OJ\uestid%3D703039&id=7611693204&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\2VEPQ5AH\uestid%3D702919&id=1991291515&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\2VEPQ5AH\uestid%3D703032&id=7128875833&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!
File\Folder C:\Documents and Settings\Melissa Richardson\Local Settings\Temp\Temporary Internet Files\Content.IE5\2VEPQ5AH\uestid%3D703039&id=7611693204&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-uverse-residential-english&activePlugin=none&cobrowse=true&pageWindowName=1260672112078 not found!

Registry entries deleted on Reboot...


OTL Log
OTL logfile created on: 9/8/2010 6:58:44 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 800 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 8.11 Gb Free Space | 10.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 120.97 Mb Total Space | 109.38 Mb Free Space | 90.42% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MELISSA
Current User Name: Melissa Richardson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/08 09:20:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2010/07/16 09:06:03 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 09:05:47 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 09:05:45 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 09:05:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 09:03:26 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 09:03:19 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/10 11:14:38 | 000,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/03/31 11:26:50 | 000,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2004/08/19 15:50:18 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/06/23 15:23:00 | 000,015,360 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2003/12/09 15:02:04 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2003/07/14 15:55:01 | 001,028,096 | ---- | M] (SBC Yahoo!) -- C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
PRC - [2003/06/24 02:31:35 | 000,442,368 | ---- | M] () -- C:\Program Files\Belkin\Nostromo\nost_LM.exe
PRC - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/09/08 09:20:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/05/16 02:01:51 | 000,053,248 | ---- | M] (eTEK Labs) -- C:\Program Files\Belkin\Nostromo\nost_FSH.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/16 09:05:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/07/16 09:05:52 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 09:03:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 10:00:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/04/20 21:33:21 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/11/25 13:39:04 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/08/21 18:49:56 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 18:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/06/07 09:53:59 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2006/02/16 18:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2004/09/03 08:52:00 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 14:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/08 14:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/14 12:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/04/07 15:22:00 | 001,382,634 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/02 10:27:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/10/07 23:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 20:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/07/23 15:16:48 | 000,022,821 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcgame.sys -- (bcgame)
DRV - [2003/06/06 16:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/02/18 20:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/17 16:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: tab@search.com:1.0
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101055100&s="
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101055100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 12:36:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/22 09:01:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/29 21:19:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 07:26:53 | 000,000,000 | ---D | M]

[2010/01/15 20:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Extensions
[2009/11/27 18:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/07/13 21:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2010/09/08 10:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Firefox\Profiles\136zlmc5.default\extensions
[2010/08/27 08:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Firefox\Profiles\136zlmc5.default\extensions\tab@search.com
[2010/09/08 10:16:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/26 15:52:52 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010/08/22 08:47:08 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2009/09/09 20:04:03 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe (SBC Yahoo!)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - HKCU..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Melissa Richardson\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Melissa Richardson\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: netflix.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\SCRABBLE\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F80B9305-A013-11D2-BD23-00A024978908} file://D:\viewer\accuradimage.cab (Accurad Image Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{104b99a2-b877-11dc-a590-000fb04bb79c}\Shell - "" = AutoRun
O33 - MountPoints2\{104b99a2-b877-11dc-a590-000fb04bb79c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{104b99a2-b877-11dc-a590-000fb04bb79c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4734c4d0-1f5a-11df-a83f-000fb04bb79c}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/27 08:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/27 08:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2007/01/26 15:53:02 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2010/09/08 18:51:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 18:51:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 18:51:04 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/08 18:49:51 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\ntuser.dat
[2010/09/08 18:49:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Melissa Richardson\ntuser.ini
[2010/09/06 20:38:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 15:46:21 | 000,990,720 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Saved Setting.doc
[2010/08/27 08:51:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 08:12:09 | 064,013,829 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/27 07:48:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\prvlcl.dat
[2010/08/25 12:23:42 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 10:40:49 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Microsoft Excel.lnk
[2010/08/20 10:19:45 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Microsoft Word.lnk
[2010/08/12 03:43:03 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:22:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:18:30 | 000,506,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:18:30 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:18:30 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/08/30 15:46:20 | 000,990,720 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Saved Setting.doc
[2010/08/27 08:30:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/03 12:11:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/17 18:46:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\prvlcl.dat
[2010/04/20 13:02:58 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/12/11 14:28:10 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/12/07 21:49:25 | 002,433,024 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2009/11/21 10:51:58 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/10/27 19:22:08 | 004,835,652 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/27 19:16:44 | 001,632,375 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/10/27 19:16:12 | 000,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/27 19:10:02 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/27 18:46:26 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/27 18:28:08 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/16 19:58:06 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/16 19:57:06 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/16 19:04:24 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/16 19:04:08 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/16 19:03:48 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/16 19:03:44 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/16 19:03:40 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/16 16:53:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/16 16:53:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/16 15:40:42 | 000,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/16 15:38:20 | 000,914,464 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/11 18:10:19 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\PUTTY.RND
[2009/02/23 20:46:48 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/08/04 17:25:58 | 000,004,361 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\Microsoft Excel.NOT
[2008/08/04 17:16:29 | 000,035,995 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\Comma Separated Values (DOS).ADR
[2008/07/19 09:41:21 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/12/08 10:06:46 | 000,000,208 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/05/22 19:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/02/14 20:54:57 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\ViewerApp.dat
[2006/01/27 19:45:57 | 000,000,115 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/24 20:06:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2006/01/10 18:55:37 | 000,000,213 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/01/10 18:53:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/12/07 20:53:53 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\sdi.db
[2005/12/07 09:07:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nsprof.dll
[2005/08/18 18:33:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/10 16:50:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/03/31 20:54:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/03/31 20:53:48 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/26 21:33:59 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\wklnhst.dat
[2004/11/18 22:09:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/18 21:59:11 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/18 21:48:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/16 08:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/14 15:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/02/19 20:00:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Wirelss Settings.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\WIC_FoodCard_FINAL-2-English_287322_7.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Reading.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Order 3.14.09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\McAfee Serial Number.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Linksys Configuration.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Internet Usernames and Passwords.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Delta Sky Miles #.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Birthdays.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Activation Code 2.7.09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\2009-01-24_223837_converter_impalas.pdf:Roxio EMC Stream
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D56DDC33
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41BB3EDE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
< End of report >



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:04 PM

Posted 09 September 2010 - 06:00 AM

Go to Start>>Run and type cmd into the run box.
When the command prompt opens, type the following then press enter after each one.

ipconfig /release

ipconfig /flushdns

ipconfig /renew

Let me know if you can now connect to the internet.


unite.jpg


#7 mrichardson0220

mrichardson0220
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 09 September 2010 - 08:14 AM

When I tried all three of them it gave me the error that the operation failed. I opened up my network connections and looked at the TCP/IP properties. There was an IP Address(192.168.1.111), Subnet Mask(255.255.255.0) and Default Gateway(192.168.1.1) entered in instead it obtaining the addresses automatically (I thought I had it set to automatically, but cannot be 100% sure). Could the virus have changed this? I changed it to obtain the IP Address automatically and now I can connect to the internet. Thank you so much for your help. Do you think I should update/run my AVG Free software and/or can you suggest another free anti-virus software until I can purchase something? What do you suggest for purchasing? Do you think my system is clean of the infection?

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:04 PM

Posted 09 September 2010 - 08:39 AM

I personally am not a fan of AVG, it seems a bit bloated to me. I currently use Comodo for my AntiVirus and Firewall and
would recommend it. I don't think it is really necessary to purchase an AV, but if I did it would be Kaspersky, but these
are just my personal preferences.

I would like to do one more check to make sure you are clean, so please update and run a full scan with your AV, then
post back with the results, if it finds anything and a new DDS log.

unite.jpg


#9 mrichardson0220

mrichardson0220
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 09 September 2010 - 05:50 PM

I updated and ran AVG. The first scan came back with 5 infections, 3 spyware and 1 information which I chose to remove.

Infection
C:\WINDOWS\system32\spool\prtprocs\w32x86\s3eIQ3179.dll Trojan horse Agent2.BHLX
C:\WINDOWS\system32\spool\prtprocs\w32x86\qG1iQGMY9.dll Trojan horse Agent2.BHLX
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1094\A0174221.exe Trojan horse Generic19.ACY
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1094\A0174220.exe Trojan horse Generic19.GB
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1087\A0172885.dll Trojan horse Agent2.BHLX

Spyware
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1088\A0173987.exe Adware Generic4.AMOH
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1088\A0173986.exe Adware Generic4.AMOH
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1088\A0173985.exe Adware Generic4.AMOH

Information
C:\SWSETUP\Audio\269601USA8.EXE The file is signed with a broken digital signature, issued by: Microsoft Corporation


I ran the scan again and I had 2 infections and 1 information item.

Infection
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1095\A0174337.dll Trojan horse Agent2.BHLX
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1095\A0174336.dll Trojan horse Agent2.BHLX

Information
C:\SWSETUP\Audio\269601USA8.EXE The file is signed with a broken digital signature, issued by: Microsoft Corporation


I ran the scan a two more times and both times had the same information item.

Information
C:\SWSETUP\Audio\269601USA8.EXE The file is signed with a broken digital signature, issued by: Microsoft Corporation




DDS (Ver_10-03-17.01) - NTFSx86
Run by Melissa Richardson at 18:46:33.37 on Thu 09/09/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.121 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
mStart Page = hxxp://yahoo.sbc.com/dsl
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [EPSON Stylus CX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticaa.exe /fu "c:\windows\temp\E_S28.tmp" /EF "HKCU"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [nwiz] nwiz.exe /install
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [SBC Yahoo! Connection Manager] "c:\program files\sbc yahoo!\connection manager\ConnectionManager.exe"
mRun: [IPInSightMonitor 01] "c:\program files\sbc yahoo!\connection manager\ip insight\IPMon32.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\meliss~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\meliss~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\loadou~1.lnk - c:\program files\belkin\nostromo\nost_LM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: netflix.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\scrabble\images\stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.21.01.0/iewwload.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\scrabble\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F80B9305-A013-11D2-BD23-00A024978908} - file://d:\viewer\accuradimage.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\meliss~1\applic~1\mozilla\firefox\profiles\136zlmc5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\melissa richardson\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=
FF - user.js: search.clsid - {F88E2E33-DCE9-473B-88BC-819B19E3AD82}
FF - user.js: search.clsid - {F88E2E33-DCE9-473B-88BC-819B19E3AD82}
FF - user.js: search.sid - 15101055100
FF - user.js: search.sid - 15101055100
FF - user.js: extensions.newAddons - false
FF - user.js: extensions.newAddons - false
FF - user.js: search.clsid - {F88E2E33-DCE9-473B-88BC-819B19E3AD82}
FF - user.js: search.sid - 15101055100
FF - user.js: extensions.newAddons - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-11 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-11 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-11 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-3-23 369920]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-7-23 22821]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-26 18560]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-3-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-3-21 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-3-21 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-3-21 23680]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================


==================== Find3M ====================

2010-09-08 13:25:13 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-16 13:05:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:05:45 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:03:27 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 12:10:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10:44 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10:44 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:10:44 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:10:44 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:10:44 251904 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:10:44 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-06-24 12:10:44 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2007-01-26 19:52:48 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 18:48:06.34 ===============


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:04 PM

Posted 10 September 2010 - 12:22 PM

Just a couple more bits there to clean up.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101055100&s="
    FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101055100&s="
    O33 - MountPoints2\{4734c4d0-1f5a-11df-a83f-000fb04bb79c}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
    [2010/04/20 13:02:58 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2009/12/11 14:28:10 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.

Edited by syler, 10 September 2010 - 12:24 PM.

unite.jpg


#11 mrichardson0220

mrichardson0220
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 10 September 2010 - 03:54 PM

Everything seems to be running fine. I'm still very paranoid that someone is "watching" me. I know you said before there was no 100% guarantee that my computer would be clean/secure. If I decided to reformat the computer, would it then be 100% secure?

All processes killed
========== OTL ==========
Prefs.js: "http://search.search-go.net/?sid=10101055100&s=" removed from keyword.URL
C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\FireFox\Profiles\136zlmc5.default\user.js moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4734c4d0-1f5a-11df-a83f-000fb04bb79c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4734c4d0-1f5a-11df-a83f-000fb04bb79c}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File E:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
File F:\Setup.exe not found.
C:\WINDOWS\jestertb.dll moved successfully.
C:\WINDOWS\_delis32.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Melissa Richardson
->Temp folder emptied: 413846 bytes
->Temporary Internet Files folder emptied: 33218 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 95165215 bytes
->Flash cache emptied: 3302 bytes

User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 91.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09102010_153116

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL logfile created on: 9/10/2010 3:39:15 PM - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 22.00 Mb Available Physical Memory | 4.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 800 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 7.93 Gb Free Space | 10.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 120.97 Mb Total Space | 94.03 Mb Free Space | 77.73% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MELISSA
Current User Name: Melissa Richardson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/10 07:54:23 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/10 07:54:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/08 09:20:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2010/07/16 09:06:03 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 09:05:47 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 09:05:45 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 09:05:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 09:03:26 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 09:03:19 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/10 11:14:38 | 000,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/03/31 11:26:50 | 000,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2004/08/19 15:50:18 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/06/23 15:23:00 | 000,015,360 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2003/12/09 15:02:04 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2003/08/19 05:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/07/14 15:55:01 | 001,028,096 | ---- | M] (SBC Yahoo!) -- C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
PRC - [2003/06/24 02:31:35 | 000,442,368 | ---- | M] () -- C:\Program Files\Belkin\Nostromo\nost_LM.exe
PRC - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/09/08 09:20:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/05/16 02:01:51 | 000,053,248 | ---- | M] (eTEK Labs) -- C:\Program Files\Belkin\Nostromo\nost_FSH.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/16 09:05:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Start_Pending] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/07/16 09:05:52 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 09:03:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 10:00:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/04/20 21:33:21 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/11/25 13:39:04 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/08/21 18:49:56 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 18:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/06/07 09:53:59 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2006/02/16 18:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2004/09/03 08:52:00 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 14:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/08 14:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/14 12:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/04/07 15:22:00 | 001,382,634 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/02 10:27:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/10/07 23:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 20:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/07/23 15:16:48 | 000,022,821 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcgame.sys -- (bcgame)
DRV - [2003/06/06 16:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/02/18 20:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/17 16:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: tab@search.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 12:36:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/22 09:01:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/10 08:13:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/10 15:25:56 | 000,000,000 | ---D | M]

[2010/01/15 20:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Extensions
[2009/11/27 18:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/07/13 21:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2010/09/10 15:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Firefox\Profiles\136zlmc5.default\extensions
[2010/08/27 08:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Richardson\Application Data\Mozilla\Firefox\Profiles\136zlmc5.default\extensions\tab@search.com
[2010/09/10 15:28:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/10 15:26:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/10 15:25:22 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/26 15:52:52 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010/08/22 08:47:08 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2009/09/09 20:04:03 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe (SBC Yahoo!)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - HKCU..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Melissa Richardson\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Melissa Richardson\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: netflix.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\SCRABBLE\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F80B9305-A013-11D2-BD23-00A024978908} file://D:\viewer\accuradimage.cab (Accurad Image Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{104b99a2-b877-11dc-a590-000fb04bb79c}\Shell - "" = AutoRun
O33 - MountPoints2\{104b99a2-b877-11dc-a590-000fb04bb79c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{104b99a2-b877-11dc-a590-000fb04bb79c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/10 15:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/10 15:25:56 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/10 15:25:56 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/09/10 15:25:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/10 15:25:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/10 15:25:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/27 08:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/27 08:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2007/01/26 15:53:02 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2010/09/10 15:33:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/10 15:33:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 15:33:43 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 15:32:32 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\ntuser.dat
[2010/09/10 15:32:32 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Melissa Richardson\ntuser.ini
[2010/09/10 15:25:22 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/10 15:25:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/10 15:25:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/10 15:25:22 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/09/10 15:25:21 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/10 15:03:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\prvlcl.dat
[2010/09/10 08:21:32 | 064,510,518 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/09 14:49:35 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Reply.doc
[2010/09/09 12:37:48 | 000,009,972 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Desktop\AVG Scan.csv
[2010/09/06 20:38:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 15:46:21 | 000,990,720 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Saved Setting.doc
[2010/08/27 08:51:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 12:23:42 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 10:40:49 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Microsoft Excel.lnk
[2010/08/20 10:19:45 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Microsoft Word.lnk
[2010/08/12 03:43:03 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:22:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:18:30 | 000,506,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:18:30 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:18:30 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/09/09 14:49:34 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Reply.doc
[2010/09/09 12:37:48 | 000,009,972 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Desktop\AVG Scan.csv
[2010/08/30 15:46:20 | 000,990,720 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Desktop\Saved Setting.doc
[2010/08/27 08:30:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/03 12:11:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/17 18:46:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\prvlcl.dat
[2009/12/07 21:49:25 | 002,433,024 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2009/11/21 10:51:58 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/10/27 19:22:08 | 004,835,652 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/27 19:16:44 | 001,632,375 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/10/27 19:16:12 | 000,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/27 19:10:02 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/27 18:46:26 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/27 18:28:08 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/16 19:58:06 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/16 19:57:06 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/16 19:04:24 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/16 19:04:08 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/16 19:03:48 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/16 19:03:44 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/16 19:03:40 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/16 16:53:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/16 16:53:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/16 15:40:42 | 000,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/16 15:38:20 | 000,914,464 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/11 18:10:19 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\PUTTY.RND
[2009/02/23 20:46:48 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/08/04 17:25:58 | 000,004,361 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\Microsoft Excel.NOT
[2008/08/04 17:16:29 | 000,035,995 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\Comma Separated Values (DOS).ADR
[2008/07/19 09:41:21 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/12/08 10:06:46 | 000,000,208 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/05/22 19:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/02/14 20:54:57 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\ViewerApp.dat
[2006/01/27 19:45:57 | 000,000,115 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/24 20:06:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2006/01/10 18:55:37 | 000,000,213 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/01/10 18:53:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/12/07 20:53:53 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\sdi.db
[2005/12/07 09:07:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nsprof.dll
[2005/08/18 18:33:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/10 16:50:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/03/31 20:54:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/03/31 20:53:48 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/26 21:33:59 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\Melissa Richardson\Application Data\wklnhst.dat
[2004/11/18 22:09:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/18 21:59:11 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/18 21:48:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/16 08:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/14 15:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/02/19 20:00:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Wirelss Settings.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\WIC_FoodCard_FINAL-2-English_287322_7.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Reading.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Order 3.14.09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\McAfee Serial Number.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Linksys Configuration.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Internet Usernames and Passwords.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Delta Sky Miles #.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Birthdays.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\Activation Code 2.7.09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Melissa Richardson\My Documents\2009-01-24_223837_converter_impalas.pdf:Roxio EMC Stream
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D56DDC33
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41BB3EDE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
< End of report >


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:04 PM

Posted 10 September 2010 - 05:35 PM

If you decide to go ahead and format, your system will be 100% clean for sure.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will
prevent you from getting the malware which uses vulnerabilities found in windows to exploit your computer.
The easiest way to do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware
to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed
applications that are regularly patched to fix vulnerabilities. You can check these by visiting
Calendar of Updates or you can install Secunia PSI.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall
your computer is susceptible to being hacked and taken over. Windows firewall is good for blocking inbound
connections but it does not block outbound connections. So if Malware manages to get onto your computer it
will be able to send data out when it wants. Here are some free firewalls, you only need to install one of these.

Zone Alarm
Outpost
PC Tools

After you install the third party firewall disable your Windows firewall. Go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically
mean that, what you are doing will not make a permenant changes to your system, unless you allow it too.
So you can be surfing the web inside Sandboxie then if you happen to stumble upon a bad site and get
infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be considered 100%
secure as no program can be, but it can be a great help and is an excellent program. You can find a download
link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install
Firefox and install some addons that will make the browser even safer. You can download the latest version
of Firefox here, if you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#13 mrichardson0220

mrichardson0220
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 14 September 2010 - 09:09 PM

Thank you so much for all of your help. Things seem to be fine, but until I can reinstall Windows, I'm only browsing on the web when necessary. I did download the items you suggested for the meantime. Thanks again for getting me clean! thumbup.gif

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:04 PM

Posted 15 September 2010 - 06:24 AM

You're very welcome smile.gif

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users