Remove-Malware.com Forums

[ZOU]

Avira found 12 problems. They are not false positives.

MBAM found 9

SAS found 2 Malware.Trace



HitMan Pro found Alureon Rootkit (possible variant of TDL3), Invalid security zone that is inhibiting active X controls on Microsoft Mgmt Console, and Master Boot Record Sector 0 Rootkit.

Chrome will not connect to the internet. Mozilla is stubborn and I am getting redirects. Opera was working but will not now. I am currently using Mozilla. When I plug in my USB stick the drive will not show up under My Computer. I tried 2 different sticks and the same result. You Tube will not work right.


I ran MBAM, Avira and SAS in safe mode. All that they detect has been removed, as far as those three scanners detect.

Here are the MBAM results:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5522

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/15/2011 12:56:15 PM
mbam-log-2011-01-15 (12-56-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 180162
Time elapsed: 19 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack.Gen) -> Delete on reboot.
c:\system volume information\_restore{9f625216-922b-4b93-96d3-bf83d7ca5179}\RP142\A0008791.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{9f625216-922b-4b93-96d3-bf83d7ca5179}\RP142\A0008793.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{9f625216-922b-4b93-96d3-bf83d7ca5179}\RP142\A0008795.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{9f625216-922b-4b93-96d3-bf83d7ca5179}\RP142\A0008797.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{9f625216-922b-4b93-96d3-bf83d7ca5179}\RP142\A0008799.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{9f625216-922b-4b93-96d3-bf83d7ca5179}\RP142\A0008801.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{9f625216-922b-4b93-96d3-bf83d7ca5179}\RP142\A0008803.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\Tmb.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.


Here are Avira's results:



Avira AntiVir Personal
Report file date: Saturday, January 15, 2011 15:07

Scanning for 2370917 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Safe mode
Username : Scott
Computer name : SCOTT-981B04019

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/8/2010 15:31:15
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/19/2010 13:18:12
LUKE.DLL : 10.0.3.2 104296 Bytes 12/8/2010 15:31:19
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:01:51
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 16:01:51
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 16:01:51
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 16:01:51
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 16:01:51
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 16:01:51
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 16:01:51
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 16:01:52
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 16:01:52
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 16:01:52
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 16:01:52
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 16:01:52
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 10:04:30
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 02:18:04
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 01:13:19
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 10:06:09
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 13:46:42
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 20:32:03
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 20:32:00
VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 20:31:58
VBASE021.VDF : 7.11.1.65 140800 Bytes 1/10/2011 20:32:02
VBASE022.VDF : 7.11.1.87 225280 Bytes 1/11/2011 20:32:04
VBASE023.VDF : 7.11.1.124 125440 Bytes 1/14/2011 20:31:23
VBASE024.VDF : 7.11.1.125 2048 Bytes 1/14/2011 20:31:24
VBASE025.VDF : 7.11.1.126 2048 Bytes 1/14/2011 20:31:24
VBASE026.VDF : 7.11.1.127 2048 Bytes 1/14/2011 20:31:24
VBASE027.VDF : 7.11.1.128 2048 Bytes 1/14/2011 20:31:24
VBASE028.VDF : 7.11.1.129 2048 Bytes 1/14/2011 20:31:24
VBASE029.VDF : 7.11.1.130 2048 Bytes 1/14/2011 20:31:24
VBASE030.VDF : 7.11.1.131 2048 Bytes 1/14/2011 20:31:24
VBASE031.VDF : 7.11.1.145 57344 Bytes 1/15/2011 19:17:34
Engineversion : 8.2.4.140
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/29/2010 23:02:03
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 1/6/2011 20:32:37
AESCN.DLL : 8.1.7.2 127349 Bytes 11/23/2010 11:47:10
AESBX.DLL : 8.1.3.2 254324 Bytes 11/23/2010 11:47:21
AERDL.DLL : 8.1.9.2 635252 Bytes 9/21/2010 17:03:30
AEPACK.DLL : 8.2.4.7 512375 Bytes 12/30/2010 13:48:08
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/23/2010 11:47:08
AEHEUR.DLL : 8.1.2.64 3154294 Bytes 1/6/2011 20:32:29
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/3/2010 02:56:20
AEGEN.DLL : 8.1.5.1 397683 Bytes 1/6/2011 20:32:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/23/2010 11:46:36
AECORE.DLL : 8.1.19.0 196984 Bytes 12/3/2010 02:56:16
AEBB.DLL : 8.1.1.0 53618 Bytes 4/25/2010 18:12:09
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 11/3/2010 09:01:47
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/8/2010 15:31:16
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/8/2010 15:30:45
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/3/2010 09:01:46

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Saturday, January 15, 2011 15:07

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'taskmgr.exe' - '34' Module(s) have been scanned
Scan process 'avscan.exe' - '69' Module(s) have been scanned
Scan process 'avcenter.exe' - '67' Module(s) have been scanned
Scan process 'Explorer.EXE' - '84' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'lsass.exe' - '52' Module(s) have been scanned
Scan process 'services.exe' - '34' Module(s) have been scanned
Scan process 'winlogon.exe' - '63' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '434' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\4c562fca-52c4f847
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnecti.A Java virus
--> cpak/Crimepack$1.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnecti.A Java virus
--> cpak/KAVS.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnection.AH Java virus
--> cpak/Crimepack.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.AB.1 Java virus
[NOTE] A backup was created as '4e0f7967.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\50\170b44f2-1b9abc3a
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.C exploit
--> Exploit$1$1.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.C exploit
--> Exploit$1.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.AF exploit
--> Exploit$2.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.D exploit
--> Exploit.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.A Java virus
--> PayloadCreater.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.C Java virus
--> PayloadClassLoader.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.B Java virus
--> Payloader.class
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.D Java virus
--> payload.ser
[DETECTION] Contains recognition pattern of the JAVA/CV-2010-0094.E Java virus
[NOTE] A backup was created as '569f572c.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\58413909-55f76746
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.AD.1 Java virus
--> goog/main.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.AD.1 Java virus
[NOTE] A backup was created as '04c40dc5.qua' ( QUARANTINE )
[NOTE] The file was deleted!


End of the scan: Saturday, January 15, 2011 15:40
Used time: 32:33 Minute(s)

The scan has been done completely.

4648 Scanned directories
148430 Files were scanned
12 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
3 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
148418 Files not concerned
734 Archives were scanned
0 Warnings
3 Notes

[ZOU]

I am currently scanning with the updated version of OTL. I will have the results mometarily.


I am trying to post these OTL results but when I press SUBMIT I get a message in red letters that says it will not post because there are too many URL's.

[pranaygtr]

There is a 7 URL limit per post.

Try entering the OTL log in the Code Tags.

[ZOU]

I tried it with code tags and received a "General Error"


I am trying to get GMER to run and it keeps acting up. I tried reinstalling it but it makes no difference. Darn it.


I am going to eat dinner. I will be around in about an hour or so.

The following post is the beginning of several posts in an effort to display the OTL notepad.

[ZOU]

Code: Select all

OTL logfile created on: 1/15/2011 5:45:53 PM - Run 2
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 218.16 Gb Free Space | 93.68% Space Free | Partition Type: NTFS

Computer Name: SCOTT-981B04019 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Documents and Settings\Scott\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\temp\rrxv\setup.exe ()
PRC - C:\WINDOWS\temp\explorer.exe ()
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\WUSB300N\WUSB300N.exe (Linksys)
PRC - C:\Program Files\Linksys\WUSB300N\WLService.exe ()


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Documents and Settings\Scott\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\AppPatch\AcGenral.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (WUSB300NSvc) --  File not found
SRV - (Lavasoft Ad-Aware Service) --  File not found
SRV - (HidServ) --  File not found
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ftsata2) -- C:\WINDOWS\System32\drivers\ftsata2.sys (Promise Technology, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (MRVW245) -- C:\WINDOWS\system32\drivers\MRVW245.sys (Marvell Semiconductor, Inc)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-1085031214-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1214440339-1085031214-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1214440339-1085031214-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z003&form=ZGAPHP
IE - HKU\S-1-5-21-1214440339-1085031214-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKU\S-1-5-21-1214440339-1085031214-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: realurl@rod.whiteley:0.52
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z003&form=ZGAADF&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 11:20:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 11:20:21 | 000,000,000 | ---D | M]

[2009/06/21 09:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Extensions
[2011/01/14 18:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\viknek8k.default\extensions
[2009/09/06 20:47:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\viknek8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/08/14 01:42:26 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\viknek8k.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/07/30 19:21:50 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\viknek8k.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/01/19 07:24:37 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\viknek8k.default\extensions\keyscrambler@qfx.software.corporation
[2010/02/09 23:20:51 | 000,000,000 | ---D | M] ("TheRealURL") -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\viknek8k.default\extensions\realurl@rod.whiteley
[2011/01/13 20:08:02 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\viknek8k.default\searchplugins\bing-zugo.xml
[2011/01/14 18:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/07 04:12:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 17:09:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 13:31:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/15 21:54:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/04/08 19:28:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/02 19:14:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/02/02 00:42:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1085031214-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1214440339-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1214440339-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.62.56.1 204.62.56.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/10 12:06:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[ZOU]

Code: Select all

[code][color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/01/15 17:41:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/01/15 14:20:54 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/01/15 13:02:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Scott\Recent
[2011/01/15 12:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/01/13 16:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2010/12/22 20:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010/12/22 20:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Player - Codec Pack
[2010/12/22 20:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/01/15 17:41:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/01/15 17:19:11 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/15 17:14:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/15 17:12:00 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/15 17:11:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/15 17:11:53 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/15 17:11:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/15 17:05:59 | 000,000,171 | -HS- | M] () -- C:\boot.ini
[2011/01/15 16:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/01/15 15:51:39 | 000,516,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/15 15:51:39 | 000,095,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/15 12:32:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/15 12:20:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/13 17:01:50 | 000,002,164 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2011/01/11 18:25:15 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\z Open DNS.doc
[2011/01/08 21:25:53 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\z skunkworks.doc
[2010/12/30 13:08:05 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\z amazon.doc
[2010/12/28 13:37:14 | 000,005,534 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20101228_133711.reg
[2010/12/24 10:44:06 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\edacded0.dat
[2010/12/24 10:44:06 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7.xml
[2010/12/22 20:12:55 | 000,004,796 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20101222_201253.reg
[2010/12/22 18:13:01 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\Z Swanson.doc
[2010/12/20 21:18:16 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/20 19:56:36 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20101220_195634.reg
[2010/12/20 19:56:24 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20101220_195623.reg
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/20 01:59:40 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20101220_015938.reg
[2010/12/19 00:11:39 | 000,002,830 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20101219_001137.reg
[2010/12/18 21:22:28 | 000,001,088 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\z.lnk
[2010/12/18 21:17:41 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/18 19:52:25 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\z lockheed.doc
[2010/12/18 19:32:35 | 000,011,756 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20101218_193233.reg
[2010/12/17 19:51:33 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\s.lnk
[2010/12/17 19:46:55 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\v.lnk
[2010/12/17 19:37:46 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\p.lnk
[2010/12/17 19:32:54 | 000,001,113 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\g.lnk
[2010/12/17 19:25:35 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\a.lnk
[2010/12/16 19:47:13 | 000,040,570 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20101216_194711.reg



[ZOU]

[code][code]
========== Files Created - No Company Name ==========

[2011/01/15 12:32:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/11 18:25:15 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\z Open DNS.doc
[2010/12/28 13:37:12 | 000,005,534 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20101228_133711.reg
[2010/12/22 20:12:54 | 000,004,796 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20101222_201253.reg
[2010/12/22 18:13:25 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\z amazon.doc
[2010/12/21 19:25:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\z skunkworks.doc
[2010/12/20 19:56:35 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20101220_195634.reg
[2010/12/20 19:56:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20101220_195623.reg
[2010/12/20 01:59:39 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20101220_015938.reg
[2010/12/19 00:11:38 | 000,002,830 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20101219_001137.reg
[2010/12/18 19:41:47 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\z lockheed.doc
[2010/12/18 19:32:34 | 000,011,756 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20101218_193233.reg
[2010/12/17 19:51:33 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\s.lnk
[2010/12/17 19:50:04 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\z.lnk
[2010/12/17 19:46:55 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\v.lnk
[2010/12/17 19:37:46 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\p.lnk
[2010/12/17 19:32:54 | 000,001,113 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\g.lnk
[2010/12/17 19:25:35 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\a.lnk
[2010/12/17 16:21:08 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\Z Swanson.doc
[2010/12/16 19:47:12 | 000,040,570 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20101216_194711.reg
[2010/12/13 20:01:57 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/26 09:31:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/25 19:33:37 | 000,078,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/24 14:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 14:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 14:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 14:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 14:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 14:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 14:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 14:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll

[ZOU]

[2010/05/24 14:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 14:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 14:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 14:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 14:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 14:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 14:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 14:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 14:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 15:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 15:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 15:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 15:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 15:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 15:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 15:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 15:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 15:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 15:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/02/02 09:24:34 | 000,002,164 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/01/25 15:49:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/10/09 21:42:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/08/10 15:38:48 | 000,000,096 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/26 21:56:29 | 000,000,859 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/12/08 00:38:56 | 000,187,904 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application

[ZOU]

This is driving me nuts. I cannot get the last 15 lines of the OTL notepad to post.


The next post is the Notepad Extras from OTL.

[ZOU]

OTL Extras logfile created on: 1/15/2011 5:45:53 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 218.16 Gb Free Space | 93.68% Space Free | Partition Type: NTFS

Computer Name: SCOTT-981B04019 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1214440339-1085031214-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 23
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90BC5F99-9172-43B1-805F-77BCC800CAB7}" = Opera 10.60
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PicPick" = PicPick
"PowerTools Lite_is1" = PowerTools Lite
"Sandboxie" = Sandboxie 3.52
"Smart Defrag_is1" = Smart Defrag
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/15/2011 4:55:28 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 4:55:28 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:09:06 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:09:06 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:09:07 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:09:07 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:11:48 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:11:48 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:11:53 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:11:53 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ Application Events ]
Error - 1/15/2011 4:55:28 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 4:55:28 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:09:06 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:09:06 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:09:07 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:09:07 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:11:48 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:11:48 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:11:53 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/15/2011 6:11:53 PM | Computer Name = SCOTT-981B04019 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 1/15/2011 5:10:05 PM | Computer Name = SCOTT-981B04019 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 1/15/2011 5:10:05 PM | Computer Name = SCOTT-981B04019 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 1/15/2011 5:10:05 PM | Computer Name = SCOTT-981B04019 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 1/15/2011 5:10:05 PM | Computer Name = SCOTT-981B04019 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 1/15/2011 5:10:05 PM | Computer Name = SCOTT-981B04019 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AVG Anti-Rootkit AvgArCln avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd
Rdbss
SASDIFSV
SASKUTIL
sbaphd
ssmdrv
Tcpip

Error - 1/15/2011 6:08:23 PM | Computer Name = SCOTT-981B04019 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/15/2011 6:10:47 PM | Computer Name = SCOTT-981B04019 | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error: %%2

Error - 1/15/2011 6:10:47 PM | Computer Name = SCOTT-981B04019 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln sbaphd

Error - 1/15/2011 6:13:29 PM | Computer Name = SCOTT-981B04019 | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error: %%2

Error - 1/15/2011 6:13:29 PM | Computer Name = SCOTT-981B04019 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln sbaphd


< End of report >