Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Bytes Scan Locked Me Out - Google Redirect


  • This topic is locked This topic is locked

#31
rsean

rsean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I can't recall...it is not something that was paid that much attention to.

I assume without a D Drive then a parallel install would go to the C drive and overwrite everything (like the files) on the computer. Is there any way to get the files off the computer utilizing some external device?
  • 0

Advertisements


#32
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes use Reatog desktop to copy all your Shared Documents and anything else you can find on the C drive, just copy them to the USB drive
  • 0

#33
rsean

rsean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Ok...so we have a couple of ideas in the air at the moment.

To clarify:

Without the partitioned drive then a parallel install will not work? Or will not work in the sense that all files resident on the machine will be overwritten?

Using Reatog...the approach we used using that program initially was not able to see the hard drive. With that, is there some other avenue/method/approach that you take with the program to copy files from the C drive given that the one we used previous did not see any files on the C drive?

If so, how does one go about it?
  • 0

#34
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Without the partitioned drive then a parallel install will not work? Or will not work in the sense that all files resident on the machine will be overwritten?

A parallel install will create a new windows folder and a new set of users - Here is an explanation of the process as written by one of our Techs

Parallel Installation of Windows XP

Boot to the Windows XP installation cd by pressing a key when the "Press any key to boot from cd" prompt appears at the top of the screen.
  • At the "Welcome to Setup" screen, press Enter to set up Windows XP.
  • Accept the License Agreement by pressing F8
  • With your current installation selected in the box, press Esc
  • Select C: Partition1 [NTFS] in the box and press Enter
  • To continue setup using this partition, press C
  • Now you should see formatting options...choose the last one, Leave the current file system intact (no changes), and press Enter
  • To use a different folder, press Esc
  • Name the folder WINDOWS0 (just type a 0 (zero)) and press Enter
The Windows installation should begin. This will install Windows to a new folder, leaving your data intact. Any programs installed on the old directory will have to be reinstalled to the new one. Device drivers will also have to be installed for all the hardware to work as it should.

The data will be located in the Documents and Settings folder (C:\Documents and Settings) under your old user account name...so when you set up the new installation, give yourself a slightly different user account name.
  • 0

#35
rsean

rsean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Ok...I want to clarify from the standpoint of losing data.

Given this parallel installation of Windows XP you just outlined, are the any circumstances where the files currently residing on the machine will be erased? I ask because I'm not sure what the significance was of your asking if the disk was partitioned.

Also, as far as executing the action, do I put the installation cd in and then boot the machine? Or is there some other sequence of action(s)?
  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The reason behind the partitions was that if you had two partitions we could put it on the unused one and leave the original intact

All of your personal documents and folders will be retained - but any programmes will need re-installing

The procedure is as for doing a full fresh install, rather than a repair. You will end up with two folders for windows, the bad one and the new one. The new one will be used for the boot sequence
  • 0

#37
rsean

rsean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Sorry but I got a little frustrated at all this and enough so, that I turned on the machine, got into Safe Mode, created a Restore Point and from this, was able to log in as usual.

Once there, I ran old timer tfc, updated Vipre definitions and ran MBAM. Here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6516

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/5/2011 7:27:19 PM
mbam-log-2011-05-05 (19-27-19).txt

Scan type: Quick scan
Objects scanned: 229981
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Manager (Trojan.Agent) -> Value: Manager -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


While that was running, Vipre popped with a trojan warning - Trojan.Win32.Kryptik.laq(v). I have it quarantined at the moment but did not run a virus scan yet.

I then deleted the infection per MBAM and reran a scan and it showed all clean.

Out of curiosity, I then checked Firefox and the browser is still being hijacked.

I have not run a virus scan rather I thought I would wait on how to proceed from here.

FYI...I'm communicating to you on the infected machine at the moment.

Joy!!??

Edited by rsean, 05 May 2011 - 05:56 PM.

  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I thought we had tried safe mode with no joy ?

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#39
rsean

rsean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Yes we did try it but that was before we changed the keyboard and then we got distracted and didn't try it again after we changed the keyboard.

Quarantined a new trojan via Vipre: Exploit.PDF-JS Gen (v)

Here is the MBR Log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-06 22:05:08
-----------------------------
22:05:08.375 OS Version: Windows 5.1.2600 Service Pack 3
22:05:08.375 Number of processors: 2 586 0xF06
22:05:08.375 ComputerName: TAMMYST UserName: Tammy
22:05:09.203 Initialize success
22:05:31.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
22:05:31.718 Disk 0 Vendor: SAMSUNG_ ZM10 Size: 152627MB BusType: 3
22:05:31.718 Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskSAMSUNG_HD160JJ#P_______________________ZM100-51#4&10e6a118&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
22:05:31.718 Device \Driver\iaStor -> DriverStartIo 89841af1
22:05:31.734 Disk 0 MBR read successfully
22:05:31.734 Disk 0 MBR scan
22:05:31.734 Disk 0 unknown MBR code
22:05:31.734 Disk 0 scanning sectors +312560640
22:05:31.765 Disk 0 scanning C:\WINDOWS\system32\drivers
22:05:40.843 File C:\WINDOWS\system32\drivers\kbdhid.sys TDL3 **ROOTKIT**
22:05:40.843 Disk 0 trace - called modules:
22:05:40.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89841ecc]<<
22:05:40.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aab6ab8]
22:05:40.875 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89cf9030]
22:05:41.375 [0x89e16b90] -> IRP_MJ_CREATE -> 0x89841ecc
22:05:41.375 Scan finished successfully
22:06:38.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tammy\Desktop\MBR.dat"
22:06:38.171 The log file has been saved successfully to "C:\Documents and Settings\Tammy\Desktop\aswMBR.txt"

Here is the OTL log:


========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006/02/27 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/27 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/27 22:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/27 22:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/24 20:08:31 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/24 20:08:31 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/24 20:08:31 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/24 20:08:27 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/24 20:08:27 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/24 20:08:27 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/24 20:08:31 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/24 20:08:31 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/24 20:08:31 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/24 20:08:27 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/24 20:08:27 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/24 20:08:27 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

< End of report >
  • 0

#40
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can now see the problem

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

THEN

Please run a fresh OTL scan
  • 0

Advertisements


#41
rsean

rsean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Ran the root scan and it found one and have rebooted.

Wanted to know if I do the cut and paste into the OTL or just scan as is?
  • 0

#42
rsean

rsean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here is the OTL scan without the cut and paste:

OTL logfile created on: 5/7/2011 11:03:18 AM - Run 9
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Tammy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.03 Gb Total Space | 53.50 Gb Free Space | 37.94% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 6.07 Gb Free Space | 75.82% Space Free | Partition Type: NTFS
Drive E: | 576.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TAMMYST | User Name: Tammy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 11:03:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tammy\My Documents\Downloads\OTL(2).exe
PRC - [2011/03/24 20:08:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/12/06 21:53:05 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/08/20 09:24:14 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/02/18 16:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/09/28 19:34:20 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/28 19:34:14 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/05/26 10:38:57 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/04/24 04:11:36 | 000,254,600 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\Tammy\Application Data\Smilebox\SmileboxTray.exe
PRC - [2008/11/06 13:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/17 14:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007/02/02 10:43:16 | 000,538,136 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/07/10 14:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/03/30 18:03:34 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Tammy\MLFI Documents\BBLauncher.exe
PRC - [2006/01/12 20:52:32 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2011/05/07 11:03:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tammy\My Documents\Downloads\OTL(2).exe
MOD - [2011/03/09 15:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/12/06 21:53:18 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
MOD - [2006/10/31 10:35:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/10/31 10:35:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/30 17:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/09/28 19:34:20 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/02/02 10:43:16 | 000,538,136 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2010/07/27 04:48:30 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/06/14 14:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 14:54:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/13 07:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/28 19:34:46 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/10/17 21:19:48 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/10/12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/08/24 07:37:50 | 004,374,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/10 11:00:16 | 000,156,160 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/07 17:19:32 | 000,067,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2005/11/14 14:59:00 | 000,007,424 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)
DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 05 6C 07 CB B9 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/06 21:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/05 19:14:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 20:08:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 22:27:20 | 000,000,000 | ---D | M]

[2010/03/30 20:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tammy\Application Data\Mozilla\Extensions
[2010/06/30 08:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tammy\Application Data\Mozilla\Firefox\Profiles\0arnvvk6.default\extensions
[2011/05/06 22:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/25 20:37:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/20 14:13:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/06 21:53:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/03/10 19:32:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 19:14:38 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2011/01/26 09:04:37 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/03/24 18:05:11 | 000,000,570 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\Tammy\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Documents and Settings\Tammy\MLFI Documents\BBLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193934077765 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tammy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tammy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 21:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[6 C:\Documents and Settings\Tammy\My Documents\*.tmp files -> C:\Documents and Settings\Tammy\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Tammy\Desktop\*.tmp files -> C:\Documents and Settings\Tammy\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 11:03:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2739420824-2844446213-3856466181-1008.job
[2011/05/07 11:03:03 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2739420824-2844446213-3856466181-1008.job
[2011/05/07 10:26:07 | 000,383,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/07 10:26:07 | 000,053,812 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/07 10:22:58 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/05/07 10:22:28 | 000,069,166 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2011/05/07 10:22:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 10:22:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 10:22:07 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/05/07 10:21:52 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\bhnhvbgoex.job
[2011/05/07 10:21:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 10:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/07 05:22:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/05/07 04:39:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 22:27:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/06 22:06:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\MBR.dat
[2011/05/06 19:47:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4DF943D9-ADC0-4128-B749-446B5BB6CBD6}.job
[2011/05/06 03:21:21 | 000,309,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/06 03:03:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/06 03:01:22 | 002,001,464 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[6 C:\Documents and Settings\Tammy\My Documents\*.tmp files -> C:\Documents and Settings\Tammy\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Tammy\Desktop\*.tmp files -> C:\Documents and Settings\Tammy\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/06 22:06:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\MBR.dat
[2011/05/05 19:28:13 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/05/05 19:28:13 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/03/31 21:09:58 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\Tammy\Application Data\netstat.bat
[2010/03/18 07:31:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/14 20:19:32 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/03/14 20:19:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/03/12 20:05:23 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/01 22:27:32 | 000,000,974 | -HS- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\Aqq207BjoSDkBCCNB83E4IB00deokoB8
[2010/03/01 22:22:33 | 000,014,094 | -HS- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\c2Ry8i
[2010/03/01 22:20:04 | 000,014,288 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\c2Ry8i
[2009/12/05 13:46:04 | 000,066,504 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/04 20:45:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/08 15:24:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/07/21 14:32:45 | 000,000,112 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/20 18:45:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/06/09 18:09:12 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/05 17:45:59 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\BBUninstall.exe
[2008/05/26 20:31:41 | 000,010,262 | ---- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\FASTWiz.html
[2008/04/23 09:07:03 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2007/10/30 21:16:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/10/12 01:11:58 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/12 10:19:56 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/16 09:53:24 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/14 12:00:55 | 000,000,174 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/05/09 15:38:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/09 15:19:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/04/16 06:23:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/16 06:00:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/16 06:00:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/16 06:00:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/16 06:00:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/16 06:00:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/04/16 06:00:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/16 05:59:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/04/16 05:59:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/11/28 13:03:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/31 10:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 10:35:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/31 10:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 10:35:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/31 10:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 10:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 10:35:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/31 10:35:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/31 10:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 10:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/19 02:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/19 02:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/04/25 14:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 13:43:54 | 000,383,584 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 13:43:54 | 000,053,812 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 13:39:48 | 000,309,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 13:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 13:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/27 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/27 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/27 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/27 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/27 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/27 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/27 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/27 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/10/18 08:49:40 | 000,006,964 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/31 11:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2009/08/23 14:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/02/07 14:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2009/09/20 11:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/10/03 16:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/08/02 12:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2008/07/30 19:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/07 08:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/02/19 21:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiberianStrikeX
[2009/09/20 11:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/09 18:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2010/10/03 16:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/04/23 09:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{008E9AD5-48B1-4141-ADBB-C81A7744608B}
[2010/05/21 22:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/27 21:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/23 15:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\acccore
[2010/02/28 19:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Aim
[2010/04/21 20:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Chessmaster Challenge
[2010/10/03 16:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\GameHouse
[2008/07/02 14:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\InterVideo
[2009/02/08 11:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\iWin
[2008/05/28 11:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\SampleView
[2009/05/09 18:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Smilebox
[2009/05/09 08:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Snapfish
[2008/07/30 08:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Stamps.com Internet Postage
[2009/10/23 07:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Viewpoint
[2008/06/09 18:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\W Photo Studio
[2008/06/09 18:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\W Photo Studio Viewer
[2008/06/09 18:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Walgreens
[2010/02/27 20:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\WildTangent
[2011/05/07 10:21:52 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\bhnhvbgoex.job
[2011/05/06 19:47:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4DF943D9-ADC0-4128-B749-446B5BB6CBD6}.job

========== Purity Check ==========



< End of report >


The TDSKiller:

2011/05/07 10:01:25.0875 4016 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/07 10:01:26.0375 4016 ================================================================================
2011/05/07 10:01:26.0375 4016 SystemInfo:
2011/05/07 10:01:26.0375 4016
2011/05/07 10:01:26.0375 4016 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/07 10:01:26.0375 4016 Product type: Workstation
2011/05/07 10:01:26.0375 4016 ComputerName: TAMMYST
2011/05/07 10:01:26.0375 4016 UserName: Tammy
2011/05/07 10:01:26.0375 4016 Windows directory: C:\WINDOWS
2011/05/07 10:01:26.0375 4016 System windows directory: C:\WINDOWS
2011/05/07 10:01:26.0375 4016 Processor architecture: Intel x86
2011/05/07 10:01:26.0375 4016 Number of processors: 2
2011/05/07 10:01:26.0375 4016 Page size: 0x1000
2011/05/07 10:01:26.0375 4016 Boot type: Normal boot
2011/05/07 10:01:26.0375 4016 ================================================================================
2011/05/07 10:01:26.0593 4016 Initialize success
2011/05/07 10:19:26.0859 2472 ================================================================================
2011/05/07 10:19:26.0859 2472 Scan started
2011/05/07 10:19:26.0859 2472 Mode: Manual;
2011/05/07 10:19:26.0859 2472 ================================================================================
2011/05/07 10:19:27.0453 2472 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/05/07 10:19:27.0500 2472 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/07 10:19:27.0531 2472 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/07 10:19:27.0562 2472 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/07 10:19:27.0593 2472 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
2011/05/07 10:19:27.0656 2472 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/07 10:19:27.0703 2472 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/07 10:19:27.0750 2472 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/07 10:19:27.0781 2472 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/07 10:19:27.0906 2472 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/07 10:19:27.0937 2472 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/07 10:19:27.0968 2472 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/07 10:19:28.0015 2472 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/07 10:19:28.0078 2472 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/07 10:19:28.0093 2472 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/07 10:19:28.0140 2472 Blfp (07a758bffb297819252aa72bab0e6611) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
2011/05/07 10:19:28.0328 2472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/07 10:19:28.0375 2472 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/07 10:19:28.0421 2472 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/07 10:19:28.0453 2472 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/07 10:19:28.0500 2472 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/07 10:19:28.0593 2472 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/07 10:19:28.0671 2472 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/07 10:19:28.0718 2472 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/07 10:19:28.0734 2472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/07 10:19:28.0796 2472 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/07 10:19:28.0843 2472 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/05/07 10:19:28.0906 2472 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/05/07 10:19:28.0968 2472 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/05/07 10:19:29.0000 2472 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/07 10:19:29.0046 2472 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/07 10:19:29.0078 2472 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/07 10:19:29.0140 2472 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/07 10:19:29.0171 2472 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/07 10:19:29.0203 2472 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/07 10:19:29.0234 2472 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/07 10:19:29.0250 2472 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/07 10:19:29.0281 2472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/07 10:19:29.0312 2472 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/07 10:19:29.0375 2472 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/07 10:19:29.0437 2472 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/07 10:19:29.0500 2472 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/07 10:19:29.0531 2472 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/07 10:19:29.0609 2472 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/07 10:19:29.0656 2472 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/07 10:19:29.0703 2472 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/05/07 10:19:29.0734 2472 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/05/07 10:19:29.0750 2472 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/05/07 10:19:29.0765 2472 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/05/07 10:19:29.0781 2472 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/05/07 10:19:29.0812 2472 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/05/07 10:19:29.0828 2472 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
2011/05/07 10:19:29.0843 2472 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
2011/05/07 10:19:29.0875 2472 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
2011/05/07 10:19:29.0875 2472 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/05/07 10:19:29.0906 2472 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/05/07 10:19:29.0921 2472 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/05/07 10:19:29.0937 2472 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/05/07 10:19:29.0953 2472 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
2011/05/07 10:19:29.0968 2472 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
2011/05/07 10:19:30.0046 2472 iaStor (dc96f2e00ba2fdf2a92f9a2229cddcb2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/07 10:19:30.0093 2472 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/07 10:19:30.0328 2472 IntcAzAudAddService (7385944d4f025bd8c498bfd97981e336) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/07 10:19:30.0437 2472 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/07 10:19:30.0468 2472 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/07 10:19:30.0500 2472 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/07 10:19:30.0546 2472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/07 10:19:30.0562 2472 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/07 10:19:30.0609 2472 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/07 10:19:30.0671 2472 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/07 10:19:30.0703 2472 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/07 10:19:30.0765 2472 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/07 10:19:30.0781 2472 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/07 10:19:30.0796 2472 kbdhid (1572d4f75caf7668669cd2c738bcd62b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/07 10:19:30.0796 2472 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\kbdhid.sys. Real md5: 1572d4f75caf7668669cd2c738bcd62b, Fake md5: 9ef487a186dea361aa06913a75b3fa99
2011/05/07 10:19:30.0812 2472 kbdhid - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/07 10:19:30.0859 2472 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/07 10:19:30.0890 2472 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/07 10:19:31.0093 2472 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/05/07 10:19:31.0140 2472 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys
2011/05/07 10:19:31.0171 2472 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/05/07 10:19:31.0203 2472 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
2011/05/07 10:19:31.0250 2472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/07 10:19:31.0281 2472 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/07 10:19:31.0343 2472 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/07 10:19:31.0359 2472 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/07 10:19:31.0375 2472 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/07 10:19:31.0406 2472 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/07 10:19:31.0453 2472 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/07 10:19:31.0484 2472 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/07 10:19:31.0515 2472 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/07 10:19:31.0531 2472 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/07 10:19:31.0578 2472 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/07 10:19:31.0609 2472 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/07 10:19:31.0640 2472 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/07 10:19:31.0687 2472 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/07 10:19:31.0718 2472 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/07 10:19:31.0750 2472 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/07 10:19:31.0781 2472 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/07 10:19:31.0796 2472 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/07 10:19:31.0828 2472 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/07 10:19:31.0859 2472 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/07 10:19:31.0890 2472 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/07 10:19:31.0937 2472 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/07 10:19:31.0953 2472 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/07 10:19:32.0000 2472 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/07 10:19:32.0046 2472 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/07 10:19:32.0093 2472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/07 10:19:32.0265 2472 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/07 10:19:32.0375 2472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/07 10:19:32.0390 2472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/07 10:19:32.0453 2472 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/07 10:19:32.0468 2472 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/07 10:19:32.0484 2472 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/07 10:19:32.0515 2472 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/07 10:19:32.0562 2472 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/07 10:19:32.0609 2472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/07 10:19:32.0656 2472 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/07 10:19:32.0828 2472 PID_PEPI (a7598e897da639e255ad4188fa398478) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/05/07 10:19:32.0906 2472 portD (54cacd86d0eaae952c2dc7ea17a166bb) C:\WINDOWS\system32\DRIVERS\portd2k.sys
2011/05/07 10:19:33.0093 2472 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/07 10:19:33.0109 2472 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/07 10:19:33.0125 2472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/07 10:19:33.0156 2472 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/07 10:19:33.0234 2472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/07 10:19:33.0250 2472 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/07 10:19:33.0265 2472 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/07 10:19:33.0281 2472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/07 10:19:33.0296 2472 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/07 10:19:33.0312 2472 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/07 10:19:33.0343 2472 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/07 10:19:33.0406 2472 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/07 10:19:33.0437 2472 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/07 10:19:33.0500 2472 RimSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/07 10:19:33.0515 2472 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/07 10:19:33.0531 2472 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/07 10:19:33.0687 2472 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/07 10:19:33.0718 2472 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/05/07 10:19:33.0734 2472 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/05/07 10:19:33.0812 2472 sbaphd (8fe075898df6b206d0a5cf0feb581b5e) C:\WINDOWS\system32\drivers\sbaphd.sys
2011/05/07 10:19:33.0828 2472 sbapifs (29658f5353d5b73ca514a784e6aac54e) C:\WINDOWS\system32\drivers\sbapifs.sys
2011/05/07 10:19:33.0890 2472 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREDrv.sys
2011/05/07 10:19:33.0968 2472 SbTis (eb6ae9f7fc9e42d993eb30b2f382bf46) C:\WINDOWS\system32\drivers\sbtis.sys
2011/05/07 10:19:34.0015 2472 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/07 10:19:34.0078 2472 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/07 10:19:34.0125 2472 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/07 10:19:34.0171 2472 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/07 10:19:34.0234 2472 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/07 10:19:34.0296 2472 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/07 10:19:34.0328 2472 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/07 10:19:34.0359 2472 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/07 10:19:34.0390 2472 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/07 10:19:34.0437 2472 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/07 10:19:34.0500 2472 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/07 10:19:34.0578 2472 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/07 10:19:34.0593 2472 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/07 10:19:34.0609 2472 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
2011/05/07 10:19:34.0625 2472 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/07 10:19:34.0656 2472 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/07 10:19:34.0703 2472 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/07 10:19:34.0781 2472 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/07 10:19:34.0828 2472 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/07 10:19:34.0875 2472 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/07 10:19:34.0890 2472 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/07 10:19:34.0953 2472 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/07 10:19:35.0015 2472 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/07 10:19:35.0093 2472 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/07 10:19:35.0125 2472 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/07 10:19:35.0187 2472 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/07 10:19:35.0203 2472 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/07 10:19:35.0218 2472 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/07 10:19:35.0281 2472 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/07 10:19:35.0312 2472 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/07 10:19:35.0343 2472 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/07 10:19:35.0406 2472 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/07 10:19:35.0437 2472 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/07 10:19:35.0468 2472 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/07 10:19:35.0515 2472 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/07 10:19:35.0546 2472 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/07 10:19:35.0609 2472 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/07 10:19:35.0656 2472 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/07 10:19:35.0703 2472 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/07 10:19:35.0718 2472 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/07 10:19:35.0937 2472 ================================================================================
2011/05/07 10:19:35.0937 2472 Scan finished
2011/05/07 10:19:35.0937 2472 ================================================================================
2011/05/07 10:19:35.0968 2160 Detected object count: 1
2011/05/07 10:20:19.0312 2160 kbdhid (1572d4f75caf7668669cd2c738bcd62b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/07 10:20:19.0312 2160 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\kbdhid.sys. Real md5: 1572d4f75caf7668669cd2c738bcd62b, Fake md5: 9ef487a186dea361aa06913a75b3fa99
2011/05/07 10:20:20.0562 2160 Backup copy found, using it..
2011/05/07 10:20:20.0578 2160 C:\WINDOWS\system32\DRIVERS\kbdhid.sys - will be cured after reboot
2011/05/07 10:20:20.0578 2160 Rootkit.Win32.TDSS.tdl3(kbdhid) - User select action: Cure
2011/05/07 10:20:28.0671 3300 Deinitialize success
  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run could you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2010/03/01 22:27:32 | 000,000,974 | -HS- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\Aqq207BjoSDkBCCNB83E4IB00deokoB8
    [2010/03/01 22:22:33 | 000,014,094 | -HS- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\c2Ry8i
    [2010/03/01 22:20:04 | 000,014,288 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\c2Ry8i

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#44
rsean

rsean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
As regards any other problems, it doesn't appear that there are any more issues.

The browser is no longer being hijacked. A new scan with both MBAM and Vipre turned up nothing.

Unless you see anything then I think we have fixed the issue.

Oh....where does this crap keep coming from?!


OTL:

OTL logfile created on: 5/7/2011 12:34:50 PM - Run 11
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Tammy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.03 Gb Total Space | 53.68 Gb Free Space | 38.06% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 6.07 Gb Free Space | 75.82% Space Free | Partition Type: NTFS
Drive E: | 576.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TAMMYST | User Name: Tammy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 12:34:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tammy\My Documents\Downloads\OTL(4).exe
PRC - [2011/05/07 12:30:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/12/06 21:53:05 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/08/20 09:24:14 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2009/05/26 10:38:57 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/04/24 04:11:36 | 000,254,600 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\Tammy\Application Data\Smilebox\SmileboxTray.exe
PRC - [2008/11/06 13:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/02 10:43:16 | 000,538,136 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/07/10 14:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/03/30 18:03:34 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Tammy\MLFI Documents\BBLauncher.exe
PRC - [2006/01/12 20:52:32 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2011/05/07 12:34:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tammy\My Documents\Downloads\OTL(4).exe
MOD - [2011/03/09 15:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/12/06 21:53:18 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
MOD - [2006/10/31 10:35:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/10/31 10:35:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/30 17:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2007/02/02 10:43:16 | 000,538,136 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2010/07/27 04:48:30 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/06/14 14:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 14:54:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/13 07:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2007/10/12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/08/24 07:37:50 | 004,374,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/10 11:00:16 | 000,156,160 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/07 17:19:32 | 000,067,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2005/11/14 14:59:00 | 000,007,424 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)
DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 05 6C 07 CB B9 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/06 21:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/05 19:14:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 12:30:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 12:30:08 | 000,000,000 | ---D | M]

[2010/03/30 20:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tammy\Application Data\Mozilla\Extensions
[2010/06/30 08:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tammy\Application Data\Mozilla\Firefox\Profiles\0arnvvk6.default\extensions
[2011/05/07 12:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/25 20:37:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/20 14:13:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/07 12:31:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/12/06 21:53:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/03/10 19:32:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 19:14:38 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2011/01/26 09:04:37 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/05/07 12:12:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\Tammy\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Documents and Settings\Tammy\MLFI Documents\BBLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193934077765 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tammy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tammy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 12:12:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/07 11:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Desktop\Copy of Desktop Photos
[2011/05/07 11:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Desktop\Desktop Photos
[2011/05/05 21:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[6 C:\Documents and Settings\Tammy\My Documents\*.tmp files -> C:\Documents and Settings\Tammy\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Tammy\Desktop\*.tmp files -> C:\Documents and Settings\Tammy\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 12:35:15 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2739420824-2844446213-3856466181-1008.job
[2011/05/07 12:35:15 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2739420824-2844446213-3856466181-1008.job
[2011/05/07 12:19:57 | 000,383,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/07 12:19:57 | 000,053,812 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/07 12:16:19 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/05/07 12:15:56 | 000,069,166 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2011/05/07 12:15:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 12:15:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 12:15:34 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/05/07 12:15:19 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\bhnhvbgoex.job
[2011/05/07 12:15:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 12:12:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/07 12:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/07 05:22:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/05/07 04:39:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 22:27:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/06 22:06:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\MBR.dat
[2011/05/06 19:47:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4DF943D9-ADC0-4128-B749-446B5BB6CBD6}.job
[2011/05/06 03:21:21 | 000,309,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/06 03:03:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/06 03:01:22 | 002,001,464 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[6 C:\Documents and Settings\Tammy\My Documents\*.tmp files -> C:\Documents and Settings\Tammy\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Tammy\Desktop\*.tmp files -> C:\Documents and Settings\Tammy\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 11:47:38 | 007,801,622 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\Copy of Jimmy Grad2.JPG
[2011/05/06 22:06:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\MBR.dat
[2011/05/05 19:28:13 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/05/05 19:28:13 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/03/31 21:09:58 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\Tammy\Application Data\netstat.bat
[2010/03/18 07:31:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/14 20:19:32 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/03/14 20:19:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/03/12 20:05:23 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/05 13:46:04 | 000,066,504 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/04 20:45:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/08 15:24:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/07/21 14:32:45 | 000,000,112 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/20 18:45:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/06/09 18:09:12 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/05 17:45:59 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\BBUninstall.exe
[2008/05/26 20:31:41 | 000,010,262 | ---- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\FASTWiz.html
[2008/04/23 09:07:03 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2007/10/30 21:16:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/10/12 01:11:58 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/12 10:19:56 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/16 09:53:24 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/14 12:00:55 | 000,000,174 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/05/09 15:38:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/09 15:19:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/04/16 06:23:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/16 06:00:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/16 06:00:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/16 06:00:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/16 06:00:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/16 06:00:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/04/16 06:00:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/16 05:59:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/04/16 05:59:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/11/28 13:03:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/31 10:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 10:35:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/31 10:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 10:35:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/31 10:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 10:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 10:35:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/31 10:35:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/31 10:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 10:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/19 02:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/19 02:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/04/25 14:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 13:43:54 | 000,383,584 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 13:43:54 | 000,053,812 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 13:39:48 | 000,309,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 13:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 13:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/27 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/27 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/27 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/27 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/27 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/27 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/27 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/27 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/10/18 08:49:40 | 000,006,964 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/31 11:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2009/08/23 14:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/02/07 14:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2009/09/20 11:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/10/03 16:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/08/02 12:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2008/07/30 19:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/07 08:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/02/19 21:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiberianStrikeX
[2009/09/20 11:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/09 18:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2010/10/03 16:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/04/23 09:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{008E9AD5-48B1-4141-ADBB-C81A7744608B}
[2010/05/21 22:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/27 21:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/23 15:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\acccore
[2010/02/28 19:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Aim
[2010/04/21 20:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Chessmaster Challenge
[2010/10/03 16:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\GameHouse
[2008/07/02 14:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\InterVideo
[2009/02/08 11:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\iWin
[2008/05/28 11:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\SampleView
[2009/05/09 18:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Smilebox
[2009/05/09 08:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Snapfish
[2008/07/30 08:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Stamps.com Internet Postage
[2009/10/23 07:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Viewpoint
[2008/06/09 18:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\W Photo Studio
[2008/06/09 18:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\W Photo Studio Viewer
[2008/06/09 18:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Walgreens
[2010/02/27 20:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\WildTangent
[2011/05/07 12:15:19 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\bhnhvbgoex.job
[2011/05/06 19:47:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4DF943D9-ADC0-4128-B749-446B5BB6CBD6}.job

========== Purity Check ==========



< End of report >
  • 0

#45
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One more to kill.... As to where they come from, the majority now appear to be from infected web pages with inserted Javascript redirects to the malware servers.. Once there then it will try to download the malware or get you to do it by injudicious clicking

Subject to no further problems :unsure:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :yes:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/05/07 12:15:19 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\bhnhvbgoex.job

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP