Hello LPP et all, it's been a while since I needed your assistance, but I'm back again, and I should have all the needed logs:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.24.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mary Anne :: 4T34MC1 [administrator]
10/24/2012 9:02:00 PM
mbam-log-2012-10-24 (21-02-00).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319879
Time elapsed: 1 hour(s), 1 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 56
HKCR\CLSID\{ee718602-1282-4d49-ac4e-afab43840b99} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a7d84ee2-a611-4726-b353-3732a55c734c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3EA07715-76B5-4572-85D4-592263F48907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE718602-1282-4D49-AC4E-AFAB43840B99} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{122e5f70-9c86-4e54-ac4c-d85d003b9935} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{dd51b24f-4ad0-43e2-83bb-ed9af4475a0d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0CEC5206-43FA-4BC8-91A7-DC5B121F7960} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9d691733-7ee6-48e6-adae-2be39b132bd1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{9664e31f-b2bc-4de2-87c7-43694e33ecc4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{661A3047-196C-40BE-B957-98532655A787} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{4aee45aa-b3b1-4eff-ba81-3e3afa0fbfb9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c80ddfba-1646-4b6d-845f-85288c7b8201} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{c43dde8b-9428-4c43-9a64-fc66912fe6a4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{DFF78A48-9941-4ABF-8E21-E1D66F6AF4B1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c401ebc5-c988-48d7-a721-42c59fb48d0d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{e9934f5d-7a0f-4240-a709-11c91854ce21} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{4EECBA27-86E3-49FF-9084-986F22CFDE7B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0f2a56e1-2b3f-4a50-9f44-946532ab3279} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8a3b777d-5f5b-448d-b3cd-fdf00932306d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{2addcc11-40ad-4244-afc6-90feeb3bb2e9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{943D23D4-4C0C-4668-AE21-3483CCA4DCEF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{69b8636b-4a89-4e55-bcf3-a45464ad2171} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{34afd9f3-f1b2-4e3d-9836-04c592956564} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ccea288e-f1bf-4044-b3e9-e41b1656084c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a12635f7-09ea-479c-8fa0-65c98b053c3a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0C40607D-5922-4D40-9AAF-8AF96DF5C704} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCEA288E-F1BF-4044-B3E9-E41B1656084C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ffbe11e1-494b-4396-895e-9776dc069ab7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{25d62e1a-bd8b-4e6e-b7cc-1e0ee04a4622} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4a9994e4-a107-4c07-abe2-832242bf8486} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{962DE9EA-6508-4D38-B5A1-EA8E431CF0A0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 28
C:\Program Files\MyScrapNook_12\bar\1.bin\12msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12hkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\12uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyScrapNook_12\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1443\A0220478.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
(end)
Here is the OTL log:
OTL logfile created on: 10/26/2012 6:49:28 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mary Anne\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.40% Memory free
3.84 Gb Paging File | 2.63 Gb Available in Paging File | 68.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 43.60 Gb Free Space | 58.54% Space Free | Partition Type: NTFS
Computer Name: 4T34MC1 | User Name: Mary Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/10/25 22:30:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Anne\Desktop\OTL.exe
PRC - [2012/10/24 22:06:47 | 004,762,496 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/10/24 22:06:47 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2003/09/10 02:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/07/30 20:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2006/11/01 13:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2003/09/10 02:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
MOD - [2003/08/29 04:23:49 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2001/05/06 11:14:24 | 000,765,952 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hotspot\jvm.dll
MOD - [2001/05/06 11:14:22 | 000,086,093 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\java.dll
MOD - [2001/05/06 11:14:22 | 000,053,326 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\zip.dll
MOD - [2001/05/06 11:14:22 | 000,053,319 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\verify.dll
MOD - [2001/05/06 11:14:22 | 000,032,841 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\net.dll
MOD - [2001/05/06 11:14:22 | 000,028,753 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hpi.dll
MOD - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - [2012/10/24 22:06:47 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/10/20 20:51:18 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 07:05:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/10/06 23:08:38 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/11/04 11:05:21 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\3.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011/12/18 10:45:51 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/12/18 10:45:51 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/02 08:39:59 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys -- (RapportCerberus_26169)
DRV - [2011/04/28 14:34:50 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/28 14:34:50 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/04/28 14:34:48 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/05 18:13:38 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/26 05:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2007/06/01 13:57:18 | 000,178,176 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/05/30 16:50:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/01/28 14:23:36 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 18:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/10/08 11:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2004/06/15 15:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTKCMOS.sys -- (GTKCMOS)
DRV - [2004/06/09 09:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »
search.live.com/results.aspx?q={···source?}IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = »
slirsredirect.search.aol.com/sli···b50trie7IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = »
search.mywebsearch.com/mywebsear···chTerms}IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »
xfinity.comcast.net/IE - HKCU\..\URLSearchHook: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {720E6F15-D6A4-461B-BEFA-37FA2C6EA22A}
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = »
slirsredirect.search.aol.com/sli···b50trie7IE - HKCU\..\SearchScopes\{3307CC42-4456-463F-848D-E935E9D1465C}: "URL" = »
www.google.com/search?q={searchT···artPage}IE - HKCU\..\SearchScopes\{34368346-BB02-4F61-884A-1A9F387A9CA1}: "URL" = »
rover.ebay.com/rover/1/711-43047···chTerms}IE - HKCU\..\SearchScopes\{4E17186E-C971-40DA-9D58-37855A91DE07}: "URL" = »
www.flickr.com/search/?q={searchTerms}IE - HKCU\..\SearchScopes\{720E6F15-D6A4-461B-BEFA-37FA2C6EA22A}: "URL" = »
search.yahoo.com/search?p={searc···chr-yie8IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = »
search.mywebsearch.com/mywebsear···chTerms}IE - HKCU\..\SearchScopes\{ECD62969-98F5-45A9-8A3C-2845E815C2E5}: "URL" = »
delicious.com/search?p={searchTerms}IE - HKCU\..\SearchScopes\{FA870CED-889E-4FD6-9EFC-9B1CEFFF779E}: "URL" = »
search.avg.com/route/?d=4c69cb76···ychte=usIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/home.html"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/09/17 17:35:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12ffxtbr@MyScrapNook_12.com: C:\Program Files\MyScrapNook_12\bar\1.bin [2012/10/24 22:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/20 20:51:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/20 20:51:07 | 000,000,000 | ---D | M]
[2008/08/30 16:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Anne\Application Data\Mozilla\Extensions
[2012/08/21 20:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Anne\Application Data\Mozilla\Firefox\Profiles\2mwjsg2x.default\extensions
[2012/08/21 20:06:16 | 000,000,000 | ---D | M] (My Scrap Nook) -- C:\Documents and Settings\Mary Anne\Application Data\Mozilla\Firefox\Profiles\2mwjsg2x.default\extensions\12ffxtbr@MyScrapNook_12.com
[2007/10/30 22:45:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mary Anne\Application Data\Mozilla\Firefox\Profiles\2mwjsg2x.default\extensions\moveplayer@movenetworks.com
[2012/10/22 20:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Anne\Application Data\Mozilla\Firefox\Profiles\8npzzz21.default\extensions
[2010/09/01 20:47:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mary Anne\Application Data\Mozilla\Firefox\Profiles\8npzzz21.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/10 16:16:05 | 000,000,000 | ---D | M] (My Scrap Nook) -- C:\Documents and Settings\Mary Anne\Application Data\Mozilla\Firefox\Profiles\8npzzz21.default\extensions\12ffxtbr@MyScrapNook_12.com
[2009/03/28 22:11:16 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mary Anne\Application Data\Mozilla\Firefox\Profiles\8npzzz21.default\extensions\moveplayer@movenetworks.com
[2012/10/24 22:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/20 20:51:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/24 22:32:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/20 20:51:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2012/10/20 20:51:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/20 20:51:15 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/11/29 22:57:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBHO Object) - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll (CoreStreet, Ltd.)
O3 - HKLM\..\Toolbar: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Scrap Nook) - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (My Scrap Nook) - {FE6F06FB-0FC0-4499-828F-EE48088F504F} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - »
tbedits.televisionfanatic.com/on···11082119 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} »
support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} »
office.microsoft.com/sites/produ···dc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} »
update.microsoft.com/microsoftup···78379984 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »
download.eset.com/special/eos-be···nner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »
java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} »
java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »
java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »
fpdownload2.macromedia.com/get/f···lash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16C3454D-3B85-4234-98E0-B760D5CFFD9E}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/10/26 18:48:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Anne\Desktop\OTL.exe
[2012/10/25 19:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Anne\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/10/24 22:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/24 22:32:32 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/10/24 22:32:32 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/10/24 22:32:32 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/10/20 20:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/10 07:05:25 | 010,220,472 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/10/26 18:20:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/26 18:16:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/26 18:16:26 | 2137,120,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/26 18:05:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/26 18:02:48 | 098,625,692 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/10/25 22:30:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Anne\Desktop\OTL.exe
[2012/10/24 19:21:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/24 18:22:55 | 000,413,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/10/10 07:17:18 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/10 07:05:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/10 07:05:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/10 07:05:26 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/02/16 08:36:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 21:52:51 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Mary Anne\Local Settings\Application Data\d3d9caps.dat
[2007/10/16 20:11:54 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Mary Anne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/28 10:57:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mary Anne\Application Data\PFP100JPR.{PB
[2007/04/28 10:57:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mary Anne\Application Data\PFP100JCM.{PB
[2007/04/10 19:12:00 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Mary Anne\Local Settings\Application Data\fusioncache.dat
[2007/04/03 00:21:50 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[color=#E56717]========== LOP Check ==========[/color]
[2008/12/20 16:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/09/25 09:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/24 10:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/11/04 11:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/10/24 10:16:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/07/20 11:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/05/06 19:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/07/27 12:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2010/07/08 19:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/04/02 10:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/08/02 17:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/04/03 00:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/12/26 09:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/07/07 13:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\3M
[2007/04/30 20:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\acccore
[2010/10/24 10:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\AVG10
[2012/05/11 09:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\Babylon
[2011/08/15 19:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\Dropbox
[2008/09/08 19:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\GARMIN
[2007/04/14 13:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\GetRightToGo
[2008/10/06 23:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\Leadertech
[2012/08/21 20:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\MyScrapNook_12
[2012/08/29 19:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\PrimoPDF
[2007/06/21 20:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\Snapfish
[2011/04/02 10:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\Trusteer
[2011/07/17 17:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\uPlayer
[2007/08/13 21:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\Viewpoint
[2008/08/27 18:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\Windows Desktop Search
[2008/12/20 13:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Anne\Application Data\Windows Search
[color=#E56717]========== Purity Check ==========[/color]
It never produced an Extras log:
Here is the checkup.txt log:
Results of screen317's Security Check version 0.99.53
Windows XP Service Pack 3 x86
Internet Explorer 8
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2011
Antivirus up to date!
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
[color=red]
Out of date HijackThis installed![/color]
SUPERAntiSpyware Free Edition
Windows Defender
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 2.0.2
Java(TM) 6 Update 37
[color=red]
Java version out of Date![/color]
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
[u]````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 0%
[u]````````````````````End of Log``````````````````````[/u]
And the Eset log:
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=74235bb146d7a64394a56223774a7707
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-26 05:15:09
# local_time=2012-10-26 12:15:09 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 120461245 120461245 0 0
# compatibility_mode=1032 16777173 100 96 0 94279570 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 59285223 59285223 0 0
# scanned=90641
# found=6
# cleaned=6
# scan_time=5083
C:\Documents and Settings\Mary Anne\Desktop\DownLoads\Babylon9_setup.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1443\A0220483.exe a variant of Win32/Toolbar.MyWebSearch.O application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1443\A0220485.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1443\A0220486.dll Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1443\A0220487.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1485\A0227208.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I hope that Eset took care of it. . . . .
·