Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware present and disabling all attempts to run anti-malware


  • Please log in to reply

#1
livi4461

livi4461

    Member

  • Member
  • PipPip
  • 13 posts
I found out I had something on my PC thanks to AVG but it just said the file couldn't be removed. I noted that it was ipnat.sys but I don't remember the original error name. Trojanhorse.Generic.13..... something like that.

Anyway.. the techs at this site have been awesome in the past through the existing forums and other assists with problems on this same PC. I'm hoping someone can help with this one.

I've been through the Malware tutorial and have tried to download/run the OTL file (won't run) and MBAW (won't run). Then I moved onto step 2 and downloaded/ran the VIPRERESCUE. This downloaded and ran the first time so I proceeded to then reattempt to download/run MBAW but w/o success. MBAW got farther along but was still shutdown by the malware. So I attempt to re-run the VIPRERESCUE. This time, it wasn't allowed to run at all.

Whatever this malware is, it's really good at making sure nothing removes it.

So.. here's what the machine WILL do.
1) I can still boot the machine but I don't leave it running for too long because I don't know what other damage the malware may be doing.
2) I can still access the internet but the malware tries to redirect almost every location I attempt. I have to be sneaky and use a secondary access to be able to get to geekstogo.com!!
3) It's doing something funky after it's been on for about 30 minutes. The bar at the bottom where the Start button resides looks like it's going into Safe mode... but the rest of the display isn't going into Safe mode and the computer isn't giving me any messages to that affect.
4) AVG seems to have been turned off as well since I can't get it to run a scan when I want. However, I did get notification of a new threat (blocked supposedly) for rodgyt.co.cc/?id=06abQDcx.

Here's what I CANNOT do.
1) I can't run my Spybot Seach and Destroy
2) I can't run my Lavasoft Adaware
3) I can't run any of the item you've listed in the tutorial.

Please provide next steps. I know there's a way to kick this malware thing!!!

Thanks!!
Tammy
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, some result may be possible - Can you burn a CD

Please print these instruction out so that you know what you are doing

OTLPEStd.exe
MD5=107440596207871822220183734CF7C4
98,217,771bytes / 93.6MB

  • Download OTLPEStd.exe to your desktop
  • Download this scan.txt to a USB
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :D

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
livi4461

livi4461

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for waiting for me to get this information. I learned much in the process. FYI... my favorite step in your process was #6!!!

Here's my OTL file. It's gibberish to me but I hope it helps us to determine how to rid my computer of the nasty that took over!

Thanks again for your help!!!

OTL logfile created on: 12/5/2010 10:33:22 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 721.00 Mb Available Physical Memory | 75.00% Memory free
858.00 Mb Paging File | 761.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 147.57 Gb Free Space | 64.22% Space Free | Partition Type: NTFS
Drive D: | 298.01 Gb Total Space | 293.08 Gb Free Space | 98.35% Space Free | Partition Type: FAT32
Unable to calculate disk information.
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/29 09:09:06 | 000,196,320 | ---- | M] () [Auto] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/07 15:50:42 | 000,176,408 | ---- | M] (iWin Inc.) [Auto] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/12/06 21:12:48 | 001,590,216 | ---- | M] (UltraVNC) [On_Demand] -- C:\Documents and Settings\Tammy\Local Settings\Application Data\CrossLoop\winvnc.exe -- (uvnc_service)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/02/18 16:40:38 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2007/12/11 03:39:12 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/11/06 17:04:48 | 000,810,632 | ---- | M] (ExtendMedia Inc.) [Auto] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/11/29 09:09:16 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/29 09:09:16 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/11/29 09:09:16 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/11/29 09:09:16 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009/02/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/09 07:10:48 | 000,037,888 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\vbma367f.sys -- (vbma367f)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/18 07:46:34 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/02/25 20:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/08/23 11:12:38 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/08/15 02:00:18 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 05:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/05 06:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2006/08/05 06:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/07/16 13:10:00 | 000,156,020 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xnd5.SYS -- (EL90X)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070518
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070518


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070518
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070518
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\Tammy_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Tammy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Tammy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Tammy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\Tammy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Tammy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tammy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/04 20:26:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/29 08:56:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2010/11/29 10:20:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2010/11/29 10:29:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/02/14 10:16:27 | 000,224,760 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 www.180solutions.com
O1 - Hosts: 127.0.0.1 bis.180solutions.com
O1 - Hosts: 127.0.0.1 config.180solutions.com
O1 - Hosts: 127.0.0.1 cts.180solutions.com
O1 - Hosts: 127.0.0.1 downloads.180solutions.com
O1 - Hosts: 127.0.0.1 installs.180solutions.com
O1 - Hosts: 127.0.0.1 nowhere.180solutions.com
O1 - Hosts: 127.0.0.1 ping.180solutions.com
O1 - Hosts: 127.0.0.1 tv.180solutions.com
O1 - Hosts: 127.0.0.1 uploads.180solutions.com
O1 - Hosts: 127.0.0.1 public.zangocash.com
O1 - Hosts: 127.0.0.1 www.public.zangocash.com
O1 - Hosts: 127.0.0.1 static.zangocash.com
O1 - Hosts: 127.0.0.1 www.static.zangocash.com
O1 - Hosts: 127.0.0.1 www.zangocash.com
O1 - Hosts: 127.0.0.1 zangocash.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 2search.com
O1 - Hosts: 7889 more lines...
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Tammy_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Tammy_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Tammy_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cobian Backup 8] C:\Program Files\Cobian Backup 8\Cobian.exe (Luis Cobian)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\Tammy_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Tammy_ON_C..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\Tammy_ON_C..\Run: [Error Fix] C:\Program Files\Error Fix\Error Fix.exe ()
O4 - HKU\Tammy_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\Printkey2000\printkey2000.exe (Fred's Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Tammy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/...nx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} http://zone.msn.com/...rs.1.0.0.39.cab (CPlayFirstPiratePoppersControl Object)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.h...llMgr_v01_6.cab (FixController Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} http://zone.msn.com/...ia.1.0.0.46.cab (CPlayFirstSweetopiaControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/29 13:45:34 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - D:\autorun.in_2.org -- [ FAT32 ]
O32 - AutoRun File - [2010/03/18 20:43:14 | 000,000,105 | -H-- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/05 22:32:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2010/12/05 22:32:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\My Documents
[2010/12/04 22:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/12/04 22:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/11/30 11:18:51 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2010/11/30 11:18:49 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/30 11:18:12 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/11/30 11:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/11/30 10:06:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/11/29 14:01:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 14:01:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 14:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/29 10:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro
[2010/11/29 10:18:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2010/11/29 10:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/19 17:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
[2010/11/19 17:14:00 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2010/11/19 13:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Error Fix
[2010/11/19 13:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Error Fix
[2010/11/19 13:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2010/11/19 10:10:38 | 000,092,112 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/11/19 10:10:04 | 000,064,080 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/11/19 10:10:03 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/11/19 10:10:03 | 000,080,464 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/11/18 17:33:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
[2010/11/18 15:37:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/18 14:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Bitrix Security
[2010/11/18 13:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/11/18 11:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\AVG10
[2010/11/18 11:25:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/11/18 10:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/18 10:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/18 09:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/18 09:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/11 12:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\PriceGong
[2010/11/11 12:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Local Settings\Application Data\Conduit
[2010/11/11 12:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Local Settings\Application Data\DVDVideoSoftTB
[2010/11/11 12:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\DVDVideoSoftIEHelpers
[2010/03/23 09:47:22 | 002,114,184 | ---- | C] (Facebook, Inc.) -- C:\Program Files\Install_Facebook_Plug-In_1.0.3[1]
[2007/08/03 12:14:18 | 050,005,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2007/07/23 19:37:04 | 006,466,517 | ---- | C] (MRX Software ) -- C:\Program Files\cwcom_inst.exe
[2006/02/19 02:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/05 22:20:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/05 22:20:20 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/05 22:12:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/05 22:11:27 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/05 22:11:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/05 22:06:30 | 101,038,733 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/05 21:54:52 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/04 22:07:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/30 11:23:37 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/30 11:19:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2010/11/30 11:01:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 13:56:24 | 000,575,488 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\OTL.exe
[2010/11/29 13:50:43 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/29 13:50:42 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Spybot - Search & Destroy.lnk
[2010/11/29 10:29:12 | 000,454,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/29 10:29:12 | 000,075,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/29 09:09:16 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/11/29 09:09:16 | 000,092,112 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/11/29 09:09:16 | 000,080,464 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/11/29 09:09:16 | 000,064,080 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/11/28 20:07:55 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/27 21:11:01 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Tammy\My Documents\~$oys Vs. Girls.doc
[2010/11/27 21:09:47 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Microsoft Word.lnk
[2010/11/27 15:10:48 | 000,001,523 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Windows Explorer.lnk
[2010/11/19 17:48:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2010/11/19 17:46:51 | 000,364,032 | ---- | M] () -- C:\Program Files\rkill.com
[2010/11/19 17:42:08 | 000,294,400 | ---- | M] () -- C:\Program Files\exeHelper.com
[2010/11/19 17:39:14 | 000,294,400 | ---- | M] () -- C:\Program Files\exeHelper.scr
[2010/11/19 17:10:19 | 000,575,488 | ---- | M] () -- C:\Program Files\OTL.com
[2010/11/19 17:09:25 | 000,575,488 | ---- | M] () -- C:\Program Files\OTL.scr
[2010/11/19 17:07:42 | 000,575,488 | ---- | M] () -- C:\Program Files\OTL.exe
[2010/11/19 13:37:48 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Error Fix Scan.job
[2010/11/18 15:45:36 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/18 11:52:57 | 000,737,592 | ---- | M] () -- C:\Program Files\ShopAtHome_Toolbar.exe
[2010/11/17 21:07:12 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/11/11 12:43:10 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\DVDVideoSoft Free Studio.lnk
[2010/11/10 19:00:24 | 035,758,536 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/09 13:56:12 | 000,027,984 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/05 22:06:30 | 101,038,733 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/30 11:19:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2010/11/29 14:04:41 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/29 13:56:18 | 000,575,488 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\OTL.exe
[2010/11/29 13:50:43 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/29 13:50:42 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\Spybot - Search & Destroy.lnk
[2010/11/27 21:11:01 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Tammy\My Documents\~$oys Vs. Girls.doc
[2010/11/19 17:46:40 | 000,364,032 | ---- | C] () -- C:\Program Files\rkill.com
[2010/11/19 17:42:04 | 000,294,400 | ---- | C] () -- C:\Program Files\exeHelper.com
[2010/11/19 17:39:10 | 000,294,400 | ---- | C] () -- C:\Program Files\exeHelper.scr
[2010/11/19 17:09:50 | 000,575,488 | ---- | C] () -- C:\Program Files\OTL.com
[2010/11/19 17:09:18 | 000,575,488 | ---- | C] () -- C:\Program Files\OTL.scr
[2010/11/19 17:07:34 | 000,575,488 | ---- | C] () -- C:\Program Files\OTL.exe
[2010/11/19 13:37:46 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\Error Fix Scan.job
[2010/11/18 11:52:57 | 000,737,592 | ---- | C] () -- C:\Program Files\ShopAtHome_Toolbar.exe
[2008/07/14 23:35:30 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tammy\Application Data\dvd.bmk
[2008/02/18 16:40:26 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\Tammy\GoToAssistDownloadHelper.exe
[2007/12/26 23:21:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/15 21:11:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2007/06/17 19:06:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/06/17 19:01:44 | 006,729,728 | ---- | C] () -- C:\Program Files\netlog20.exe
[2007/06/16 07:46:51 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/03 19:35:18 | 002,323,035 | ---- | C] () -- C:\Program Files\NetLogger-3.4.2.tar.gz
[2007/05/21 10:30:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\fusioncache.dat
[2007/05/19 20:26:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/19 20:14:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/05/18 07:57:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/18 07:50:10 | 000,000,214 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/18 07:28:07 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/05/18 07:28:07 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/18 07:28:07 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/05/18 07:28:07 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/05/18 07:28:07 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/05/18 07:28:07 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/05/18 07:28:06 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/05/18 07:26:58 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 00:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:51:16 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbma367f.sys
[2004/08/10 11:51:09 | 000,152,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipnat.sys
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/11/18 11:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\AVG10
[2010/11/18 14:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Bitrix Security
[2007/12/10 00:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Delfyn Software
[2010/11/11 12:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\DVDVideoSoftIEHelpers
[2008/05/06 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\EleFun Games
[2010/11/19 13:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Error Fix
[2010/05/03 14:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Facebook
[2007/12/21 10:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Flood Light Games
[2007/12/15 16:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\FloodLightGames
[2007/12/26 11:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\ForgottenRiddles
[2010/07/15 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Image Zone Express
[2007/06/16 07:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Leadertech
[2009/09/19 11:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\LimeWire
[2009/12/19 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\MSNInstaller
[2008/02/04 13:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\PlayFirst
[2009/06/05 21:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\PopCapv1002
[2009/06/05 21:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\PopCapv1005
[2010/11/11 15:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\PriceGong
[2008/09/20 18:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Printer Info Cache
[2007/12/26 22:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Simple Star
[2007/06/21 00:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Snapfish
[2010/11/19 13:37:48 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\Error Fix Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/28 16:07:23 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/05/18 07:30:24 | 000,006,662 | RH-- | M] () -- C:\dell.sdr
[2008/02/16 12:26:44 | 003,002,730 | ---- | M] () -- C:\DSC00252.JPG
[2008/02/16 12:27:10 | 003,235,664 | ---- | M] () -- C:\DSC00253.JPG
[2008/02/16 12:27:38 | 003,231,599 | ---- | M] () -- C:\DSC00254.JPG
[2008/02/16 12:28:02 | 003,014,619 | ---- | M] () -- C:\DSC00255.JPG
[2008/02/16 12:28:24 | 003,159,057 | ---- | M] () -- C:\DSC00256.JPG
[2008/02/16 12:48:50 | 002,891,006 | ---- | M] () -- C:\DSC00257.JPG
[2008/02/16 12:49:52 | 003,104,014 | ---- | M] () -- C:\DSC00258.JPG
[2008/02/16 13:16:50 | 003,282,067 | ---- | M] () -- C:\DSC00259.JPG
[2008/02/16 13:17:08 | 002,827,244 | ---- | M] () -- C:\DSC00260.JPG
[2008/02/16 13:17:48 | 003,076,018 | ---- | M] () -- C:\DSC00261.JPG
[2008/02/16 13:41:02 | 003,109,318 | ---- | M] () -- C:\DSC00262.JPG
[2008/02/16 15:08:46 | 002,792,109 | ---- | M] () -- C:\DSC00263.JPG
[2008/02/16 15:09:26 | 002,920,433 | ---- | M] () -- C:\DSC00264.JPG
[2008/02/16 15:09:42 | 002,934,619 | ---- | M] () -- C:\DSC00265.JPG
[2008/02/20 21:17:54 | 001,748,127 | ---- | M] () -- C:\DSC00266.JPG
[2008/02/20 21:18:14 | 001,836,992 | ---- | M] () -- C:\DSC00267.JPG
[2008/02/20 21:18:38 | 002,403,456 | ---- | M] () -- C:\DSC00268.JPG
[2008/02/20 21:19:00 | 001,951,947 | ---- | M] () -- C:\DSC00269.JPG
[2008/02/20 21:19:10 | 002,251,888 | ---- | M] () -- C:\DSC00270.JPG
[2008/02/20 21:19:30 | 002,241,929 | ---- | M] () -- C:\DSC00271.JPG
[2008/02/20 21:20:44 | 002,223,847 | ---- | M] () -- C:\DSC00272.JPG
[2008/02/20 21:20:56 | 002,004,952 | ---- | M] () -- C:\DSC00273.JPG
[2008/02/20 21:21:54 | 002,421,630 | ---- | M] () -- C:\DSC00274.JPG
[2008/02/20 21:22:04 | 002,415,506 | ---- | M] () -- C:\DSC00275.JPG
[2008/02/20 21:24:58 | 001,632,183 | ---- | M] () -- C:\DSC00276.JPG
[2008/02/20 21:25:04 | 001,591,087 | ---- | M] () -- C:\DSC00277.JPG
[2008/02/20 21:25:10 | 001,614,954 | ---- | M] () -- C:\DSC00278.JPG
[2008/02/20 21:25:34 | 002,502,713 | ---- | M] () -- C:\DSC00279.JPG
[2008/02/20 21:25:46 | 002,390,319 | ---- | M] () -- C:\DSC00280.JPG
[2008/03/22 20:31:30 | 002,445,965 | ---- | M] () -- C:\DSC00281.JPG
[2008/03/22 20:31:36 | 001,686,732 | ---- | M] () -- C:\DSC00282.JPG
[2008/03/22 20:31:40 | 001,772,386 | ---- | M] () -- C:\DSC00283.JPG
[2008/03/22 20:31:50 | 001,603,036 | ---- | M] () -- C:\DSC00284.JPG
[2008/03/22 20:32:02 | 001,682,187 | ---- | M] () -- C:\DSC00285.JPG
[2010/03/03 15:41:02 | 000,096,264 | ---- | M] (Microsoft Corporation) -- C:\GameuxInstallHelper.dll
[2008/01/10 07:11:26 | 000,000,179 | ---- | M] () -- C:\handle.dat
[2010/12/05 22:20:20 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2007/05/28 15:43:33 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/11/15 01:32:01 | 000,002,769 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/13 17:29:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/05 22:20:19 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2010/11/17 21:07:12 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2007/11/14 12:42:51 | 000,102,468 | ---- | M] () -- C:\playground.log
[2007/10/12 18:56:10 | 000,188,347 | ---- | M] () -- C:\rapport.txt
[2010/11/29 14:09:52 | 000,000,589 | ---- | M] () -- C:\rkill.log
[2009/05/08 21:47:09 | 000,211,968 | ---- | M] () -- C:\ronnie and tammy.doc
[2007/05/18 07:53:46 | 000,000,070 | ---- | M] () -- C:\SystemInfo.ini
[2010/09/29 19:57:19 | 000,073,216 | -HS- | M] () -- C:\Thumbs.db
[2009/12/19 09:35:43 | 000,000,162 | ---- | M] () -- C:\YServer.txt


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I like 6 best as well :D For the next stage after this I will need you to uninstall AVG and either Trend Micro or Norton. As I will need to run combofix if the TDSSKiller shows what I think it will. AVG does not like combofix at all

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

ONCE BACK IN NORMAL MODE

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
livi4461

livi4461

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ok... The OTL doesn't seem to have run a second time so I'll have to reboot using the CD and get it to run because it still isn't being allowed to run from the Desktop. I did get TDSSKiller to run and have attached those files below.

Thanks!!!

Attached Files


  • 0

#6
livi4461

livi4461

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here's the OTL file.

OTL logfile created on: 12/7/2010 7:02:05 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 727.00 Mb Available Physical Memory | 76.00% Memory free
858.00 Mb Paging File | 767.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 153.62 Gb Free Space | 66.86% Space Free | Partition Type: NTFS
Drive D: | 298.01 Gb Total Space | 293.08 Gb Free Space | 98.35% Space Free | Partition Type: FAT32
Unable to calculate disk information.
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/07 15:50:42 | 000,176,408 | ---- | M] (iWin Inc.) [Auto] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/12/06 21:12:48 | 001,590,216 | ---- | M] (UltraVNC) [On_Demand] -- C:\Documents and Settings\Tammy\Local Settings\Application Data\CrossLoop\winvnc.exe -- (uvnc_service)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/02/18 16:40:38 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2007/12/11 03:39:12 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/11/06 17:04:48 | 000,810,632 | ---- | M] (ExtendMedia Inc.) [Auto] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/07 18:27:39 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\vbma367f.sys -- (vbma367f)
DRV - [2010/11/29 09:09:16 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/29 09:09:16 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/11/29 09:09:16 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/11/29 09:09:16 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/02/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/18 07:46:34 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/02/25 20:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/08/23 11:12:38 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/08/15 02:00:18 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 05:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/05 06:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2006/08/05 06:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/07/16 13:10:00 | 000,156,020 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xnd5.SYS -- (EL90X)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070518
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070518


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070518
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070518
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\Tammy_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Tammy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Tammy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Tammy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\Tammy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Tammy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tammy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/04 20:26:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\


O1 HOSTS File: ([2010/12/07 00:04:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Tammy_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Cobian Backup 8] C:\Program Files\Cobian Backup 8\Cobian.exe (Luis Cobian)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\Tammy_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Tammy_ON_C..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\Printkey2000\printkey2000.exe (Fred's Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Tammy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/...nx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} http://zone.msn.com/...rs.1.0.0.39.cab (CPlayFirstPiratePoppersControl Object)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.h...llMgr_v01_6.cab (FixController Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} http://zone.msn.com/...ia.1.0.0.46.cab (CPlayFirstSweetopiaControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/29 13:45:34 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - D:\autorun.in_2.org -- [ FAT32 ]
O32 - AutoRun File - [2010/03/18 20:43:14 | 000,000,105 | -H-- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 18:53:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/12/07 18:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Desktop\tdsskiller
[2010/12/07 00:09:12 | 000,553,984 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/12/07 00:04:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/05 22:32:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2010/12/05 22:32:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\My Documents
[2010/12/04 22:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/12/04 22:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/11/30 11:18:51 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2010/11/30 11:18:49 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/30 11:18:12 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/11/30 11:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/11/30 10:06:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/11/29 14:01:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 14:01:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 14:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/29 10:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro
[2010/11/29 10:18:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2010/11/29 10:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/19 17:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
[2010/11/19 17:14:00 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2010/11/19 10:10:38 | 000,092,112 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/11/19 10:10:04 | 000,064,080 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/11/19 10:10:03 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/11/19 10:10:03 | 000,080,464 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/11/18 15:37:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/18 14:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Bitrix Security
[2010/11/18 13:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/11/18 11:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\AVG10
[2010/11/18 10:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/18 10:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/18 09:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/18 09:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/11 12:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Local Settings\Application Data\Conduit
[2010/11/11 12:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Local Settings\Application Data\DVDVideoSoftTB
[2010/11/11 12:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\DVDVideoSoftIEHelpers
[2010/03/23 09:47:22 | 002,114,184 | ---- | C] (Facebook, Inc.) -- C:\Program Files\Install_Facebook_Plug-In_1.0.3[1]
[2007/08/03 12:14:18 | 050,005,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2007/07/23 19:37:04 | 006,466,517 | ---- | C] (MRX Software ) -- C:\Program Files\cwcom_inst.exe
[2006/02/19 02:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 18:54:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 18:41:55 | 001,230,433 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\tdsskiller.zip
[2010/12/07 18:38:37 | 000,001,523 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Windows Explorer.lnk
[2010/12/07 18:27:58 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/07 18:27:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\vbma367f.sys
[2010/12/07 18:24:06 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/07 18:11:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/07 18:04:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/06 22:12:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/06 22:05:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/30 11:23:37 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/30 11:19:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2010/11/30 11:01:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 13:56:24 | 000,575,488 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\OTL.exe
[2010/11/29 10:29:12 | 000,454,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/29 10:29:12 | 000,075,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/29 09:09:16 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/11/29 09:09:16 | 000,092,112 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/11/29 09:09:16 | 000,080,464 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/11/29 09:09:16 | 000,064,080 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/11/28 20:07:55 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/27 21:11:01 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Tammy\My Documents\~$oys Vs. Girls.doc
[2010/11/27 21:09:47 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Microsoft Word.lnk
[2010/11/19 17:48:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2010/11/19 17:46:51 | 000,364,032 | ---- | M] () -- C:\Program Files\rkill.com
[2010/11/19 17:42:08 | 000,294,400 | ---- | M] () -- C:\Program Files\exeHelper.com
[2010/11/19 17:39:14 | 000,294,400 | ---- | M] () -- C:\Program Files\exeHelper.scr
[2010/11/19 17:10:19 | 000,575,488 | ---- | M] () -- C:\Program Files\OTL.com
[2010/11/19 17:09:25 | 000,575,488 | ---- | M] () -- C:\Program Files\OTL.scr
[2010/11/19 17:07:42 | 000,575,488 | ---- | M] () -- C:\Program Files\OTL.exe
[2010/11/18 15:45:36 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/17 21:07:12 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/11/11 12:43:10 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\DVDVideoSoft Free Studio.lnk
[2010/11/10 19:00:24 | 035,758,536 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/09 13:56:12 | 000,027,984 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/07 18:21:01 | 001,230,433 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\tdsskiller.zip
[2010/12/07 17:31:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbma367f.sys
[2010/11/30 11:19:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2010/11/29 14:04:41 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/29 13:56:18 | 000,575,488 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\OTL.exe
[2010/11/27 21:11:01 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Tammy\My Documents\~$oys Vs. Girls.doc
[2010/11/19 17:46:40 | 000,364,032 | ---- | C] () -- C:\Program Files\rkill.com
[2010/11/19 17:42:04 | 000,294,400 | ---- | C] () -- C:\Program Files\exeHelper.com
[2010/11/19 17:39:10 | 000,294,400 | ---- | C] () -- C:\Program Files\exeHelper.scr
[2010/11/19 17:09:50 | 000,575,488 | ---- | C] () -- C:\Program Files\OTL.com
[2010/11/19 17:09:18 | 000,575,488 | ---- | C] () -- C:\Program Files\OTL.scr
[2010/11/19 17:07:34 | 000,575,488 | ---- | C] () -- C:\Program Files\OTL.exe
[2008/07/14 23:35:30 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tammy\Application Data\dvd.bmk
[2008/02/18 16:40:26 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\Tammy\GoToAssistDownloadHelper.exe
[2007/12/26 23:21:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/15 21:11:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2007/06/17 19:06:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/06/16 07:46:51 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/03 19:35:18 | 002,323,035 | ---- | C] () -- C:\Program Files\NetLogger-3.4.2.tar.gz
[2007/05/21 10:30:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\fusioncache.dat
[2007/05/19 20:26:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/19 20:14:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/05/18 07:57:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/18 07:50:10 | 000,000,214 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/18 07:28:07 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/05/18 07:28:07 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/18 07:28:07 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/05/18 07:28:07 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/05/18 07:28:07 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/05/18 07:28:07 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/05/18 07:28:06 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/05/18 07:26:58 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 00:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:51:09 | 000,152,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipnat.sys
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/11/18 11:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\AVG10
[2010/11/18 14:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Bitrix Security
[2007/12/10 00:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Delfyn Software
[2010/11/11 12:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\DVDVideoSoftIEHelpers
[2008/05/06 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\EleFun Games
[2010/05/03 14:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Facebook
[2007/12/21 10:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Flood Light Games
[2007/12/15 16:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\FloodLightGames
[2007/12/26 11:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\ForgottenRiddles
[2010/07/15 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Image Zone Express
[2007/06/16 07:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Leadertech
[2009/09/19 11:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\LimeWire
[2009/12/19 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\MSNInstaller
[2008/02/04 13:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\PlayFirst
[2008/09/20 18:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Printer Info Cache
[2007/12/26 22:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Simple Star
[2007/06/21 00:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Snapfish

========== Purity Check ==========


< End of report >

Attached Files


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My fault I missed the main driver, however, the MBR infection is clear

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#8
livi4461

livi4461

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ok... That was VERY educational!!!

Here are the logs!

Thanks for all your help so far!!!

ComboFix 10-12-04.06 - Tammy 12/10/2010 14:33:31.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.272 [GMT -5:00]
Running from: c:\documents and settings\Tammy\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\.wtav
c:\documents and settings\Tammy\Application Data\Bitrix Security
c:\documents and settings\Tammy\Application Data\Bitrix Security\cet.txt
c:\documents and settings\Tammy\Application Data\Bitrix Security\fkznq
c:\documents and settings\Tammy\Application Data\Bitrix Security\lmt.txt
c:\documents and settings\Tammy\Application Data\Bitrix Security\mor.txt
c:\documents and settings\Tammy\Application Data\Bitrix Security\mxd1.txt
c:\documents and settings\Tammy\Application Data\Bitrix Security\pbczjhp56_shrd
c:\documents and settings\Tammy\Application Data\Bitrix Security\vnt.txt
c:\documents and settings\Tammy\GoToAssistDownloadHelper.exe
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\Shared
c:\program files\Shared\lib.sig
C:\Thumbs.db
c:\windows\assembly\GAC\__AssemblyInfo__.ini
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\search_res.txt
c:\windows\system32\drivers\vbma367f.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll
I:\autorun.inf

Infected copy of c:\windows\system32\DRIVERS\ipnat.sys was found and disinfected
Restored copy from - The cat found it :D
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_vbma367f


((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.

2010-12-07 05:09 . 2010-10-23 17:55 553984 ----a-r- C:\OTLPE.exe
2010-12-07 05:04 . 2010-12-07 05:04 -------- d-----w- C:\_OTL
2010-12-05 03:22 . 2010-12-05 03:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-30 16:18 . 2010-11-09 18:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-11-30 16:18 . 2010-11-09 18:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-30 16:18 . 2010-11-30 16:18 -------- d-----w- C:\VIPRERESCUE
2010-11-30 16:01 . 2010-11-30 16:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-11-29 19:01 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 19:01 . 2010-11-30 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 19:01 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 15:24 . 2010-11-29 15:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Trend Micro
2010-11-29 15:01 . 2010-12-07 04:08 -------- d-----w- c:\program files\Trend Micro
2010-11-19 22:46 . 2010-11-19 22:46 364032 ----a-w- c:\program files\rkill.com
2010-11-19 22:42 . 2010-11-19 22:42 294400 ----a-w- c:\program files\exeHelper.com
2010-11-19 22:39 . 2010-11-19 22:39 294400 ----a-w- c:\program files\exeHelper.scr
2010-11-19 22:14 . 2010-11-19 22:14 -------- d-----w- c:\documents and settings\Tammy\Application Data\Malwarebytes
2010-11-19 22:14 . 2010-11-19 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-19 22:14 . 2010-11-19 22:48 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
2010-11-19 22:09 . 2010-11-19 22:10 575488 ----a-w- c:\program files\OTL.com
2010-11-19 22:09 . 2010-11-19 22:09 575488 ----a-w- c:\program files\OTL.scr
2010-11-19 22:07 . 2010-11-19 22:07 575488 ----a-w- c:\program files\OTL.exe
2010-11-19 15:10 . 2010-11-29 14:09 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-11-19 15:10 . 2010-11-29 14:09 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-11-19 15:10 . 2010-11-29 14:09 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-11-19 15:10 . 2010-11-29 14:09 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-11-19 00:09 . 2010-11-19 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-11-18 23:33 . 2010-11-18 23:33 -------- dc----w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-18 20:37 . 2010-11-18 20:39 -------- dc-h--w- c:\windows\ie8
2010-11-18 18:45 . 2010-11-18 18:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-18 16:39 . 2010-11-18 16:39 -------- d-----w- c:\documents and settings\Tammy\Application Data\AVG10
2010-11-18 16:27 . 2010-11-18 16:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-18 16:25 . 2010-12-07 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-11 17:43 . 2010-11-12 02:49 -------- d-----w- c:\documents and settings\Tammy\Local Settings\Application Data\Conduit
2010-11-11 17:43 . 2010-11-12 02:58 -------- d-----w- c:\documents and settings\Tammy\Local Settings\Application Data\DVDVideoSoftTB
2010-11-11 17:43 . 2010-11-11 17:43 -------- d-----w- c:\documents and settings\Tammy\Application Data\DVDVideoSoftIEHelpers

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-11 16:13 . 2009-05-07 03:00 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2010-09-29 14:20 . 2009-09-07 15:03 249856 ------w- c:\windows\Setup1.exe
2010-09-29 14:20 . 2009-09-07 15:03 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-18 16:23 . 2004-08-10 16:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 16:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 16:51 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 16:51 953856 ------w- c:\windows\system32\mfc40u.dll
2010-03-23 14:50 . 2010-03-23 14:47 2114184 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3[1]
2007-08-03 17:14 . 2007-08-03 17:14 50005304 ------w- c:\program files\iTunesSetup.exe
2007-07-24 00:37 . 2007-07-24 00:37 6466517 ------w- c:\program files\cwcom_inst.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"Cobian Backup 8"="c:\program files\Cobian Backup 8\Cobian.exe" [2007-09-27 501248]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-11-29 112632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-05-30 5419008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Printkey2000.lnk - c:\program files\Printkey2000\printkey2000.exe [2009-1-8 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-02-18 21:40 10536 ------w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Activision\\C.o.d-4\\iw3mp.exe"=
"c:\\Documents and Settings\\Tammy\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/30/2010 11:18 AM 98392]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [7/7/2010 3:50 PM 176408]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [11/6/2007 5:04 PM 810632]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [11/19/2010 10:10 AM 64080]
S2 Amsp;Trend Micro Solution Platform;"c:\program files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 --> c:\program files\Trend Micro\AMSP\coreServiceShell.exe [?]
S2 gupdate1c9e647cb4d758c;Google Update Service (gupdate1c9e647cb4d758c);c:\program files\Google\Update\GoogleUpdate.exe [6/5/2009 8:40 PM 133104]
S3 uvnc_service;uvnc_service;c:\documents and settings\Tammy\Local Settings\Application Data\CrossLoop\winvnc.exe [3/5/2010 5:54 PM 1590216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 01:40]

2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Tammy\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
LSP: mswsock.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 14:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250820AS rev.3.ADG -> Harddisk0\DR0 -> \Device\00000064

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xF762C119]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; PUSH EBX; PUSH ESI; PUSH EDI; CMP EAX, [0xf762f858]; JNZ 0x1f; MOV EBX, [EBP+0xc]; CALL 0xfffffffffffffd3b; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86140AB8]
3 CLASSPNP[0xF74A7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x860070F0]
\Driver\Disk[0x86174F38] -> IRP_MJ_CREATE -> 0xF762C119
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\mswsock.dll
mswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dll
c:\windows\system32\jscript.dll

- - - - - - - > 'explorer.exe'(3616)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\stsystra.exe
c:\program files\Cobian Backup 8\cbInterface.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\wscript.exe
.
**************************************************************************
.
Completion time: 2010-12-10 15:01:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-10 20:01

Pre-Run: 168,651,100,160 bytes free
Post-Run: 168,651,784,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30

- - End Of File - - D6AC1434BF5F29E261F4727D99E7CF8D

Attached Files


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets have a sweep for orphans now - what are your current problems ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#10
livi4461

livi4461

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for the quick turnaround!

Before running the MBAM, I checked to see if I was still getting the browser redirects. I was... attempting to go to GEEKSTOGO.COM immediately sent me to weirdoland. Then I ran MBAM (report attached) and checked again. It looks like it cleared 3 nasties from my machine. I am not getting the redirects now.

Let me know if I'm clear or if you think there are any lingering nasties.

Attached Files


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was an adware 180 that did not show on the other scans

Looking at that I am a happy bunny ;)

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 23.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u23-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u23-windows-i586-p.exe and select "Run as an Administrator.")


SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe ;)
  • 0

#12
livi4461

livi4461

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Good Evening... perhaps.
Just a note that I have not completed the last round of steps. I started them but got to the ComboFix /Uninstall and it would not uninstall. I also noted that there is no cleanup button on the version of OTL that I have been using from CD (OTLPE), not sure if that makes a difference.

In the interim, I've left the machine running and have the following additional information:
1) I found that I am still getting re-directs :D
2) I ran a FULL SCAN using MBAM and it found lots of 'infections' which I cleaned, not sure if this was expected or not.

So... I'm not sure how you'd like me to proceed but I would love to figure out what nasty has embedded itself so deeply that it's still giving my machine grief.

I also want to say that I REALLY APPRECIATE all your help so far. I couldn't have gotten this far w/o help!!!

Thanks!!!
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you use a router ? As this may indicate and infected router

Could you download a fresh copy of combofix to your desktop and then run it please and I will see what has lodged it self uninvited to your system
  • 0

#14
livi4461

livi4461

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ok... I'm attaching the latest run of Combofix. It encountered several 'errors' before running and I captured screen shots of these just in case they're important. Otherwise, the text file may provide all the information you need.

Lastly, I DO run off a router. We have a cable modem, a router, and a router switchbox. Again, I don't know if this is important so I'm listing it all just in case.

Thanks!

Attached Thumbnails

  • ROUTE.cfxxe.jpg
  • ROUTE.exe.jpg
  • rootkit_activity.gif

Attached Files


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking at what combofix found this time around I suspect an infected router

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

THEN

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\drivers\ucqmqa.sys


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTL log.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP