Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SVCHOST.exe Virus? [Solved]

Started by mostsleek , Feb 04 2012 11:31 AM

  • This topic is locked This topic is locked

#1
mostsleek
Posted 04 February 2012 - 11:31 AM

mostsleek

    Member

  • Member
  • PipPip
  • 85 posts
The computer will boot up run fine for a few minutes...then SVCHOST goes crazy...takes all the CPU and eats up all the memory and continues to climb. I ran MBAM and it found and removed some Trojans. I ran Microsoft Virus finder tool and it found nothing. After attempting to boot into SAFE MODE(NO NETWORK) it first rebooted itself, then trying SAFE MODE again it froze. After rebooting normally it ran Check Disk and froze on the second check, index. If I restart with out running CHKDSK it boots up normal...then SVCHOST takes over.

Also there are few...and I mean very few Google redirects. I have not seen it happen but the user says it happens...

Task Manager: Posted Image

Thank you.

Here is the OTL:

OTL logfile created on: 2/4/2012 12:20:58 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bonnie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.24 Gb Available Physical Memory | 12.07% Memory free
3.79 Gb Paging File | 1.89 Gb Available in Paging File | 49.83% Paging File free
Paging file location(s): D:\pagefile.sys 1983 1983 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.01 Gb Total Space | 16.47 Gb Free Space | 54.89% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 0.00 Gb Free Space | 0.25% Space Free | Partition Type: NTFS
Drive E: | 42.60 Gb Total Space | 40.97 Gb Free Space | 96.17% Space Free | Partition Type: NTFS

Computer Name: MOM | User Name: Bonnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bonnie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3489.18174__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3489.18178__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3489.18085__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3489.18132__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3489.18159__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3489.18145__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3489.18067__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3489.18086__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3489.18140__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3489.18075__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3489.18122__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3489.18080__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3489.18109__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3489.18075__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3489.18174__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3489.18174__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3489.18094__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3489.18160__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3489.18085__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3489.18085__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3489.18094__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3489.18097__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3489.18127__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3489.18127__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3489.18096__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3489.18126__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3489.18111__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3489.18135__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3489.18111__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3489.18141__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3489.18076__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3489.18087__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3489.18106__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3489.18086__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3489.18120__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3489.18109__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3489.18090__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3489.18120__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3489.18121__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3489.18123__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3489.18110__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3489.18110__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3489.18186__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3489.18167__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3489.18063__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3489.18148__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3489.18080__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3489.18154__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3489.18065__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3489.18152__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3489.18066__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3489.18071__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3489.18065__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3489.18064__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3489.18063__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3489.18153__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (nosGetPlusHelper) getPlus® -- File not found
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)


[2005/04/30 17:29:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bonnie\Application Data\Mozilla\Firefox\Profiles\0npo8uga.default\extensions
[2005/04/30 17:29:50 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Bonnie\Application Data\Mozilla\Firefox\Profiles\0npo8uga.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/04/30 17:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/03/01 06:10:00 | 000,832,728 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2011/11/25 21:03:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35C2ED20-2082-469F-A309-E606B2623969}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bonnie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bonnie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/15 20:02:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 12:18:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bonnie\Desktop\OTL.exe
[2012/02/02 19:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2012/02/02 19:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/01/31 20:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/01/30 00:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 00:30:14 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/30 00:29:41 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- E:\mbam-setup-1.60.0.1800.exe
[2012/01/26 21:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/26 21:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/23 19:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/23 19:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/23 19:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/16 19:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonnie\Local Settings\Application Data\msapidsc

========== Files - Modified Within 30 Days ==========

[2012/02/04 12:11:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bonnie\Desktop\OTL.exe
[2012/02/04 12:06:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/04 11:01:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/04 11:00:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/04 10:46:46 | 000,000,007 | ---- | M] () -- E:\Bonnie.kdb.lock
[2012/02/02 22:34:28 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 00:29:45 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- E:\mbam-setup-1.60.0.1800.exe
[2012/01/30 00:25:03 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012/01/25 20:52:59 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Bonnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk

========== Files Created - No Company Name ==========

[2012/01/30 00:30:15 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 19:05:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/20 12:27:47 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/20 12:27:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/20 12:27:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/20 12:27:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/20 12:27:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/12 17:32:04 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/09/12 17:10:46 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/06/07 12:53:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/06/07 12:53:43 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/07 12:53:42 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/07 12:53:41 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/06/07 12:53:41 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/05/11 11:56:37 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/03/09 10:18:05 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/03/09 10:18:05 | 000,002,550 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2005/12/28 23:11:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atlvv.dll
[2005/11/22 20:19:25 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Bonnie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/27 20:17:09 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/05/07 13:41:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/30 17:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/30 17:29:32 | 000,004,361 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/04/24 21:46:12 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/03/15 20:05:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/15 19:59:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/15 14:49:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/15 14:48:14 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/03 20:07:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 20:07:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 20:07:00 | 000,432,862 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/03 20:07:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 20:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 20:07:00 | 000,067,818 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/03 20:07:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 20:07:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 20:07:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 20:07:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 20:07:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 20:07:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/10/23 21:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/09/17 16:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/03/21 21:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2006/02/22 09:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/09 16:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/01/21 15:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/07/18 10:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonnie\Application Data\Aim
[2011/11/24 20:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonnie\Application Data\Big Fish Games
[2009/09/17 16:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonnie\Application Data\Flood Light Games
[2009/09/09 19:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonnie\Application Data\MSNInstaller
[2009/09/09 16:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonnie\Application Data\PlayFirst
[2009/08/29 15:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonnie\Application Data\Reflexivev1005
[2009/09/03 21:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonnie\Application Data\SpinTop Games
[2007/01/21 15:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonnie\Application Data\Viewpoint

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 04 February 2012 - 11:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets have a quick check

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
mostsleek
Posted 04 February 2012 - 12:52 PM

mostsleek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Thank you for the quick reply.

AVAST asked to update, I said yes...thats why it took so long.

Here is the AVAST LOG:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-04 12:47:21
-----------------------------
12:47:21.140 OS Version: Windows 5.1.2600 Service Pack 3
12:47:21.140 Number of processors: 1 586 0xA00
12:47:21.140 ComputerName: MOM UserName:
12:47:22.671 Initialize success
13:13:13.750 AVAST engine defs: 12020401
13:35:49.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
13:35:49.875 Disk 0 Vendor: SAMSUNG_SP0802N TK200-04 Size: 76351MB BusType: 3
13:35:49.875 Device \Driver\atapi -> DriverStartIo 8a1fe2c6
13:35:49.875 Disk 0 MBR read successfully
13:35:49.890 Disk 0 MBR scan
13:35:49.937 Disk 0 MBR:Pihar-C [Rtk]
13:35:49.953 Disk 0 TDL4@MBR code has been found
13:35:49.953 Disk 0 Windows XP default MBR code found via API
13:35:49.953 Disk 0 MBR hidden
13:35:49.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 30727 MB offset 63
13:35:49.953 Disk 0 Partition - 00 05 Extended 45618 MB offset 62929440
13:35:49.968 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2000 MB offset 62929503
13:35:49.968 Disk 0 Partition - 00 05 Extended 43617 MB offset 67026960
13:35:50.500 Disk 0 MBR [TDL4] **ROOTKIT**
13:35:50.500 Disk 0 trace - called modules:
13:35:50.515 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a1fe49f]<<
13:35:50.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a634ab8]
13:35:50.515 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000005b[0x8a6a79e8]
13:35:50.515 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a67fd98]
13:35:50.515 \Driver\atapi[0x8a2ad218] -> IRP_MJ_CREATE -> 0x8a1fe49f
13:35:51.406 AVAST engine scan C:\WINDOWS
13:36:09.531 AVAST engine scan C:\WINDOWS\system32
13:38:24.265 AVAST engine scan C:\WINDOWS\system32\drivers
13:38:37.531 AVAST engine scan C:\Documents and Settings\Bonnie
13:41:57.796 AVAST engine scan C:\Documents and Settings\All Users
13:42:06.937 Scan finished successfully
13:50:09.484 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
13:50:09.515 The log file has been saved successfully to "F:\aswMBR.txt"
  • 0

#4
Essexboy
Posted 04 February 2012 - 02:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No that was good as it has found the culprit

Re-Run aswMBR

Click Scan

On completion of the scanClick the Fix Button


Posted Image


Save the log as before and post in your next reply
  • 0

#5
mostsleek
Posted 04 February 2012 - 04:28 PM

mostsleek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
AVAST did it thing and said to reboot. I saved the log and am in the process of rebooting. It is still doing/asking the check disk. I did not allow it to run since the last time it did it froze at step 2, indexing.

Here is the AVASTFIX LOG:


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-04 15:42:14
-----------------------------
15:42:14.437 OS Version: Windows 5.1.2600 Service Pack 3
15:42:14.437 Number of processors: 1 586 0xA00
15:42:14.437 ComputerName: MOM UserName:
15:42:18.796 Initialize success
15:42:39.078 AVAST engine defs: 12020401
15:42:49.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
15:42:49.203 Disk 0 Vendor: SAMSUNG_SP0802N TK200-04 Size: 76351MB BusType: 3
15:42:49.203 Device \Driver\atapi -> DriverStartIo 8a2f92c6
15:42:49.250 Disk 0 MBR read successfully
15:42:49.250 Disk 0 MBR scan
15:42:49.390 Disk 0 MBR:Pihar-C [Rtk]
15:42:49.390 Disk 0 TDL4@MBR code has been found
15:42:49.390 Disk 0 Windows XP default MBR code found via API
15:42:49.390 Disk 0 MBR hidden
15:42:49.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 30727 MB offset 63
15:42:49.453 Disk 0 Partition - 00 05 Extended 45618 MB offset 62929440
15:42:49.484 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2000 MB offset 62929503
15:42:49.484 Disk 0 Partition - 00 05 Extended 43617 MB offset 67026960
15:42:49.953 Disk 0 MBR [TDL4] **ROOTKIT**
15:42:49.953 Disk 0 trace - called modules:
15:42:49.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a2f949f]<<
15:42:49.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a634ab8]
15:42:49.968 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000005b[0x8a6a79e8]
15:42:49.968 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a67fd98]
15:42:49.968 \Driver\atapi[0x8a3aaca8] -> IRP_MJ_CREATE -> 0x8a2f949f
15:42:53.171 AVAST engine scan C:\WINDOWS
15:43:54.968 AVAST engine scan C:\WINDOWS\system32
15:46:53.390 AVAST engine scan C:\WINDOWS\system32\drivers
15:47:06.890 AVAST engine scan C:\Documents and Settings\Bonnie
15:50:12.343 AVAST engine scan C:\Documents and Settings\All Users
15:50:21.359 Scan finished successfully
17:22:20.468 Disk 0 MBR read successfully
17:22:20.484 Disk 0 MBR:Pihar-C [Rtk]
17:22:20.484 Disk 0 TDL4@MBR code has been found
17:22:20.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 30727 MB offset 63
17:22:20.484 Disk 0 Partition - 00 05 Extended 45618 MB offset 62929440
17:22:20.500 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2000 MB offset 62929503
17:22:20.515 Disk 0 Partition - 00 05 Extended 43617 MB offset 67026960
17:22:20.531 Disk 0 fixing MBR ...
17:22:20.531 Disk 0 MBR restored successfully
17:22:20.531 Verifying disinfection
17:22:32.546 Infection fixed successfully - please reboot ASAP
17:24:26.546 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
17:24:26.734 The log file has been saved successfully to "F:\aswMBRFIX.txt"
  • 0

#6
Essexboy
Posted 04 February 2012 - 04:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does this happen every time you boot ?

if so then do the following and let me know what is says

click Start> Run>
Type CMD
In the box that opens type
fsutil dirty query C:
  • 0

#7
mostsleek
Posted 04 February 2012 - 04:49 PM

mostsleek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Since trying to do a safe boot to run MBAM. It froze during the safe boot and since then it has been doing/asking on every start up.

It said that C: it is dirty. Should I let check disk run? How long should/does it normally take, step one took less then a minute then step two, indexing just sat there at "0" for about 5-8 minutes before I did a hard restart.


EDIT:
The internet is running super slow. Even after the fixes that have been performed. For example I ran the Avast on my PC and the updater was moving around 600kbs, the infected one was only around 50kbs. We both use the same ISP and router. The only difference I use FireFox and the other IE8.

Edited by mostsleek, 04 February 2012 - 10:09 PM.

  • 0

#8
Essexboy
Posted 05 February 2012 - 04:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes allow the checkdisc to complete, you probably have some corrupted files from where you hard booted.. It may take up to an hour
  • 0

#9
mostsleek
Posted 05 February 2012 - 11:36 AM

mostsleek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
OK Check Disk ran. It did not take as long to get moving, as the first time it was froze at 0%.

As for the state of the computer, Internet Explorer is still running slow. I am not as familiar with IE since I use FireFox. I asked her how it was running. She said that the computer overall seemed to be loading faster from start up and opening programs. Loading her homepage, Yahoo, was normal. Going to tvguide.com froze IE and caused it to have an illegal operation and had to be shut down with the Task Manager. In my opinion her IE was running slow. Even just opening IE loading the home page and then closing IE normally will cause it to freeze, or it will close but the IE is still "open" in the Windows Task Bar, or it will close normally.

It might be a hardware issue. Before I suspected a virus I ran MEMTEST86 to make sure her memory was fine, and it was. I did not run any HDD tests, however, I suspect it should be fine. I should check to see if there have been any driver updates for her video card since that was an add on I did a few years ago.
  • 0

#10
Essexboy
Posted 05 February 2012 - 11:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now run a final scan with OTL and I feel that when I empty the temp files the IE problems will improve

Run OTL and select all users then press the scan button

There will be just one log
  • 0

Advertisements

#11
mostsleek
Posted 05 February 2012 - 12:07 PM

mostsleek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
The computer seems to be running better. Before I ran OTL, she was using the computer, IE just browsing the web and she said that it was running normal. She said that before usually with in 5-10 minutes of using IE it would crash or freeze up. That is not the case now.

Here is the OTL LOG:

OTL logfile created on: 2/5/2012 1:00:16 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bonnie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.57% Memory free
3.79 Gb Paging File | 3.49 Gb Available in Paging File | 92.19% Paging File free
Paging file location(s): D:\pagefile.sys 1983 1983 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.01 Gb Total Space | 16.71 Gb Free Space | 55.70% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 0.00 Gb Free Space | 0.25% Space Free | Partition Type: NTFS
Drive E: | 42.60 Gb Total Space | 40.97 Gb Free Space | 96.17% Space Free | Partition Type: NTFS

Computer Name: MOM | User Name: Bonnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bonnie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3489.18174__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3489.18178__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3489.18085__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3489.18132__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3489.18159__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3489.18145__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3489.18067__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3489.18086__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3489.18140__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3489.18075__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3489.18122__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3489.18080__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3489.18109__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3489.18075__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3489.18174__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3489.18174__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3489.18094__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3489.18160__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3489.18085__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3489.18085__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3489.18094__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3489.18097__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3489.18127__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3489.18127__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3489.18096__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3489.18126__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3489.18111__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3489.18135__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3489.18111__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3489.18141__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3489.18076__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3489.18087__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3489.18106__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3489.18086__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3489.18120__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3489.18109__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3489.18090__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3489.18120__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3489.18121__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3489.18123__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3489.18110__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3489.18110__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3489.18186__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3489.18167__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3489.18063__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3489.18148__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3489.18080__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3489.18154__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3489.18065__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3489.18152__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3489.18066__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3489.18071__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3489.18065__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3489.18064__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3489.18063__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3489.18153__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()


========== Win32 Services (SafeList) ==========

SRV - (nosGetPlusHelper) getPlus® -- File not found
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-796845957-1214440339-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-796845957-1214440339-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-796845957-1214440339-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-796845957-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)


[2005/04/30 17:29:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bonnie\Application Data\Mozilla\Firefox\Profiles\0npo8uga.default\extensions
[2005/04/30 17:29:50 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Bonnie\Application Data\Mozilla\Firefox\Profiles\0npo8uga.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/04/30 17:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/03/01 06:10:00 | 000,832,728 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2011/11/25 21:03:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\S-1-5-21-796845957-1214440339-725345543-1003..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-1214440339-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-796845957-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35C2ED20-2082-469F-A309-E606B2623969}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bonnie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bonnie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/15 20:02:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 12:47:13 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Bonnie\Desktop\aswMBR.exe
[2012/02/04 12:18:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bonnie\Desktop\OTL.exe
[2012/02/04 10:43:59 | 014,475,568 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bonnie\Desktop\windows-kb890830-v4.4.exe
[2012/02/02 19:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2012/02/02 19:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/01/31 20:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/01/30 00:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 00:30:14 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/30 00:29:41 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- E:\mbam-setup-1.60.0.1800.exe
[2012/01/26 21:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/26 21:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/23 19:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/23 19:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/23 19:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/16 19:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonnie\Local Settings\Application Data\msapidsc

========== Files - Modified Within 30 Days ==========

[2012/02/05 13:02:42 | 000,000,007 | ---- | M] () -- E:\Bonnie.kdb.lock
[2012/02/05 09:26:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/05 09:25:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/04 17:25:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/04 12:45:24 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Bonnie\Desktop\aswMBR.exe
[2012/02/04 12:11:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bonnie\Desktop\OTL.exe
[2012/02/04 10:42:20 | 014,475,568 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bonnie\Desktop\windows-kb890830-v4.4.exe
[2012/02/02 22:34:28 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 00:29:45 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- E:\mbam-setup-1.60.0.1800.exe
[2012/01/30 00:25:03 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012/01/25 20:52:59 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Bonnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk

========== Files Created - No Company Name ==========

[2012/01/30 00:30:15 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 19:05:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/20 12:27:47 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/20 12:27:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/20 12:27:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/20 12:27:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/20 12:27:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/12 17:32:04 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/09/12 17:10:46 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/06/07 12:53:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/06/07 12:53:43 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/07 12:53:42 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/07 12:53:41 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/06/07 12:53:41 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/05/11 11:56:37 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/03/09 10:18:05 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/03/09 10:18:05 | 000,002,550 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2005/12/28 23:11:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atlvv.dll
[2005/11/22 20:19:25 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Bonnie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/27 20:17:09 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/05/07 13:41:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/30 17:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/30 17:29:32 | 000,004,361 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/04/24 21:46:12 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/03/15 20:05:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/15 19:59:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/15 14:49:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/15 14:48:14 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/03 20:07:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 20:07:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 20:07:00 | 000,432,862 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/03 20:07:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 20:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 20:07:00 | 000,067,818 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/03 20:07:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 20:07:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 20:07:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 20:07:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 20:07:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 20:07:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >
  • 0

#12
Essexboy
Posted 05 February 2012 - 04:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What antivirus are you running ? As I can see no indication of one.. If you wish I can link you to two or three free ones

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#13
mostsleek
Posted 05 February 2012 - 06:41 PM

mostsleek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Hold up... :(

The PC has been running fine. I went to perform the last step and closed the open IE...it crashed. I think it has something to do with the tvguide.com site since that was up while I closed IE. Then the "do you want to send..." thing popped up for IE and DrWatson Postmortem Debugger "do you want to send..."

What is Dr Watson?

Posted Image
  • 0

#14
Essexboy
Posted 06 February 2012 - 12:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is the Microsoft debugging programme and to be honest is usually more trouble than it is worth

Dr. Watson for Windows is a program error debugger

The information obtained and logged by Dr. Watson is the information needed by technical support groups to diagnose a program error for a computer running Windows. A text file (Drwtsn32.log) is created whenever an error is detected, and can be delivered to support personnel by the method they prefer. You also have the option of creating a crash dump file, which is a binary file that a programmer can load into a debugger.



MS has realised this and prepared a small fixit to disable the programme
Go to this page and run the fixit button entitled "Disable Drwatson"

It was proably caused as you suspected
XP is prone to this
  • 0

#15
mostsleek
Posted 06 February 2012 - 05:50 PM

mostsleek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Thank you.

Other then that it has been running good for the past 24 hours.

Thank you. Fight on.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP