Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cant Remove BHO trojan, OTL/Rootrepeal/Malwarebyte log attached

Started by Coloumb1 , Dec 12 2009 07:19 AM

  • Please log in to reply

#1
Coloumb1
Posted 12 December 2009 - 07:19 AM

Coloumb1

    Member

  • Member
  • PipPip
  • 10 posts
Please help! Cant remove BHO trojan:

OTL Extras log:

OTL logfile created on: 12/12/2009 8:09:45 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = D:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.92 Mb Total Physical Memory | 111.39 Mb Available Physical Memory | 14.52% Memory free
1.83 Gb Paging File | 1.32 Gb Available in Paging File | 71.92% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.14 Gb Total Space | 1.29 Gb Free Space | 8.51% Space Free | Partition Type: NTFS
Drive D: | 22.11 Gb Total Space | 1.50 Gb Free Space | 6.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SMA458-T41
Current User Name: sma458
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/12 07:59:30 | 00,472,064 | ---- | M] ( ) -- D:\Documents and Settings\Administrator\Desktop\RootRepeal(2).exe
PRC - [2009/12/12 07:58:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/11/09 08:55:00 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/30 20:16:59 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/21 15:06:28 | 01,318,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2007/05/11 17:30:50 | 00,133,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/05/11 17:28:56 | 00,187,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/05/11 17:25:40 | 00,505,368 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2006/11/16 21:57:18 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/07/11 12:25:18 | 01,115,744 | ---- | M] (Movielink LLC) -- D:\Program Files\Movielink\MovielinkManager\MovielinkCore.exe
PRC - [2004/06/01 14:58:47 | 03,305,472 | ---- | M] () -- C:\Program Files\X-Lite\X-Lite.exe
PRC - [2004/05/19 03:21:00 | 00,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2004/04/08 18:12:06 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/04/08 18:11:26 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/04/07 06:21:50 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/04/07 06:20:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2004/03/12 15:18:32 | 00,124,128 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/03/12 15:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/03/12 15:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/29 16:44:54 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/02/29 16:44:48 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/02/29 16:44:46 | 00,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/02/26 01:26:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/12/12 07:58:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2007/05/11 17:30:38 | 00,113,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2004/04/08 18:11:54 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/03/20 21:00:34 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/18 01:04:42 | 01,685,024 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/05/11 17:32:22 | 00,142,112 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/05/11 17:30:50 | 00,133,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/05/11 17:28:56 | 00,187,168 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/11/16 21:57:18 | 00,364,544 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/07/11 12:25:18 | 01,115,744 | ---- | M] (Movielink LLC) [Auto | Running] -- D:\Program Files\Movielink\MovielinkManager\MovielinkCore.exe -- (Movielink Core Service)
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/05/26 10:33:18 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2004/05/19 03:21:00 | 00,073,728 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004/04/07 06:21:50 | 00,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/04/07 06:20:40 | 00,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2004/03/12 15:18:06 | 00,169,192 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 15:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 15:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/03/11 14:58:32 | 00,193,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/02/29 16:44:54 | 00,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 16:44:52 | 00,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 16:44:48 | 00,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/02/26 01:26:00 | 00,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students, = http://www.kellogg.n...edu/students/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students, = +
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,% = %25
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,+ = %2B
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.13966

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/01 10:19:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.6\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2008/11/16 00:40:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.6\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2009/10/05 14:00:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/13 16:12:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/09 08:55:06 | 00,000,000 | ---D | M]

[2009/05/17 18:31:41 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/12/11 23:26:42 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8yvewa30.default\extensions
[2009/02/01 08:35:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8yvewa30.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2007/11/03 11:22:23 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8yvewa30.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/12/11 23:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/12 07:50:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/06/30 22:02:00 | 00,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Google Update] D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Jumblo] C:\Program Files\Jumblo.com\Jumblo\Jumblo.exe File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WeatherDPA] C:\Program Files\Zango\bin\10.3.74.0\Weather.exe File not found
O4 - HKCU..\Run: [XSC SIP Client] C:\Program Files\X-Lite\X-Lite.exe ()
O4 - HKCU..\RunOnce: [CheckNetworkConnection] C:\Program Files\Support.com\providerComcast\desktopdoctor.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 28 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://appldnld.m7z....iTunesSetup.exe (Reg Error: Key error.)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...3/uploader2.cab (UploadListView Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopc...oad/SOPCORE.CAB (SopCore Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...AB?38132.640625 (Reg Error: Key error.)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft....ayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{95ffcdf0-ea68-11dd-90a0-000cf1277a4b}\Shell - "" = AutoRun
O33 - MountPoints2\{95ffcdf0-ea68-11dd-90a0-000cf1277a4b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/12 07:59:34 | 00,472,064 | ---- | C] ( ) -- D:\Documents and Settings\Administrator\Desktop\RootRepeal(2).exe
[2009/12/12 07:58:30 | 00,538,112 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/11/29 12:53:02 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/11/29 12:51:43 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup(2).exe
[2009/11/29 12:06:02 | 00,472,064 | ---- | C] ( ) -- D:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/11/29 12:02:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/29 12:02:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 12:02:16 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/29 12:02:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 12:00:38 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/11/29 11:57:56 | 00,341,504 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/11/29 11:32:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\qdijyd
[2009/11/27 08:47:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\nagasoft
[2007/11/23 23:16:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/10 19:00:27 | 00,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/07/17 19:20:52 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Real
[2005/04/15 13:11:15 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/08/09 08:33:39 | 00,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/05/23 17:16:47 | 00,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 D:\Documents and Settings\Administrator\My Documents\*.tmp files -> D:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/12 07:59:54 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/12/12 07:59:30 | 00,472,064 | ---- | M] ( ) -- D:\Documents and Settings\Administrator\Desktop\RootRepeal(2).exe
[2009/12/12 07:58:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/12 07:46:00 | 00,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2812319426-2802010446-1008649480-500UA.job
[2009/12/12 07:12:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/12 07:12:22 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/12 07:11:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/12 07:11:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/12 07:11:23 | 80,424,5504 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 00:40:10 | 06,291,456 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/12 00:40:10 | 00,000,278 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2009/12/11 23:01:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/12/11 22:46:00 | 00,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2812319426-2802010446-1008649480-500Core.job
[2009/12/11 12:28:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/10 23:47:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/10 23:45:45 | 02,003,375 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/12/06 14:15:34 | 00,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/29 12:53:01 | 00,000,584 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 12:51:50 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup(2).exe
[2009/11/29 12:49:55 | 00,001,251 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.bat
[2009/11/29 12:49:55 | 00,000,439 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.reg
[2009/11/29 12:47:06 | 00,262,656 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.com
[2009/11/29 12:06:05 | 00,472,064 | ---- | M] ( ) -- D:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/11/29 12:01:02 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/11/29 11:57:42 | 00,341,504 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\TFC.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 D:\Documents and Settings\Administrator\My Documents\*.tmp files -> D:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/12 07:59:54 | 00,000,000 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/11/29 12:47:35 | 00,001,251 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.bat
[2009/11/29 12:47:35 | 00,000,439 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.reg
[2009/11/29 12:47:08 | 00,262,656 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.com
[2009/11/29 12:02:21 | 00,000,584 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/07/31 14:22:26 | 00,057,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/10 19:07:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 17:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/06 22:52:00 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2007/11/06 22:51:59 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2007/11/06 22:51:58 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2007/11/06 22:51:58 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/08/24 20:08:15 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/08/06 12:07:30 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/17 13:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/05/11 17:30:16 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/11 17:27:58 | 02,107,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/11/26 11:44:03 | 00,003,405 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/15 09:17:35 | 00,394,779 | -HS- | C] () -- C:\WINDOWS\System32\rtvyb.ini2
[2005/10/15 09:17:34 | 00,350,137 | -HS- | C] () -- C:\WINDOWS\System32\rtvyb.ini
[2005/07/30 08:59:24 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/06/19 20:18:31 | 00,002,595 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/11 17:15:25 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/03/10 12:11:55 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/03/05 01:49:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/08/26 09:43:08 | 00,000,172 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/08/15 18:17:36 | 00,030,720 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/06 17:59:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/06/11 20:31:30 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/09 14:56:53 | 00,000,852 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/03 14:13:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/05/28 12:15:46 | 00,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2004/05/26 17:07:40 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/26 17:07:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/26 17:07:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/26 17:07:40 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/26 17:07:39 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/26 17:07:39 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/05/26 15:53:38 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/05/26 15:53:23 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/05/26 15:53:23 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/05/26 15:41:03 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2004/05/26 15:40:49 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2004/05/26 15:40:24 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sensor.dll
[2004/05/26 15:39:23 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/05/23 18:53:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/05/23 18:51:18 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/05/23 18:51:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2004/05/23 18:50:33 | 00,020,590 | ---- | C] () -- C:\WINDOWS\default32.dll
[2004/05/23 17:12:25 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/20 09:36:02 | 00,000,400 | ---- | C] () -- C:\WINDOWS\System32\master.dll
[2004/04/07 06:21:16 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2004/03/18 12:55:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/10/08 13:34:26 | 00,121,440 | ---- | C] () -- C:\WINDOWS\System32\MSDRMCtrl.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/20 10:25:20 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\ADDINSOFT
[2008/07/29 19:39:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\BitZipper
[2004/07/22 17:57:35 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\IBM
[2004/06/16 16:46:01 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\InterVideo
[2009/10/05 08:05:30 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Jumblo
[2006/04/28 17:48:15 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\NetZero, Inc
[2005/11/23 09:55:12 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Nikon
[2004/06/01 12:31:25 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Qualcomm
[2007/11/06 22:51:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2008/07/29 09:35:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\WeatherDPA
[2004/06/09 16:40:09 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\IBM
[2006/07/17 19:20:44 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Movielink
[2005/10/11 15:34:35 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/11/06 22:51:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Simply Super Software
[2008/07/29 21:58:58 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2005/06/15 09:52:59 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/01 20:56:55 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/16 00:43:04 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2004/05/26 15:40:32 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

OTL Log:

OTL logfile created on: 12/12/2009 8:09:45 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = D:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.92 Mb Total Physical Memory | 111.39 Mb Available Physical Memory | 14.52% Memory free
1.83 Gb Paging File | 1.32 Gb Available in Paging File | 71.92% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.14 Gb Total Space | 1.29 Gb Free Space | 8.51% Space Free | Partition Type: NTFS
Drive D: | 22.11 Gb Total Space | 1.50 Gb Free Space | 6.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SMA458-T41
Current User Name: sma458
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/12 07:59:30 | 00,472,064 | ---- | M] ( ) -- D:\Documents and Settings\Administrator\Desktop\RootRepeal(2).exe
PRC - [2009/12/12 07:58:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/11/09 08:55:00 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/30 20:16:59 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/21 15:06:28 | 01,318,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2007/05/11 17:30:50 | 00,133,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/05/11 17:28:56 | 00,187,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/05/11 17:25:40 | 00,505,368 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2006/11/16 21:57:18 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/07/11 12:25:18 | 01,115,744 | ---- | M] (Movielink LLC) -- D:\Program Files\Movielink\MovielinkManager\MovielinkCore.exe
PRC - [2004/06/01 14:58:47 | 03,305,472 | ---- | M] () -- C:\Program Files\X-Lite\X-Lite.exe
PRC - [2004/05/19 03:21:00 | 00,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2004/04/08 18:12:06 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/04/08 18:11:26 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/04/07 06:21:50 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/04/07 06:20:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2004/03/12 15:18:32 | 00,124,128 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/03/12 15:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/03/12 15:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/29 16:44:54 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/02/29 16:44:48 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/02/29 16:44:46 | 00,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/02/26 01:26:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/12/12 07:58:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2007/05/11 17:30:38 | 00,113,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2004/04/08 18:11:54 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/03/20 21:00:34 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/18 01:04:42 | 01,685,024 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/05/11 17:32:22 | 00,142,112 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/05/11 17:30:50 | 00,133,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/05/11 17:28:56 | 00,187,168 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/11/16 21:57:18 | 00,364,544 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/07/11 12:25:18 | 01,115,744 | ---- | M] (Movielink LLC) [Auto | Running] -- D:\Program Files\Movielink\MovielinkManager\MovielinkCore.exe -- (Movielink Core Service)
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/05/26 10:33:18 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2004/05/19 03:21:00 | 00,073,728 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004/04/07 06:21:50 | 00,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/04/07 06:20:40 | 00,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2004/03/12 15:18:06 | 00,169,192 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 15:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 15:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/03/11 14:58:32 | 00,193,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/02/29 16:44:54 | 00,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 16:44:52 | 00,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 16:44:48 | 00,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/02/26 01:26:00 | 00,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students, = http://www.kellogg.n...edu/students/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students, = +
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,% = %25
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\students,+ = %2B
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.13966

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/01 10:19:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.6\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2008/11/16 00:40:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.6\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2009/10/05 14:00:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/13 16:12:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/09 08:55:06 | 00,000,000 | ---D | M]

[2009/05/17 18:31:41 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/12/11 23:26:42 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8yvewa30.default\extensions
[2009/02/01 08:35:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8yvewa30.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2007/11/03 11:22:23 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8yvewa30.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/12/11 23:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/12 07:50:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/06/30 22:02:00 | 00,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Google Update] D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Jumblo] C:\Program Files\Jumblo.com\Jumblo\Jumblo.exe File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WeatherDPA] C:\Program Files\Zango\bin\10.3.74.0\Weather.exe File not found
O4 - HKCU..\Run: [XSC SIP Client] C:\Program Files\X-Lite\X-Lite.exe ()
O4 - HKCU..\RunOnce: [CheckNetworkConnection] C:\Program Files\Support.com\providerComcast\desktopdoctor.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 28 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://appldnld.m7z....iTunesSetup.exe (Reg Error: Key error.)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...3/uploader2.cab (UploadListView Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopc...oad/SOPCORE.CAB (SopCore Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...AB?38132.640625 (Reg Error: Key error.)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft....ayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{95ffcdf0-ea68-11dd-90a0-000cf1277a4b}\Shell - "" = AutoRun
O33 - MountPoints2\{95ffcdf0-ea68-11dd-90a0-000cf1277a4b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/12 07:59:34 | 00,472,064 | ---- | C] ( ) -- D:\Documents and Settings\Administrator\Desktop\RootRepeal(2).exe
[2009/12/12 07:58:30 | 00,538,112 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/11/29 12:53:02 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/11/29 12:51:43 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup(2).exe
[2009/11/29 12:06:02 | 00,472,064 | ---- | C] ( ) -- D:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/11/29 12:02:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/29 12:02:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 12:02:16 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/29 12:02:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 12:00:38 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/11/29 11:57:56 | 00,341,504 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/11/29 11:32:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\qdijyd
[2009/11/27 08:47:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\nagasoft
[2007/11/23 23:16:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/10 19:00:27 | 00,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/07/17 19:20:52 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Real
[2005/04/15 13:11:15 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/08/09 08:33:39 | 00,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/05/23 17:16:47 | 00,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 D:\Documents and Settings\Administrator\My Documents\*.tmp files -> D:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/12 07:59:54 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/12/12 07:59:30 | 00,472,064 | ---- | M] ( ) -- D:\Documents and Settings\Administrator\Desktop\RootRepeal(2).exe
[2009/12/12 07:58:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/12 07:46:00 | 00,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2812319426-2802010446-1008649480-500UA.job
[2009/12/12 07:12:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/12 07:12:22 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/12 07:11:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/12 07:11:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/12 07:11:23 | 80,424,5504 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 00:40:10 | 06,291,456 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/12 00:40:10 | 00,000,278 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2009/12/11 23:01:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/12/11 22:46:00 | 00,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2812319426-2802010446-1008649480-500Core.job
[2009/12/11 12:28:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/10 23:47:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/10 23:45:45 | 02,003,375 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/12/06 14:15:34 | 00,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/29 12:53:01 | 00,000,584 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 12:51:50 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup(2).exe
[2009/11/29 12:49:55 | 00,001,251 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.bat
[2009/11/29 12:49:55 | 00,000,439 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.reg
[2009/11/29 12:47:06 | 00,262,656 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.com
[2009/11/29 12:06:05 | 00,472,064 | ---- | M] ( ) -- D:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/11/29 12:01:02 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/11/29 11:57:42 | 00,341,504 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\TFC.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 D:\Documents and Settings\Administrator\My Documents\*.tmp files -> D:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/12 07:59:54 | 00,000,000 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/11/29 12:47:35 | 00,001,251 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.bat
[2009/11/29 12:47:35 | 00,000,439 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.reg
[2009/11/29 12:47:08 | 00,262,656 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.com
[2009/11/29 12:02:21 | 00,000,584 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/07/31 14:22:26 | 00,057,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/10 19:07:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 17:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/06 22:52:00 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2007/11/06 22:51:59 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2007/11/06 22:51:58 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2007/11/06 22:51:58 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/08/24 20:08:15 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/08/06 12:07:30 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/17 13:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/05/11 17:30:16 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/11 17:27:58 | 02,107,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/11/26 11:44:03 | 00,003,405 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/15 09:17:35 | 00,394,779 | -HS- | C] () -- C:\WINDOWS\System32\rtvyb.ini2
[2005/10/15 09:17:34 | 00,350,137 | -HS- | C] () -- C:\WINDOWS\System32\rtvyb.ini
[2005/07/30 08:59:24 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/06/19 20:18:31 | 00,002,595 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/11 17:15:25 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/03/10 12:11:55 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/03/05 01:49:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/08/26 09:43:08 | 00,000,172 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/08/15 18:17:36 | 00,030,720 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/06 17:59:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/06/11 20:31:30 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/09 14:56:53 | 00,000,852 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/03 14:13:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/05/28 12:15:46 | 00,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2004/05/26 17:07:40 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/26 17:07:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/26 17:07:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/26 17:07:40 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/26 17:07:39 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/26 17:07:39 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/05/26 15:53:38 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/05/26 15:53:23 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/05/26 15:53:23 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/05/26 15:41:03 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2004/05/26 15:40:49 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2004/05/26 15:40:24 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sensor.dll
[2004/05/26 15:39:23 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/05/23 18:53:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/05/23 18:51:18 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/05/23 18:51:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2004/05/23 18:50:33 | 00,020,590 | ---- | C] () -- C:\WINDOWS\default32.dll
[2004/05/23 17:12:25 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/20 09:36:02 | 00,000,400 | ---- | C] () -- C:\WINDOWS\System32\master.dll
[2004/04/07 06:21:16 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2004/03/18 12:55:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/10/08 13:34:26 | 00,121,440 | ---- | C] () -- C:\WINDOWS\System32\MSDRMCtrl.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/20 10:25:20 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\ADDINSOFT
[2008/07/29 19:39:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\BitZipper
[2004/07/22 17:57:35 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\IBM
[2004/06/16 16:46:01 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\InterVideo
[2009/10/05 08:05:30 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Jumblo
[2006/04/28 17:48:15 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\NetZero, Inc
[2005/11/23 09:55:12 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Nikon
[2004/06/01 12:31:25 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Qualcomm
[2007/11/06 22:51:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2008/07/29 09:35:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\WeatherDPA
[2004/06/09 16:40:09 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\IBM
[2006/07/17 19:20:44 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Movielink
[2005/10/11 15:34:35 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/11/06 22:51:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Simply Super Software
[2008/07/29 21:58:58 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2005/06/15 09:52:59 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/01 20:56:55 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/16 00:43:04 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2004/05/26 15:40:32 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >




















Root Repeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/12 08:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBAAD1000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B82000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal2.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal2.sys
Address: 0xBAF4E000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0xe1da82b8

==EOF==


MBAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 3257
Windows 5.1.2600 Service Pack 3

12/12/2009 8:05:37 AM
mbam-log-2009-12-12 (08-05-37).txt

Scan type: Quick Scan
Objects scanned: 110186
Time elapsed: 18 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Shared\lib.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.

Thanks for any assistance!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP