Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Redirects

Started by sshaw66 , May 29 2011 07:40 AM

  • This topic is locked This topic is locked

#1
sshaw66
Posted 29 May 2011 - 07:40 AM

sshaw66

    Member

  • Member
  • PipPip
  • 12 posts
Hi:

I've got some problems with a browser redirect virus. Running Windows XP. As a background, recently, our system wouldn't let us open any programs when booting up, it was hijacked by a "security protection" pop-up or some such thing that said we had all kinds of viruses and wanted us to purchase some bogus fix. There were no desktop icons and when I clicked Start > All Programs it said it was empty. I was able to do a system restore that enabled me to open programs and IE 8.0, and it works ok now if I manually type in the address. When I do a web search, however, and click on the results, it redirects me to different sites. I also get random pop-ups and once it started Outlook on it's own.

I went through the steps for removal (e.g. Ran OTM, GooredFix, etc., but when I go to run TDSS killer, it won't start.
Please help. Here's the OTL Log:

OTL logfile created on: 5/29/2011 8:31:36 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 52.48% Memory free
2.10 Gb Paging File | 1.56 Gb Available in Paging File | 73.93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 22.52 Gb Free Space | 30.24% Space Free | Partition Type: NTFS
Drive F: | 465.73 Gb Total Space | 379.60 Gb Free Space | 81.51% Space Free | Partition Type: NTFS

Computer Name: DD6JR341 | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/29 08:07:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
PRC - [2010/09/08 11:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/09/08 11:44:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/09/08 11:42:28 | 005,185,536 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/09/08 11:41:36 | 000,237,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe


========== Modules (SafeList) ==========

MOD - [2011/05/29 08:07:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2002/03/09 12:13:45 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/05/18 22:49:52 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2010/09/08 11:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 11:44:50 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 11:41:36 | 000,237,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/04 13:57:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/04/30 19:32:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 19:30:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/02/13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/17 01:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 01:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2008/12/17 01:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2005/05/17 05:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2004/11/22 18:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2004/06/02 13:17:56 | 000,151,985 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2004/05/20 08:45:20 | 000,068,950 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DCCAM)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/03/06 10:57:24 | 000,013,543 | ---- | M] (iRiver, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ifpusb.sys -- (IFPUSB)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/01/01 17:07:26 | 000,038,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys -- (SbcpHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "www.live.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..network.proxy.no_proxies_on: "localhost"


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/10 10:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/10 10:52:50 | 000,000,000 | ---D | M]

[2009/02/17 23:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Extensions
[2010/04/27 10:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\kw55vfvy.default\extensions
[2009/09/11 20:58:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\kw55vfvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/06 10:07:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\kw55vfvy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/27 10:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/28 14:34:02 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2009/06/04 08:11:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/02/12 23:17:15 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

O1 HOSTS File: ([2011/05/29 08:17:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No CLSID value found.
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe (Motive Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: alltel.com ([care] http in Trusted sites)
O15 - HKCU\..Trusted Domains: alltel.com ([care] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229574293140 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.su...ows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8031.4751388889 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (DownloadManager Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{eefbb2dd-4b35-11e0-b285-000cf1890840}\Shell - "" = AutoRun
O33 - MountPoints2\{eefbb2dd-4b35-11e0-b285-000cf1890840}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eefbb2dd-4b35-11e0-b285-000cf1890840}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 08:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\tdsskiller
[2011/05/29 08:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\GooredFix Backups
[2011/05/29 08:25:11 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Sam\Desktop\GooredFix.exe
[2011/05/29 08:17:49 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/29 08:17:02 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTM.exe
[2011/05/29 08:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/29 08:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\erunt
[2011/05/29 08:07:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2011/05/29 02:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\Malwarebytes
[2011/05/29 02:30:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 02:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/29 02:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/29 02:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/29 02:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\My Documents\tdsskiller
[2011/05/29 01:34:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sam\Recent
[2011/05/05 18:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/05/05 11:12:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sam\My Documents\DCS
[4 C:\Documents and Settings\Sam\My Documents\*.tmp files -> C:\Documents and Settings\Sam\My Documents\*.tmp -> ]
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/29 08:26:01 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\tdsskiller.zip
[2011/05/29 08:25:11 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Sam\Desktop\GooredFix.exe
[2011/05/29 08:22:10 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/29 08:21:59 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/29 08:21:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/29 08:21:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/05/29 08:21:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/05/29 08:17:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/05/29 08:17:03 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTM.exe
[2011/05/29 08:09:14 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\erunt.zip
[2011/05/29 08:07:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2011/05/29 03:33:59 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/05/29 02:30:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 02:26:41 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\tdsskiller.zip
[2011/05/29 01:28:03 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/05/28 17:33:25 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
[2011/05/28 17:33:25 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18079524
[2011/05/28 17:29:53 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18079524
[2011/05/28 09:29:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/21 07:42:58 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/20 19:27:10 | 000,000,648 | ---- | M] () -- C:\WINDOWS\DELLSTAT.INI
[2011/05/12 12:35:52 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\Word.lnk
[2011/05/01 18:13:55 | 018,447,360 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/05/01 18:13:51 | 013,926,400 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[4 C:\Documents and Settings\Sam\My Documents\*.tmp files -> C:\Documents and Settings\Sam\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 08:25:55 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\tdsskiller.zip
[2011/05/29 08:09:12 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\erunt.zip
[2011/05/29 02:30:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 02:26:41 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\tdsskiller.zip
[2011/05/28 17:29:56 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
[2011/05/28 17:29:56 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524
[2011/05/28 17:29:53 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18079524
[2010/11/29 18:10:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TIE_3D.INI
[2010/11/27 22:53:33 | 000,160,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/04 13:58:49 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\housecall.guid.cache
[2010/03/03 23:34:31 | 000,061,048 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/05/28 20:04:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/28 19:51:30 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/13 20:59:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/09/12 21:03:34 | 000,010,027 | ---- | C] () -- C:\WINDOWS\_005405_.tmp.dll
[2008/08/03 12:54:08 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2008/03/08 16:41:48 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2008/02/21 00:21:34 | 000,200,736 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/02/16 12:41:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/12/22 11:11:33 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/22 11:11:33 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/20 21:52:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2007/03/04 14:11:37 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\PTLCDBAS.INI
[2007/03/04 14:11:37 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\INIVALUE.INI
[2007/02/18 20:22:20 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/18 20:22:01 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/24 19:42:59 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2006/12/07 20:26:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/26 23:07:40 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/10/14 14:35:04 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\Sam\Application Data\.zreglib
[2006/09/11 19:30:17 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/22 20:25:05 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\Sam\Application Data\PFP110JPR.{PB
[2006/05/22 20:25:04 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\Sam\Application Data\PFP110JCM.{PB
[2005/11/04 11:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/08/17 21:43:37 | 000,000,057 | ---- | C] () -- C:\WINDOWS\einit.ini
[2005/07/08 16:40:49 | 000,000,648 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2005/07/08 16:40:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2005/07/08 16:39:31 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2005/03/24 20:57:30 | 000,002,654 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/02/18 19:33:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\bkimp.INI
[2005/02/17 21:41:52 | 000,001,496 | ---- | C] () -- C:\WINDOWS\books.INI
[2005/02/17 21:20:09 | 000,000,471 | ---- | C] () -- C:\WINDOWS\booktracker.ini
[2004/12/22 21:41:35 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\lex_psu.exe
[2004/12/22 21:41:35 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\lexlelm.dll
[2004/12/22 21:41:35 | 000,000,655 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/12/22 21:41:33 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
[2004/12/22 21:41:33 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ldepcl32.dll
[2004/12/15 20:54:01 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\fusioncache.dat
[2004/04/29 19:48:29 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2004/03/26 18:49:00 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/02/20 21:34:04 | 000,000,602 | ---- | C] () -- C:\WINDOWS\groovmec.ini
[2004/02/16 17:18:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\dm.ini
[2004/02/14 17:00:26 | 000,045,190 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/02/14 16:22:54 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/13 20:35:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/13 20:09:02 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/02/11 21:40:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/02/11 20:23:00 | 000,000,392 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2004/02/04 12:22:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/04 12:18:54 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/02/04 12:14:34 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/02/04 12:12:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/02/04 12:10:45 | 000,000,152 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/04 12:07:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/02/04 11:53:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/02/04 11:51:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/04 11:51:36 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/02/04 11:51:36 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/02/04 11:51:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/04 11:36:08 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/09 21:32:32 | 000,007,532 | ---- | C] () -- C:\WINDOWS\System32\ft66rey.dll
[2003/08/13 23:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/03 10:05:08 | 000,273,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005788_.tmp.dll
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005756_.tmp.dll
[2002/08/29 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/01/01 17:07:26 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1994/09/02 18:01:28 | 000,032,596 | ---- | C] () -- C:\WINDOWS\System32\instsrv.exe
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8423A1CF

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 29 May 2011 - 07:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I may not be able to recover the shortcuts for you as you have done a system restore, but I will try

Download Unhide.exe to your desktop and run

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

NEXT

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No CLSID value found.
    O4 - HKLM..\RunOnceEx: [] File not found
    O29 - HKLM SecurityProviders - (digeste.dll) - File not found
    [2011/05/28 17:33:25 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
    [2011/05/28 17:33:25 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18079524
    [2011/05/28 17:29:53 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18079524


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
sshaw66
Posted 29 May 2011 - 08:47 AM

sshaw66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for the response.

I did as you said, and here's the logs:

aswMBR:

aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-29 09:22:23
-----------------------------
09:22:23.203 OS Version: Windows 5.1.2600 Service Pack 2
09:22:23.203 Number of processors: 1 586 0x209
09:22:23.203 ComputerName: DD6JR341 UserName: Sam
09:22:24.078 Initialize success
09:22:29.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:22:29.531 Disk 0 Vendor: WDC_WD800BB-75FRA0 77.07W77 Size: 76293MB BusType: 3
09:22:31.546 Disk 0 MBR read successfully
09:22:31.546 Disk 0 MBR scan
09:22:31.546 Disk 0 Windows XP default MBR code
09:22:33.546 Disk 0 scanning sectors +156232125
09:22:33.578 Disk 0 scanning C:\WINDOWS\system32\drivers
09:22:45.953 File C:\WINDOWS\system32\drivers\volsnap.sys **SUSPICIOUS**
09:22:45.953 Service scanning
09:22:47.562 Disk 0 trace - called modules:
09:22:47.578 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a59d1ed]<<
09:22:47.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a645ab8]
09:22:47.578 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a62eb00]
09:22:47.578 \Driver\atapi[0x8a62f288] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a59d1ed
09:23:32.843 Unsigned kernel modules:
09:23:32.843 0xf7717000 C:\WINDOWS\system32\drivers\PxHelp20.sys
09:23:33.031 0xf7479000 C:\WINDOWS\system32\drivers\drvmcdb.sys
09:23:33.421 0xf789b000 C:\WINDOWS\system32\drivers\ifpusb.sys
09:23:53.625 0xf79d7000 C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:24:07.203 0xb2689000 C:\WINDOWS\System32\DRIVERS\omci.sys
09:24:10.968 0xa2967000 C:\WINDOWS\system32\drivers\ssrtln.sys
09:24:40.234 0x9fe27000 C:\WINDOWS\system32\drivers\drvnddm.sys
09:24:40.984 0xb9aa9000 C:\WINDOWS\system32\dla\tfsndres.sys
09:24:40.984 0x9f6cf000 C:\WINDOWS\system32\dla\tfsnifs.sys
09:24:41.000 0xb551c000 C:\WINDOWS\system32\dla\tfsnopio.sys
09:24:41.000 0xa4492000 C:\WINDOWS\system32\dla\tfsnpool.sys
09:24:41.046 0xa103e000 C:\WINDOWS\system32\dla\tfsnboio.sys
09:24:41.140 0x9fe07000 C:\WINDOWS\system32\dla\tfsncofs.sys
09:24:41.140 0xa2915000 C:\WINDOWS\system32\dla\tfsndrct.sys
09:24:41.187 0x9f6b7000 C:\WINDOWS\system32\dla\tfsnudf.sys
09:24:41.203 0x9f69e000 C:\WINDOWS\system32\dla\tfsnudfa.sys
09:24:45.000 0xba7a8000 C:\WINDOWS\system32\Drivers\SbcpHid.sys
09:24:46.875 Scan finished successfully
09:25:19.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sam\Desktop\MBR.dat"
09:25:19.468 The log file has been saved successfully to "C:\Documents and Settings\Sam\Desktop\aswMBRlog.txt"


OTL:

OTL logfile created on: 5/29/2011 9:43:03 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 57.44% Memory free
2.10 Gb Paging File | 1.62 Gb Available in Paging File | 77.09% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 22.44 Gb Free Space | 30.13% Space Free | Partition Type: NTFS
Drive F: | 465.73 Gb Total Space | 379.39 Gb Free Space | 81.46% Space Free | Partition Type: NTFS

Computer Name: DD6JR341 | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/29 08:07:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
PRC - [2010/09/08 11:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/09/08 11:44:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/09/08 11:42:28 | 005,185,536 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/09/08 11:41:36 | 000,237,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe


========== Modules (SafeList) ==========

MOD - [2011/05/29 08:07:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2002/03/09 12:13:45 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/05/18 22:49:52 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2010/09/08 11:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 11:44:50 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 11:41:36 | 000,237,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/04 13:57:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/04/30 19:32:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 19:30:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/02/13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/17 01:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 01:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2008/12/17 01:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2005/05/17 05:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2004/11/22 18:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2004/06/02 13:17:56 | 000,151,985 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2004/05/20 08:45:20 | 000,068,950 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DCCAM)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/03/06 10:57:24 | 000,013,543 | ---- | M] (iRiver, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ifpusb.sys -- (IFPUSB)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/01/01 17:07:26 | 000,038,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys -- (SbcpHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "www.live.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..network.proxy.no_proxies_on: "localhost"


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/10 10:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/10 10:52:50 | 000,000,000 | ---D | M]

[2009/02/17 23:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Extensions
[2010/04/27 10:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\kw55vfvy.default\extensions
[2009/09/11 20:58:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\kw55vfvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/06 10:07:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\kw55vfvy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/27 10:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/28 14:34:02 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2009/06/04 08:11:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/02/12 23:17:15 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

O1 HOSTS File: ([2011/05/29 09:26:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe (Motive Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: alltel.com ([care] http in Trusted sites)
O15 - HKCU\..Trusted Domains: alltel.com ([care] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229574293140 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.su...ows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8031.4751388889 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (DownloadManager Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{eefbb2dd-4b35-11e0-b285-000cf1890840}\Shell - "" = AutoRun
O33 - MountPoints2\{eefbb2dd-4b35-11e0-b285-000cf1890840}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eefbb2dd-4b35-11e0-b285-000cf1890840}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 09:22:04 | 000,586,240 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sam\Desktop\aswMBR.exe
[2011/05/29 08:42:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/29 08:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\tdsskiller
[2011/05/29 08:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\GooredFix Backups
[2011/05/29 08:25:11 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Sam\Desktop\GooredFix.exe
[2011/05/29 08:17:49 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/29 08:17:02 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTM.exe
[2011/05/29 08:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/29 08:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\erunt
[2011/05/29 08:07:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2011/05/29 02:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\Malwarebytes
[2011/05/29 02:30:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 02:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/29 02:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/29 02:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/29 02:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\My Documents\tdsskiller
[2011/05/29 01:34:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sam\Recent
[2011/05/05 18:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/05/05 11:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\My Documents\DCS
[4 C:\Documents and Settings\Sam\My Documents\*.tmp files -> C:\Documents and Settings\Sam\My Documents\*.tmp -> ]
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/29 09:41:15 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/29 09:41:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/29 09:40:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/29 09:40:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/05/29 09:40:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/05/29 09:26:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/05/29 09:25:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\MBR.dat
[2011/05/29 09:22:08 | 000,586,240 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sam\Desktop\aswMBR.exe
[2011/05/29 09:06:46 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\unhide.exe
[2011/05/29 08:26:01 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\tdsskiller.zip
[2011/05/29 08:25:11 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Sam\Desktop\GooredFix.exe
[2011/05/29 08:17:03 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTM.exe
[2011/05/29 08:09:14 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\erunt.zip
[2011/05/29 08:07:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2011/05/29 03:33:59 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/05/29 02:30:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 02:26:41 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\tdsskiller.zip
[2011/05/29 01:28:03 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/05/28 09:29:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/21 07:42:58 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/20 19:27:10 | 000,000,648 | ---- | M] () -- C:\WINDOWS\DELLSTAT.INI
[2011/05/12 12:35:52 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\Word.lnk
[2011/05/01 18:13:55 | 018,447,360 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/05/01 18:13:51 | 013,926,400 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[4 C:\Documents and Settings\Sam\My Documents\*.tmp files -> C:\Documents and Settings\Sam\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 09:25:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\MBR.dat
[2011/05/29 09:06:45 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\unhide.exe
[2011/05/29 08:25:55 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\tdsskiller.zip
[2011/05/29 08:09:12 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\erunt.zip
[2011/05/29 02:30:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 02:26:41 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\tdsskiller.zip
[2010/11/29 18:10:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TIE_3D.INI
[2010/11/27 22:53:33 | 000,160,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/04 13:58:49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\housecall.guid.cache
[2010/03/03 23:34:31 | 000,061,048 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/05/28 20:04:14 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/28 19:51:30 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/13 20:59:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/09/12 21:03:34 | 000,010,027 | ---- | C] () -- C:\WINDOWS\_005405_.tmp.dll
[2008/08/03 12:54:08 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2008/03/08 16:41:48 | 000,000,031 | ---- | C] () -- C:\WINDOWS\uccspecc.sys
[2008/02/21 00:21:34 | 000,200,736 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/02/16 12:41:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/12/22 11:11:33 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/22 11:11:33 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/20 21:52:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2007/03/04 14:11:37 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\PTLCDBAS.INI
[2007/03/04 14:11:37 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\INIVALUE.INI
[2007/02/18 20:22:20 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/18 20:22:01 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/24 19:42:59 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2006/12/07 20:26:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/26 23:07:40 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/10/14 14:35:04 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\Sam\Application Data\.zreglib
[2006/09/11 19:30:17 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/22 20:25:05 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\PFP110JPR.{PB
[2006/05/22 20:25:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\PFP110JCM.{PB
[2005/11/04 11:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/08/17 21:43:37 | 000,000,057 | ---- | C] () -- C:\WINDOWS\einit.ini
[2005/07/08 16:40:49 | 000,000,648 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2005/07/08 16:40:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2005/07/08 16:39:31 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2005/03/24 20:57:30 | 000,002,654 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/02/18 19:33:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\bkimp.INI
[2005/02/17 21:41:52 | 000,001,496 | ---- | C] () -- C:\WINDOWS\books.INI
[2005/02/17 21:20:09 | 000,000,471 | ---- | C] () -- C:\WINDOWS\booktracker.ini
[2004/12/22 21:41:35 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\lex_psu.exe
[2004/12/22 21:41:35 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\lexlelm.dll
[2004/12/22 21:41:35 | 000,000,655 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/12/22 21:41:33 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
[2004/12/22 21:41:33 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ldepcl32.dll
[2004/12/15 20:54:01 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\fusioncache.dat
[2004/04/29 19:48:29 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2004/03/26 18:49:00 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/02/20 21:34:04 | 000,000,602 | ---- | C] () -- C:\WINDOWS\groovmec.ini
[2004/02/16 17:18:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\dm.ini
[2004/02/14 17:00:26 | 000,045,190 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/02/14 16:22:54 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/13 20:35:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/13 20:09:02 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/02/11 21:40:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/02/11 20:23:00 | 000,000,392 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2004/02/04 12:22:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/04 12:18:54 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/02/04 12:14:34 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/02/04 12:12:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/02/04 12:10:45 | 000,000,152 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/04 12:07:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/02/04 11:53:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/02/04 11:51:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/04 11:51:36 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/02/04 11:51:36 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/02/04 11:51:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/04 11:36:08 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/09 21:32:32 | 000,007,532 | ---- | C] () -- C:\WINDOWS\System32\ft66rey.dll
[2003/08/13 23:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/03 10:05:08 | 000,273,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005788_.tmp.dll
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005756_.tmp.dll
[2002/08/29 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/01/01 17:07:26 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1994/09/02 18:01:28 | 000,032,596 | ---- | C] () -- C:\WINDOWS\System32\instsrv.exe
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/12/02 17:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/02/20 23:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2005/07/08 16:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/12/02 17:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/12/24 15:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/12/20 21:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2008/02/17 21:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/11/04 21:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/02/16 10:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/11/03 21:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/09/17 23:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/04 14:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Total 3D Home
[2008/01/06 22:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/06/08 19:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VanDyke
[2008/08/03 12:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/27 17:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/04/10 11:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/08 20:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/12/22 11:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\AVSMedia
[2008/02/20 23:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Bitdefender
[2008/03/18 19:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\HorizonWimba
[2011/05/29 01:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\ImgBurn
[2004/02/11 21:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Leadertech
[2005/07/21 20:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Musicmatch
[2008/02/16 12:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\pdf995
[2009/09/12 23:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\scriptocean
[2009/01/31 07:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Snapfish
[2008/02/17 21:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\TaxCut
[2007/12/20 19:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Ulead Systems
[2007/02/21 14:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Viewpoint
[2009/12/20 00:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\VirtualStore
[2006/11/30 22:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Visicom Media
[2007/10/20 21:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\WILLPower

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8423A1CF

< End of report >
  • 0

#4
Essexboy
Posted 29 May 2011 - 08:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok lets get the main culprit

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
sshaw66
Posted 29 May 2011 - 09:26 AM

sshaw66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks----here's the problem: When I download and extract the TDSSKiller, and then try and open/run it from the .exe file, it doesn't do anything---it just hangs. It won't open. I tried Run as, to see if perhaps there was another option, but it won't open the TDSS Killer.

Thoughts?
  • 0

#6
Essexboy
Posted 29 May 2011 - 09:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep there is always a plan B :)

The infected file cannot be cured by aswMBR it just highlights it for me ..... So next trick

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
sshaw66
Posted 29 May 2011 - 10:08 AM

sshaw66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Seems to have worked! Thank you very very much for the help.

Here's the log (below)

Questions:

1. How do I prevent this from happening again? e.g. best course of action.

2. Do you recommend not using IE 8.0? If not, what alternative browser.

3. I've never done a clean re-install of windows. Do you recommend, and if so, direct me to a tutorial?

Thanks.

ComboFix 11-05-27.02 - Sam 05/29/2011 10:43:53.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.1163 [GMT -5:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sam\WINDOWS
c:\program files\Internet Explorer\SET550.tmp
c:\program files\internet optimizer
c:\windows\_005405_.tmp.dll
c:\windows\Fonts\waltdisneyscript.exe
c:\windows\ST6UNST.000
c:\windows\system32\_003542_.tmp.dll
c:\windows\system32\_003543_.tmp.dll
c:\windows\system32\_003544_.tmp.dll
c:\windows\system32\_003545_.tmp.dll
c:\windows\system32\_003552_.tmp.dll
c:\windows\system32\_003553_.tmp.dll
c:\windows\system32\_003554_.tmp.dll
c:\windows\system32\_003556_.tmp.dll
c:\windows\system32\_003557_.tmp.dll
c:\windows\system32\_003560_.tmp.dll
c:\windows\system32\_003561_.tmp.dll
c:\windows\system32\_003563_.tmp.dll
c:\windows\system32\_003564_.tmp.dll
c:\windows\system32\_003565_.tmp.dll
c:\windows\system32\_003567_.tmp.dll
c:\windows\system32\_003570_.tmp.dll
c:\windows\system32\_003571_.tmp.dll
c:\windows\system32\_003575_.tmp.dll
c:\windows\system32\_003576_.tmp.dll
c:\windows\system32\_003578_.tmp.dll
c:\windows\system32\_003581_.tmp.dll
c:\windows\system32\_003583_.tmp.dll
c:\windows\system32\_003584_.tmp.dll
c:\windows\system32\_003585_.tmp.dll
c:\windows\system32\_003586_.tmp.dll
c:\windows\system32\_003589_.tmp.dll
c:\windows\system32\_003590_.tmp.dll
c:\windows\system32\_003591_.tmp.dll
c:\windows\system32\_003592_.tmp.dll
c:\windows\system32\_003593_.tmp.dll
c:\windows\system32\_003598_.tmp.dll
c:\windows\system32\_003600_.tmp.dll
c:\windows\system32\_003601_.tmp.dll
c:\windows\system32\_005745_.tmp.dll
c:\windows\system32\_005746_.tmp.dll
c:\windows\system32\_005747_.tmp.dll
c:\windows\system32\_005748_.tmp.dll
c:\windows\system32\_005755_.tmp.dll
c:\windows\system32\_005756_.tmp.dll
c:\windows\system32\_005757_.tmp.dll
c:\windows\system32\_005758_.tmp.dll
c:\windows\system32\_005760_.tmp.dll
c:\windows\system32\_005761_.tmp.dll
c:\windows\system32\_005764_.tmp.dll
c:\windows\system32\_005765_.tmp.dll
c:\windows\system32\_005767_.tmp.dll
c:\windows\system32\_005768_.tmp.dll
c:\windows\system32\_005769_.tmp.dll
c:\windows\system32\_005771_.tmp.dll
c:\windows\system32\_005773_.tmp.dll
c:\windows\system32\_005774_.tmp.dll
c:\windows\system32\_005775_.tmp.dll
c:\windows\system32\_005779_.tmp.dll
c:\windows\system32\_005780_.tmp.dll
c:\windows\system32\_005782_.tmp.dll
c:\windows\system32\_005785_.tmp.dll
c:\windows\system32\_005787_.tmp.dll
c:\windows\system32\_005788_.tmp.dll
c:\windows\system32\_005789_.tmp.dll
c:\windows\system32\_005790_.tmp.dll
c:\windows\system32\_005791_.tmp.dll
c:\windows\system32\_005794_.tmp.dll
c:\windows\system32\_005795_.tmp.dll
c:\windows\system32\_005796_.tmp.dll
c:\windows\system32\_005797_.tmp.dll
c:\windows\system32\_005798_.tmp.dll
c:\windows\system32\_005801_.tmp.dll
c:\windows\system32\_005803_.tmp.dll
c:\windows\system32\_005805_.tmp.dll
c:\windows\system32\_006754_.tmp.dll
c:\windows\system32\_006755_.tmp.dll
c:\windows\system32\_006756_.tmp.dll
c:\windows\system32\_006757_.tmp.dll
c:\windows\system32\_006764_.tmp.dll
c:\windows\system32\_006765_.tmp.dll
c:\windows\system32\_006766_.tmp.dll
c:\windows\system32\_006768_.tmp.dll
c:\windows\system32\_006769_.tmp.dll
c:\windows\system32\_006772_.tmp.dll
c:\windows\system32\_006773_.tmp.dll
c:\windows\system32\_006775_.tmp.dll
c:\windows\system32\_006776_.tmp.dll
c:\windows\system32\_006777_.tmp.dll
c:\windows\system32\_006779_.tmp.dll
c:\windows\system32\_006782_.tmp.dll
c:\windows\system32\_006783_.tmp.dll
c:\windows\system32\_006787_.tmp.dll
c:\windows\system32\_006788_.tmp.dll
c:\windows\system32\_006790_.tmp.dll
c:\windows\system32\_006793_.tmp.dll
c:\windows\system32\_006795_.tmp.dll
c:\windows\system32\_006796_.tmp.dll
c:\windows\system32\_006797_.tmp.dll
c:\windows\system32\_006798_.tmp.dll
c:\windows\system32\_006801_.tmp.dll
c:\windows\system32\_006802_.tmp.dll
c:\windows\system32\_006803_.tmp.dll
c:\windows\system32\_006804_.tmp.dll
c:\windows\system32\_006805_.tmp.dll
c:\windows\system32\_006810_.tmp.dll
c:\windows\system32\_006812_.tmp.dll
c:\windows\system32\_006813_.tmp.dll
c:\windows\system32\instsrv.exe
c:\windows\system32\rnaph.dll
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ZESOFT
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 13:42 . 2011-05-29 13:42 -------- dc----w- C:\_OTL
2011-05-29 13:17 . 2011-05-29 13:17 -------- dc----w- C:\_OTM
2011-05-29 07:30 . 2011-05-29 07:30 -------- d-----w- c:\documents and settings\Sam\Application Data\Malwarebytes
2011-05-29 07:30 . 2011-05-29 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-29 07:30 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:29 . 2011-05-29 07:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 07:28 . 2011-05-29 07:28 -------- d-----w- c:\documents and settings\My Documents
2011-05-29 06:21 . 2011-05-29 06:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-29 06:14 . 2011-05-29 06:18 -------- d-s---w- c:\documents and settings\Administrator.DD6JR341.000
2011-05-05 23:28 . 2011-05-05 23:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
Windstream Broadband Check-up Center.lnk - c:\program files\ALLTEL DSL Check-up Center\bin\matcli.exe [2006-9-11 217088]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snagit 10.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Snagit 10.lnk
backup=c:\windows\pss\Snagit 10.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Sam\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoLoaderAproposClient
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Pass
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
2003-02-08 22:42 86102 ----a-w- c:\program files\Dell AIO Printer A940\dlbabmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 13:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 16:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 06:07 114688 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 12:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2005-03-15 13:58 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-03-15 13:58 135168 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2004-11-09 15:32 393216 ----a-w- c:\progra~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 ----a-w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
1999-06-02 17:31 34816 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROBOTFTPSCHED]
2004-07-27 05:14 60928 ----a-w- c:\program files\FTPShell\botsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-04 13:11 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-14 02:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-13 04:16 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windstream_BCUC_McciTrayApp]
2010-05-01 00:36 1742336 ----a-w- c:\program files\Windstream_BCUC\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 6:00 AM 14336]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/8/2010 11:41 AM 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9/8/2010 11:45 AM 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9/8/2010 11:44 AM 484352]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [11/27/2010 5:01 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-05-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-14 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: alltel.com\care
TCP: DhcpNameServer = 192.168.254.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\kw55vfvy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.live.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-dimsntfy - (no file)
MSConfigStartUp-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe
MSConfigStartUp-ConMgr - (no file)
MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
MSConfigStartUp-NetZero_uoltray - c:\program files\NetZero\exec.exe
MSConfigStartUp-WeatherDPA - c:\program files\Zango\bin\10.3.79.0\Weather.exe
MSConfigStartUp-ZangoOE - c:\program files\Zango\bin\10.3.79.0\OEAddOn.exe
MSConfigStartUp-ZangoSA - c:\program files\Zango\bin\10.3.79.0\ZangoSA.exe
AddRemove-Juno - c:\program files\Juno\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-29 10:51
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{17DE1F14-B3E4-1035-F057BA15C83B1D27}\{8EADAA70-8C9A-100D-77D42F75FD081297}\{52159879-7142-2CA4-73B8A923B4C8F27A}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(8144)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-29 11:02:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-29 16:02
.
Pre-Run: 23,998,337,024 bytes free
Post-Run: 23,847,346,176 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - DD49BD8495624C35F811130B2BAC5FA3
  • 0

#8
Essexboy
Posted 29 May 2011 - 10:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That does look better - OK we are now in the repair phase I feel. So what are the problems after you have done the following. I will remove my tools and tidy up once you are happy :)

Download and install Service Pack 3 this should replace the majority of your start menu items, if not we will tackle that next

3. I've never done a clean re-install of windows. Do you recommend, and if so, direct me to a tutorial?

I do not feel that will be necessary. However, if you wish to do so then see this tutorial but bear in mind you will need to re-install alll of your programmes and back up all licences and data

Once SP3 is installed then run the following programme to check for orphans

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
sshaw66
Posted 29 May 2011 - 04:56 PM

sshaw66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Yes, thanks. The only problem I am experiencing now is that I am unable to download service pack 3. I get an "access is denied" error message. I'm trying to find a fix for that.

I appreciate your help. Thank you very much.
  • 0

#10
sshaw66
Posted 29 May 2011 - 08:30 PM

sshaw66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I spoke too soon. I am now getting two different pop-ups: (1) the MS Removal tool virus; and (2) the XP Anti-Spyware virus. When I do a web search, it redirects again. I am unable to get into the task manager to quit/stop the programs, and when I run msconfig nothing happens. I am unable to open any programs (e.g. malwarebytes, OTL, etc.) I tried booting into safe mode to run malwarebytes, but the 2 viruses still popped up, and I was unable to run msconfig, etc.

Suggestions?
  • 0

Advertisements

#11
Essexboy
Posted 30 May 2011 - 04:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm something is hiding very deep

Run Combofix again please, allowing it to update if it asks, then we will run TDSSKiller in case you had a double MBR infection

Get a fresh copy of TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#12
sshaw66
Posted 30 May 2011 - 09:14 AM

sshaw66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks. OK did all you said, and here's the TDSS Killer report (did not need to reboot).


2011/05/30 10:09:18.0421 3308 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 10:09:18.0859 3308 ================================================================================
2011/05/30 10:09:18.0859 3308 SystemInfo:
2011/05/30 10:09:18.0859 3308
2011/05/30 10:09:18.0859 3308 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/30 10:09:18.0859 3308 Product type: Workstation
2011/05/30 10:09:18.0859 3308 ComputerName: DD6JR341
2011/05/30 10:09:18.0859 3308 UserName: Sam
2011/05/30 10:09:18.0859 3308 Windows directory: C:\WINDOWS
2011/05/30 10:09:18.0859 3308 System windows directory: C:\WINDOWS
2011/05/30 10:09:18.0859 3308 Processor architecture: Intel x86
2011/05/30 10:09:18.0859 3308 Number of processors: 1
2011/05/30 10:09:18.0859 3308 Page size: 0x1000
2011/05/30 10:09:18.0859 3308 Boot type: Normal boot
2011/05/30 10:09:18.0859 3308 ================================================================================
2011/05/30 10:09:21.0468 3308 Initialize success
2011/05/30 10:09:27.0781 4020 ================================================================================
2011/05/30 10:09:27.0781 4020 Scan started
2011/05/30 10:09:27.0781 4020 Mode: Manual;
2011/05/30 10:09:27.0781 4020 ================================================================================
2011/05/30 10:09:29.0156 4020 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/05/30 10:09:29.0406 4020 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/30 10:09:30.0140 4020 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/05/30 10:09:30.0984 4020 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/30 10:09:31.0468 4020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/30 10:09:31.0765 4020 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/05/30 10:09:32.0468 4020 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/30 10:09:33.0125 4020 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/30 10:09:33.0578 4020 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/30 10:09:34.0203 4020 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/05/30 10:09:34.0765 4020 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/05/30 10:09:35.0375 4020 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/05/30 10:09:35.0718 4020 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/05/30 10:09:36.0250 4020 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/05/30 10:09:36.0765 4020 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/05/30 10:09:37.0625 4020 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/05/30 10:09:38.0859 4020 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/05/30 10:09:39.0718 4020 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/05/30 10:09:40.0515 4020 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/30 10:09:41.0203 4020 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/05/30 10:09:42.0015 4020 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/05/30 10:09:42.0640 4020 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/05/30 10:09:43.0390 4020 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/30 10:09:44.0062 4020 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/30 10:09:45.0062 4020 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/30 10:09:46.0046 4020 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/05/30 10:09:46.0750 4020 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/30 10:09:47.0468 4020 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/30 10:09:48.0031 4020 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/30 10:09:48.0812 4020 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/30 10:09:50.0375 4020 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/30 10:09:51.0718 4020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/30 10:09:52.0468 4020 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/05/30 10:09:53.0812 4020 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/05/30 10:09:55.0375 4020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/30 10:09:56.0953 4020 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/05/30 10:09:57.0890 4020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/30 10:09:58.0531 4020 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/30 10:09:59.0203 4020 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/05/30 10:09:59.0687 4020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/30 10:10:00.0156 4020 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/30 10:10:00.0375 4020 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/30 10:10:00.0796 4020 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/05/30 10:10:01.0093 4020 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/05/30 10:10:01.0703 4020 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/05/30 10:10:01.0953 4020 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/05/30 10:10:02.0906 4020 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/05/30 10:10:03.0406 4020 DCCAM (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2011/05/30 10:10:03.0921 4020 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2011/05/30 10:10:04.0593 4020 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys
2011/05/30 10:10:05.0218 4020 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2011/05/30 10:10:05.0843 4020 DcPTP (47b1ccec23aec5ae6a2005d1a0d8ed65) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2011/05/30 10:10:06.0296 4020 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/30 10:10:06.0812 4020 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/30 10:10:07.0546 4020 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/30 10:10:08.0093 4020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/30 10:10:08.0734 4020 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/30 10:10:09.0640 4020 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/05/30 10:10:10.0468 4020 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/30 10:10:11.0140 4020 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/05/30 10:10:11.0765 4020 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/05/30 10:10:12.0437 4020 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/30 10:10:13.0203 4020 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/05/30 10:10:13.0687 4020 Exportit (20ff28fb3b268e7c76b10841a9f81ba4) C:\WINDOWS\system32\DRIVERS\exportit.sys
2011/05/30 10:10:14.0093 4020 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/30 10:10:14.0656 4020 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/30 10:10:15.0281 4020 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/05/30 10:10:15.0734 4020 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/30 10:10:16.0328 4020 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/30 10:10:17.0046 4020 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/30 10:10:17.0718 4020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/30 10:10:18.0421 4020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/30 10:10:19.0281 4020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/30 10:10:20.0125 4020 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/30 10:10:20.0828 4020 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/30 10:10:21.0625 4020 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/05/30 10:10:22.0781 4020 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/30 10:10:23.0031 4020 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/30 10:10:23.0281 4020 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/05/30 10:10:23.0500 4020 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/30 10:10:23.0734 4020 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/05/30 10:10:23.0984 4020 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/05/30 10:10:24.0203 4020 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/05/30 10:10:24.0468 4020 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/05/30 10:10:24.0734 4020 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/05/30 10:10:24.0953 4020 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/05/30 10:10:25.0187 4020 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/05/30 10:10:25.0390 4020 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/05/30 10:10:25.0843 4020 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/05/30 10:10:26.0046 4020 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/05/30 10:10:26.0250 4020 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/30 10:10:26.0468 4020 IFPUSB (7ecfd849d2f4b1f01b10b711b1f96bb5) C:\WINDOWS\system32\DRIVERS\ifpusb.sys
2011/05/30 10:10:26.0671 4020 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/30 10:10:26.0921 4020 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/05/30 10:10:27.0171 4020 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/05/30 10:10:27.0421 4020 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/30 10:10:27.0671 4020 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/30 10:10:27.0875 4020 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/30 10:10:28.0125 4020 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/30 10:10:28.0312 4020 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/30 10:10:28.0531 4020 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/30 10:10:28.0781 4020 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/30 10:10:29.0062 4020 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/30 10:10:29.0265 4020 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/30 10:10:29.0500 4020 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/30 10:10:30.0000 4020 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/05/30 10:10:30.0250 4020 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/05/30 10:10:30.0500 4020 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
2011/05/30 10:10:32.0265 4020 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/05/30 10:10:32.0656 4020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/30 10:10:33.0046 4020 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/30 10:10:33.0343 4020 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/30 10:10:33.0718 4020 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/30 10:10:34.0062 4020 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/30 10:10:34.0546 4020 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/05/30 10:10:34.0765 4020 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/05/30 10:10:35.0156 4020 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/05/30 10:10:35.0375 4020 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) c:\PROGRA~1\COMMON~1\motive\MRENDIS5.SYS
2011/05/30 10:10:35.0578 4020 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/05/30 10:10:36.0234 4020 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/30 10:10:36.0750 4020 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/30 10:10:37.0359 4020 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/05/30 10:10:37.0796 4020 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/30 10:10:38.0187 4020 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/30 10:10:38.0484 4020 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/30 10:10:38.0937 4020 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/30 10:10:39.0453 4020 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/30 10:10:39.0875 4020 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/30 10:10:40.0281 4020 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/30 10:10:40.0890 4020 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/30 10:10:41.0296 4020 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/30 10:10:41.0703 4020 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/30 10:10:42.0218 4020 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/30 10:10:42.0609 4020 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/30 10:10:43.0171 4020 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/30 10:10:43.0562 4020 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/30 10:10:44.0031 4020 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/30 10:10:44.0406 4020 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/30 10:10:44.0875 4020 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/30 10:10:45.0250 4020 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/30 10:10:45.0921 4020 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/30 10:10:46.0562 4020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/30 10:10:47.0296 4020 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/30 10:10:48.0250 4020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/30 10:10:48.0687 4020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/30 10:10:49.0328 4020 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/30 10:10:49.0734 4020 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/05/30 10:10:50.0234 4020 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/30 10:10:50.0609 4020 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/30 10:10:51.0171 4020 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/30 10:10:51.0718 4020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/30 10:10:52.0375 4020 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/30 10:10:53.0312 4020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/30 10:10:53.0640 4020 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/30 10:10:55.0546 4020 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/05/30 10:10:56.0015 4020 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/05/30 10:10:56.0390 4020 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/30 10:10:56.0750 4020 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/30 10:10:57.0359 4020 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/30 10:10:57.0906 4020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/30 10:10:58.0421 4020 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/05/30 10:10:58.0953 4020 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/05/30 10:10:59.0359 4020 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/05/30 10:10:59.0796 4020 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/05/30 10:11:00.0328 4020 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/05/30 10:11:00.0843 4020 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/05/30 10:11:01.0359 4020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/30 10:11:01.0781 4020 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/30 10:11:02.0343 4020 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/30 10:11:02.0734 4020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/30 10:11:03.0265 4020 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/30 10:11:03.0640 4020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/30 10:11:04.0171 4020 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/30 10:11:04.0734 4020 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/30 10:11:05.0203 4020 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/30 10:11:05.0578 4020 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/30 10:11:06.0078 4020 SbcpHid (aaf28ab6effd8990bfe20398e92f101e) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/05/30 10:11:06.0500 4020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/30 10:11:06.0890 4020 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/30 10:11:07.0406 4020 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/30 10:11:07.0796 4020 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/30 10:11:08.0703 4020 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/05/30 10:11:09.0140 4020 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/30 10:11:09.0640 4020 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/30 10:11:10.0250 4020 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/05/30 10:11:10.0781 4020 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/30 10:11:11.0390 4020 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/30 10:11:11.0843 4020 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/30 10:11:12.0406 4020 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/05/30 10:11:12.0906 4020 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/05/30 10:11:13.0515 4020 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/30 10:11:14.0015 4020 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/30 10:11:14.0468 4020 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/30 10:11:14.0890 4020 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/05/30 10:11:15.0296 4020 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/05/30 10:11:15.0578 4020 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/05/30 10:11:16.0093 4020 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/05/30 10:11:16.0500 4020 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/30 10:11:16.0968 4020 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/30 10:11:17.0343 4020 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/30 10:11:17.0687 4020 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/30 10:11:18.0234 4020 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/30 10:11:18.0625 4020 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/05/30 10:11:18.0921 4020 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/05/30 10:11:19.0343 4020 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/05/30 10:11:19.0750 4020 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
2011/05/30 10:11:20.0390 4020 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/05/30 10:11:20.0781 4020 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/05/30 10:11:21.0390 4020 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/05/30 10:11:21.0859 4020 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/05/30 10:11:22.0265 4020 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/05/30 10:11:22.0703 4020 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/05/30 10:11:23.0312 4020 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/30 10:11:23.0671 4020 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/05/30 10:11:24.0109 4020 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/30 10:11:24.0515 4020 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/30 10:11:24.0953 4020 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/30 10:11:25.0718 4020 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/30 10:11:26.0125 4020 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/30 10:11:26.0453 4020 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/30 10:11:26.0796 4020 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/30 10:11:27.0437 4020 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/30 10:11:28.0046 4020 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/30 10:11:28.0531 4020 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/30 10:11:29.0093 4020 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/30 10:11:29.0562 4020 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/30 10:11:30.0031 4020 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/05/30 10:11:30.0406 4020 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/05/30 10:11:30.0921 4020 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/30 10:11:31.0390 4020 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/30 10:11:31.0734 4020 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/05/30 10:11:32.0578 4020 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/30 10:11:33.0078 4020 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/30 10:11:33.0484 4020 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/30 10:11:33.0984 4020 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/30 10:11:34.0500 4020 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/30 10:11:35.0062 4020 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/05/30 10:11:35.0593 4020 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/05/30 10:11:35.0671 4020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/30 10:11:37.0375 4020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
2011/05/30 10:11:37.0390 4020 ================================================================================
2011/05/30 10:11:37.0390 4020 Scan finished
2011/05/30 10:11:37.0390 4020 ================================================================================
2011/05/30 10:11:37.0406 0988 Detected object count: 0
2011/05/30 10:11:37.0406 0988 Actual detected object count: 0
  • 0

#13
Essexboy
Posted 30 May 2011 - 03:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now re-run combofix allowing it to update
  • 0

#14
sshaw66
Posted 30 May 2011 - 07:07 PM

sshaw66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you. Yes, I'll post the log below. I also was able to get SP3 downloaded. It was a permissions problem that I got fixed, so that is now up and running.


ComboFix 11-05-30.06 - Sam 05/30/2011 19:31:08.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.898 [GMT -5:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
---- Previous Run -------
.
c:\documents and settings\Sam\Application Data\Adobe\plugs
c:\documents and settings\Sam\Application Data\Adobe\shed
c:\documents and settings\Sam\Application Data\Adobe\shed\thr1.chm
c:\documents and settings\Sam\My Documents\iexplore.exe
c:\windows\system32\_003824_.tmp.dll
c:\windows\system32\_003825_.tmp.dll
c:\windows\system32\_003826_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003832_.tmp.dll
c:\windows\system32\_003833_.tmp.dll
c:\windows\system32\_003834_.tmp.dll
c:\windows\system32\_003835_.tmp.dll
c:\windows\system32\_003836_.tmp.dll
c:\windows\system32\_003837_.tmp.dll
c:\windows\system32\_003838_.tmp.dll
c:\windows\system32\_003839_.tmp.dll
c:\windows\system32\_003840_.tmp.dll
c:\windows\system32\_003842_.tmp.dll
c:\windows\system32\_003843_.tmp.dll
c:\windows\system32\_003845_.tmp.dll
c:\windows\system32\_003846_.tmp.dll
c:\windows\system32\_003847_.tmp.dll
c:\windows\system32\_003849_.tmp.dll
c:\windows\system32\_003852_.tmp.dll
c:\windows\system32\_003853_.tmp.dll
c:\windows\system32\_003854_.tmp.dll
c:\windows\system32\_003855_.tmp.dll
c:\windows\system32\_003856_.tmp.dll
c:\windows\system32\_003857_.tmp.dll
c:\windows\system32\_003858_.tmp.dll
c:\windows\system32\_003859_.tmp.dll
c:\windows\system32\_003860_.tmp.dll
c:\windows\system32\_003862_.tmp.dll
c:\windows\system32\_003863_.tmp.dll
c:\windows\system32\_003864_.tmp.dll
c:\windows\system32\_003865_.tmp.dll
c:\windows\system32\_003866_.tmp.dll
c:\windows\system32\_003867_.tmp.dll
c:\windows\system32\_003868_.tmp.dll
c:\windows\system32\_003871_.tmp.dll
c:\windows\system32\_003872_.tmp.dll
c:\windows\system32\_003873_.tmp.dll
c:\windows\system32\_003874_.tmp.dll
c:\windows\system32\_003875_.tmp.dll
c:\windows\system32\_003876_.tmp.dll
c:\windows\system32\_003877_.tmp.dll
c:\windows\system32\_003879_.tmp.dll
c:\windows\system32\_003880_.tmp.dll
c:\windows\system32\_003881_.tmp.dll
c:\windows\system32\_003882_.tmp.dll
c:\windows\system32\_003883_.tmp.dll
c:\windows\system32\_003885_.tmp.dll
c:\windows\system32\_003888_.tmp.dll
c:\windows\system32\_003889_.tmp.dll
c:\windows\system32\_003893_.tmp.dll
c:\windows\system32\_003894_.tmp.dll
c:\windows\system32\_003896_.tmp.dll
c:\windows\system32\_003899_.tmp.dll
c:\windows\system32\_003901_.tmp.dll
c:\windows\system32\_003902_.tmp.dll
c:\windows\system32\_003903_.tmp.dll
c:\windows\system32\_003904_.tmp.dll
c:\windows\system32\_003907_.tmp.dll
c:\windows\system32\_003908_.tmp.dll
c:\windows\system32\_003909_.tmp.dll
c:\windows\system32\_003910_.tmp.dll
c:\windows\system32\_003911_.tmp.dll
c:\windows\system32\_003916_.tmp.dll
c:\windows\system32\_003918_.tmp.dll
c:\windows\system32\_003919_.tmp.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-30 21:33 . 2011-05-30 21:33 -------- d-----w- c:\windows\LastGood
2011-05-30 05:53 . 2011-05-30 05:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-30 04:40 . 2011-05-30 04:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-30 04:36 . 2011-05-30 04:36 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Temp
2011-05-30 04:36 . 2011-05-30 04:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-30 04:35 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-30 04:35 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-30 04:35 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-30 04:35 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-30 04:35 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-30 04:35 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-30 04:35 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-30 04:35 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-30 04:34 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-30 04:34 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-30 04:34 . 2011-05-30 04:34 -------- d-----w- c:\program files\AVAST Software
2011-05-30 04:34 . 2011-05-30 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-30 01:52 . 2011-05-30 01:52 -------- d-----w- c:\documents and settings\Administrator.DD6JR341.001
2011-05-30 01:33 . 2011-05-30 01:33 0 ----a-w- c:\windows\Ydehejejif.bin
2011-05-30 01:33 . 2011-05-30 01:33 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\{9E7D371A-AC73-484F-81DE-A4E3AD55C483}
2011-05-30 01:31 . 2011-05-30 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\eB28258JhKoF28258
2011-05-29 20:15 . 2008-04-14 10:40 177152 ----a-w- c:\windows\system32\SETF9D.tmp
2011-05-29 20:14 . 2008-04-14 10:42 354304 ----a-w- c:\windows\system32\SETF6B.tmp
2011-05-29 20:14 . 2008-04-14 10:42 13824 ----a-w- c:\windows\system32\SETF67.tmp
2011-05-29 20:14 . 2008-04-14 10:42 80896 ----a-w- c:\windows\system32\SETF66.tmp
2011-05-29 20:14 . 2008-04-14 10:42 6656 ----a-w- c:\windows\system32\SETF63.tmp
2011-05-29 20:10 . 2008-04-14 10:41 56320 ----a-w- c:\windows\system32\SET451.tmp
2011-05-29 20:09 . 2008-04-14 10:42 57856 ----a-w- c:\windows\system32\SET202.tmp
2011-05-29 20:06 . 2006-12-29 05:31 19569 ----a-w- c:\windows\003433_.tmp
2011-05-29 20:02 . 2009-12-14 07:08 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-05-29 19:02 . 2008-04-14 10:41 2113536 ----a-w- c:\windows\system32\SETEAA.tmp
2011-05-29 19:02 . 2008-04-14 10:40 177152 ----a-w- c:\windows\system32\SETE73.tmp
2011-05-29 19:02 . 2008-04-14 10:42 28672 ----a-w- c:\windows\system32\SETE46.tmp
2011-05-29 19:02 . 2008-04-14 10:42 354304 ----a-w- c:\windows\system32\SETE41.tmp
2011-05-29 19:02 . 2008-04-14 10:42 13824 ----a-w- c:\windows\system32\SETE3D.tmp
2011-05-29 19:02 . 2008-04-14 10:42 80896 ----a-w- c:\windows\system32\SETE3C.tmp
2011-05-29 19:02 . 2008-04-14 10:42 6656 ----a-w- c:\windows\system32\SETE39.tmp
2011-05-29 19:02 . 2008-04-14 10:42 121856 ----a-w- c:\windows\system32\SETE38.tmp
2011-05-29 18:57 . 2008-04-14 10:41 285184 ----a-w- c:\windows\system32\SET327.tmp
2011-05-29 18:56 . 2008-04-14 10:42 68096 ----a-w- c:\windows\system32\SET187.tmp
2011-05-29 18:54 . 2006-12-29 05:31 19569 ----a-w- c:\windows\003426_.tmp
2011-05-29 18:49 . 2004-08-04 06:00 71040 ----a-w- c:\windows\system32\drivers\_003805_.tmp.dll
2011-05-29 13:42 . 2011-05-29 13:42 -------- dc----w- C:\_OTL
2011-05-29 13:17 . 2011-05-29 13:17 -------- dc----w- C:\_OTM
2011-05-29 07:30 . 2011-05-29 07:30 -------- d-----w- c:\documents and settings\Sam\Application Data\Malwarebytes
2011-05-29 07:30 . 2011-05-29 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-29 07:30 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:29 . 2011-05-29 07:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 07:28 . 2011-05-29 07:28 -------- d-----w- c:\documents and settings\My Documents
2011-05-29 06:21 . 2011-05-29 06:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-29 06:14 . 2011-05-29 06:18 -------- d-s---w- c:\documents and settings\Administrator.DD6JR341.000
2011-05-05 23:28 . 2011-05-05 23:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2011-05-30 53248]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
Windstream Broadband Check-up Center.lnk - c:\program files\ALLTEL DSL Check-up Center\bin\matcli.exe [2006-9-11 217088]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snagit 10.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Snagit 10.lnk
backup=c:\windows\pss\Snagit 10.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Sam\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
2003-02-08 22:42 86102 ----a-w- c:\program files\Dell AIO Printer A940\dlbabmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 13:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 16:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 06:07 114688 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 12:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2005-03-15 13:58 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-03-15 13:58 135168 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2004-11-09 15:32 393216 ----a-w- c:\progra~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 ----a-w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
1999-06-02 17:31 34816 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROBOTFTPSCHED]
2004-07-27 05:14 60928 ----a-w- c:\program files\FTPShell\botsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-04 13:11 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-14 02:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-13 04:16 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windstream_BCUC_McciTrayApp]
2010-05-01 00:36 1742336 ----a-w- c:\program files\Windstream_BCUC\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [5/29/2011 11:35 PM 441176]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/29/2011 11:35 PM 307928]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 6:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/29/2011 11:35 PM 19544]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/8/2010 11:41 AM 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9/8/2010 11:45 AM 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9/8/2010 11:44 AM 484352]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [11/27/2010 5:01 PM 11520]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2011 11:35 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-05-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-14 04:32]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 04:35]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 04:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: alltel.com\care
TCP: DhcpNameServer = 192.168.254.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\kw55vfvy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.live.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49455
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-30 19:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{17DE1F14-B3E4-1035-F057BA15C83B1D27}\{8EADAA70-8C9A-100D-77D42F75FD081297}\{52159879-7142-2CA4-73B8A923B4C8F27A}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5312)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\vssvc.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\msdtc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-30 20:04:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-31 01:04
ComboFix2.txt 2011-05-29 16:02
.
Pre-Run: 20,735,762,432 bytes free
Post-Run: 20,776,210,432 bytes free
.
- - End Of File - - ED45319ADD915B4053198B809912A40E
  • 0

#15
Essexboy
Posted 31 May 2011 - 10:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A few pieces to go, there also appears to be a proxy set up in Firefox did you do that ?

On completion of this can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    2011-05-30 01:33 . 2011-05-30 01:33 0 ----a-w- c:\windows\Ydehejejif.bin
    2011-05-30 01:31 . 2011-05-30 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\eB28258JhKoF28258
    2011-05-29 20:15 . 2008-04-14 10:40 177152 ----a-w- c:\windows\system32\SETF9D.tmp
    2011-05-29 20:14 . 2008-04-14 10:42 354304 ----a-w- c:\windows\system32\SETF6B.tmp
    2011-05-29 20:14 . 2008-04-14 10:42 13824 ----a-w- c:\windows\system32\SETF67.tmp
    2011-05-29 20:14 . 2008-04-14 10:42 80896 ----a-w- c:\windows\system32\SETF66.tmp
    2011-05-29 20:14 . 2008-04-14 10:42 6656 ----a-w- c:\windows\system32\SETF63.tmp
    2011-05-29 20:10 . 2008-04-14 10:41 56320 ----a-w- c:\windows\system32\SET451.tmp
    2011-05-29 20:09 . 2008-04-14 10:42 57856 ----a-w- c:\windows\system32\SET202.tmp
    2011-05-29 20:06 . 2006-12-29 05:31 19569 ----a-w- c:\windows\003433_.tmp
    2011-05-29 19:02 . 2008-04-14 10:41 2113536 ----a-w- c:\windows\system32\SETEAA.tmp
    2011-05-29 19:02 . 2008-04-14 10:40 177152 ----a-w- c:\windows\system32\SETE73.tmp
    2011-05-29 19:02 . 2008-04-14 10:42 28672 ----a-w- c:\windows\system32\SETE46.tmp
    2011-05-29 19:02 . 2008-04-14 10:42 354304 ----a-w- c:\windows\system32\SETE41.tmp
    2011-05-29 19:02 . 2008-04-14 10:42 13824 ----a-w- c:\windows\system32\SETE3D.tmp
    2011-05-29 19:02 . 2008-04-14 10:42 80896 ----a-w- c:\windows\system32\SETE3C.tmp
    2011-05-29 19:02 . 2008-04-14 10:42 6656 ----a-w- c:\windows\system32\SETE39.tmp
    2011-05-29 19:02 . 2008-04-14 10:42 121856 ----a-w- c:\windows\system32\SETE38.tmp
    2011-05-29 18:57 . 2008-04-14 10:41 285184 ----a-w- c:\windows\system32\SET327.tmp
    2011-05-29 18:56 . 2008-04-14 10:42 68096 ----a-w- c:\windows\system32\SET187.tmp
    2011-05-29 18:54 . 2006-12-29 05:31 19569 ----a-w- c:\windows\003426_.tmp
    2011-05-29 18:49 . 2004-08-04 06:00 71040 ----a-w- c:\windows\system32\drivers\_003805_.tmp.dll

    :Files
    ipconfig /flushdns /c
    c:\documents and settings\All Users\Application Data\eB28258JhKoF28258

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP