Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problem With A Google Redirect in Firefox [Closed]


  • This topic is locked This topic is locked

#1
mcw5044

mcw5044

    Member

  • Member
  • PipPip
  • 10 posts
A few days ago, I came down with a virus that downloaded AV Security Suite to my computer. I managed to remove it, but am still having problems with Google redirects. Whenever I type in a search term, the results page shows up as normal, but clicking the links sometime redirect me to some random shady site. I have done several scans with my Anti-Virus (Webroot Anti-Virus with SpySweeper) that have not detected any remaining viruses, and scans with Malwarebytes' Anti-Malware have come up empty. Also, I get periodic messages from my Anti-Virus that say it has blocked access to a website usually consisting of a random string of numbers and letters (in the past, I have gotten "CLKH71YHK566.com" and "Z0G7YA1IO.com". Is there something else I need to do to remove all remaining traces of this infection. I have provided my HijackThis, Malwarebytes' Anti-Malware, OTL, and GMER logs.


HijackThis:

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RUNFBI] "c:\windows\regedit.exe" -s c:\appl.zip\wxpetool\fpp_xp.reg
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\CHDAudPropShortcut.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Update Service (gupdate1ca8f58bb18dec6) (gupdate1ca8f58bb18dec6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 9634 bytes


Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.41
Database version: 3097
Windows 5.1.2600 Service Pack 2

6/27/2010 9:58:39 AM
mbam-log-2010-06-27 (09-58-39).txt

Scan type: Full Scan (C:\|)
Objects scanned: 258506
Time elapsed: 1 hour(s), 18 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#2
mcw5044

mcw5044

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
And the rest:


GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-27 18:33:24
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\uwtcqfoc.sys


---- System - GMER 1.0.15 ----

SSDT 8A52BB70 ZwAllocateVirtualMemory
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF723EE52]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF721FCDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF721FED0]
SSDT 8A52BE40 ZwCreateThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF723F640]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF723F8F4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF723DB44]
SSDT 8A52BBE8 ZwQueueApcThread
SSDT 8A52BA80 ZwReadVirtualMemory
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF723FD60]
SSDT 8A52BCD8 ZwSetContextThread
SSDT 8A44C330 ZwSetInformationKey
SSDT 8A52BF30 ZwSetInformationProcess
SSDT 8A52BD50 ZwSetInformationThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF723F112]
SSDT 8A52BEB8 ZwSuspendProcess
SSDT 8A52BC60 ZwSuspendThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF721F984]
SSDT 8A52BDC8 ZwTerminateThread
SSDT 8A52BAF8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C84 805044F0 5 Bytes [DE, FC, 21, F7, D0]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C8A 805044F6 2 Bytes [21, F7] {AND EDI, ESI}
.text ntkrnlpa.exe!ZwCallbackReturn + 2E98 80504704 4 Bytes CALL 3CDA99C4
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF52BC360, 0x33AACD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[728] kernel32.dll!CreateThread + 1A 7C810661 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[992] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 10450501 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008E000A
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008F000A
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 008D000C
.text C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 0126000A
.text C:\WINDOWS\System32\svchost.exe[1208] ole32.dll!CoCreateInstance 7750055E 5 Bytes JMP 00BE000A
.text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A1000A
.text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AF000A
.text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A0000C
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2656] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2656] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2656] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2656] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2656] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2656] kernel32.dll!VirtualFree 7C809AF4 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Mozilla Firefox\firefox.exe[4052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0102000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4052] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0103000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4052] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0101000C
.text C:\WINDOWS\system32\wuauclt.exe[4080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\wuauclt.exe[4080] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AD000A
.text C:\WINDOWS\system32\wuauclt.exe[4080] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AB000C

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip 89F2F3D0
Device \Driver\Tcpip \Device\Ip 8A1F2950
Device \Driver\Tcpip \Device\Ip 898D76F8
Device \Driver\Tcpip \Device\Ip 89C378A8
Device \Driver\Tcpip \Device\Ip 89BD40C8
Device \Driver\Tcpip \Device\Ip 89ED60C8
Device \Driver\Tcpip \Device\Ip 894AC6E0
Device \Driver\Tcpip \Device\Ip 89966818
Device \Driver\Tcpip \Device\Ip 8A39FA80
Device \Driver\Tcpip \Device\Ip 8A445490
Device \Driver\Tcpip \Device\Ip 8A557840

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device \Driver\Tcpip \Device\Tcp 89F2F3D0
Device \Driver\Tcpip \Device\Tcp 8A1F2950
Device \Driver\Tcpip \Device\Tcp 898D76F8
Device \Driver\Tcpip \Device\Tcp 89C378A8
Device \Driver\Tcpip \Device\Tcp 89BD40C8
Device \Driver\Tcpip \Device\Tcp 89ED60C8
Device \Driver\Tcpip \Device\Tcp 894AC6E0
Device \Driver\Tcpip \Device\Tcp 89966818
Device \Driver\Tcpip \Device\Tcp 8A39FA80
Device \Driver\Tcpip \Device\Tcp 8A445490
Device \Driver\Tcpip \Device\Tcp 8A557840
Device \Driver\Tcpip \Device\Udp 89F2F3D0
Device \Driver\Tcpip \Device\Udp 8A1F2950
Device \Driver\Tcpip \Device\Udp 898D76F8
Device \Driver\Tcpip \Device\Udp 89C378A8
Device \Driver\Tcpip \Device\Udp 89BD40C8
Device \Driver\Tcpip \Device\Udp 89ED60C8
Device \Driver\Tcpip \Device\Udp 894AC6E0
Device \Driver\Tcpip \Device\Udp 89966818
Device \Driver\Tcpip \Device\Udp 8A39FA80
Device \Driver\Tcpip \Device\Udp 8A445490
Device \Driver\Tcpip \Device\Udp 8A557840
Device \Driver\Tcpip \Device\RawIp 89F2F3D0
Device \Driver\Tcpip \Device\RawIp 8A1F2950
Device \Driver\Tcpip \Device\RawIp 898D76F8
Device \Driver\Tcpip \Device\RawIp 89C378A8
Device \Driver\Tcpip \Device\RawIp 89BD40C8
Device \Driver\Tcpip \Device\RawIp 89ED60C8
Device \Driver\Tcpip \Device\RawIp 894AC6E0
Device \Driver\Tcpip \Device\RawIp 89966818
Device \Driver\Tcpip \Device\RawIp 8A39FA80
Device \Driver\Tcpip \Device\RawIp 8A445490
Device \Driver\Tcpip \Device\RawIp 8A557840
Device \Driver\Tcpip \Device\IPMULTICAST 89F2F3D0
Device \Driver\Tcpip \Device\IPMULTICAST 8A1F2950
Device \Driver\Tcpip \Device\IPMULTICAST 898D76F8
Device \Driver\Tcpip \Device\IPMULTICAST 89C378A8
Device \Driver\Tcpip \Device\IPMULTICAST 89BD40C8
Device \Driver\Tcpip \Device\IPMULTICAST 89ED60C8
Device \Driver\Tcpip \Device\IPMULTICAST 894AC6E0
Device \Driver\Tcpip \Device\IPMULTICAST 89966818
Device \Driver\Tcpip \Device\IPMULTICAST 8A39FA80
Device \Driver\Tcpip \Device\IPMULTICAST 8A445490
Device \Driver\Tcpip \Device\IPMULTICAST 8A557840
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#3
mcw5044

mcw5044

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The OTL Files:

OTL logfile created on: 6/27/2010 6:44:40 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Matthew Woodward\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 51.92 Gb Free Space | 46.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-0548C161E1
Current User Name: Matthew Woodward
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/27 14:32:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Woodward\Desktop\OTL(2).exe
PRC - [2010/06/14 08:16:44 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/14 08:16:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/23 18:00:24 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/07 01:20:25 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2006/03/30 16:18:40 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe
PRC - [2006/03/30 16:18:32 | 000,073,728 | ---- | M] (Starz) -- C:\Program Files\Vongo\Tray.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/12/24 07:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
PRC - [2005/08/11 19:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/08/05 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/27 14:32:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Woodward\Desktop\OTL(2).exe
MOD - [2010/01/07 01:21:29 | 000,102,400 | ---- | M] (RealPlayer) -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 09:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2004/08/05 00:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/05 00:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/03/19 14:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003/02/21 22:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/23 18:00:24 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2006/03/30 16:18:40 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/01/30 10:12:00 | 006,250,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/05/10 14:27:00 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/05/10 02:02:00 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/04/28 20:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/20 04:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 04:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 04:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/04/17 23:29:00 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/04/01 07:41:40 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/03/06 02:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/03 03:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 03:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 03:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/16 07:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 05:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/01 04:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/13 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/01/07 20:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 17:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 17:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/18 08:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 08:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 08:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 08:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 08:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 07:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 07:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 07:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 07:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 07:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 07:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 07:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 07:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 07:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/26 14:00:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/26 13:59:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/12/24 23:24:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/06/25 11:10:21 | 000,000,000 | ---D | M]

[2010/06/26 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\Mozilla\Extensions
[2010/06/26 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\Mozilla\Firefox\Profiles\wgx05n7v.default\extensions
[2010/06/27 18:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/03 22:27:05 | 000,024,672 | ---- | M] (Ask.com) -- C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

O1 HOSTS File: ([2010/03/23 18:05:26 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe File not found
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Matthew Woodward\Start Menu\Programs\StartUp\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Matthew Woodward\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (EM) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/27 04:47:12 | 000,000,000 | R--D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/27 04:47:12 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d8f687df-c1b6-11de-a036-001b2436a58f}\Shell - "" = AutoRun
O33 - MountPoints2\{d8f687df-c1b6-11de-a036-001b2436a58f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d8f687df-c1b6-11de-a036-001b2436a58f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ef578187-c100-11de-9cf5-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ef578187-c100-11de-9cf5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ef578187-c100-11de-9cf5-806d6172696f}\Shell\AutoRun\command - "" = D:\install.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/24 20:52:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....hors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/27 14:32:42 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew Woodward\Desktop\OTL(2).exe
[2010/06/27 13:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/26 19:20:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/26 19:20:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/26 19:20:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/26 19:20:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/26 19:20:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/26 19:20:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/26 18:22:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/26 18:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2010/06/26 18:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Frontline Registry Cleaner
[2010/06/26 14:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Woodward\Application Data\Mozilla
[2010/06/26 13:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Woodward\Desktop\GooredFix Backups
[2010/06/25 23:39:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matthew Woodward\Recent
[2010/06/25 23:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/25 11:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/06/25 00:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Woodward\Local Settings\Application Data\ibspyxwrb
[2010/06/08 20:02:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/08 20:02:26 | 000,000,000 | ---D | C] -- C:\CanonMP
[2010/05/24 21:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\SC4PIM
[2010/05/19 17:04:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/05/19 12:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Traffic Simulator Configuration Tool
[2010/05/14 19:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ilives
[2010/04/05 01:11:33 | 000,000,000 | ---D | C] -- C:\gmax

========== Files - Modified Within 90 Days ==========

[2010/06/27 18:37:43 | 000,000,313 | ---- | M] () -- C:\hpqp.ini
[2010/06/27 18:37:04 | 000,194,401 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/27 18:36:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/27 18:36:58 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/06/27 18:36:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/27 18:36:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/27 18:36:47 | 2146,021,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/27 17:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/27 14:35:45 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Matthew Woodward\NTUSER.DAT
[2010/06/27 14:34:50 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/06/27 14:32:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Woodward\Desktop\OTL(2).exe
[2010/06/27 13:31:00 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\NTREGOPT.lnk
[2010/06/27 13:31:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\ERUNT.lnk
[2010/06/27 10:01:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Local Settings\Application Data\housecall.guid.cache
[2010/06/27 02:45:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Matthew Woodward\ntuser.ini
[2010/06/26 18:20:55 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\FrontLine Registry Cleaner Scheduled Scan - Matthew Woodward.job
[2010/06/26 18:20:44 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\Frontline Registry Cleaner.lnk
[2010/06/26 16:36:20 | 002,113,338 | -H-- | M] () -- C:\Documents and Settings\Matthew Woodward\Local Settings\Application Data\IconCache.db
[2010/06/26 13:59:56 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/26 13:59:56 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/26 13:40:15 | 003,720,968 | R--- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\ComboFix.exe
[2010/06/25 23:36:55 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\CCleaner.lnk
[2010/06/25 19:32:21 | 000,001,668 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LDAA7929206F64476A2EB2573BA30A081.job
[2010/06/25 11:10:22 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/25 00:27:48 | 000,439,352 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 00:27:48 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/25 00:27:48 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 22:42:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/16 00:56:46 | 000,011,887 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Personal Essay.docx
[2010/06/15 19:41:58 | 000,170,701 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\My Documents\W-4 Form.pdf
[2010/06/09 18:48:07 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/06/09 08:42:00 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 02:07:50 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/07 22:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/07 20:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/05/26 23:06:02 | 000,010,695 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\My Documents\ThankYou.docx
[2010/05/19 12:57:22 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\Traffic Simulator Configuration Tool.lnk
[2010/05/17 16:09:20 | 000,017,245 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Transcript.docx
[2010/05/15 19:45:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/04 21:59:59 | 000,164,352 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Emerson Application.doc
[2010/04/30 03:20:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/14 02:00:40 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\LotEditor.exe.lnk
[2010/04/05 01:11:58 | 000,000,561 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\SC4 Plug-in Manager.lnk
[2010/04/05 01:11:58 | 000,000,483 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\SC4 B.A.T..lnk
[2010/04/05 01:11:44 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\gmax.lnk
[2010/04/03 01:26:26 | 000,064,040 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2010/06/27 13:33:04 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\gmer.exe
[2010/06/27 13:31:00 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\NTREGOPT.lnk
[2010/06/27 13:31:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\ERUNT.lnk
[2010/06/27 10:01:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Local Settings\Application Data\housecall.guid.cache
[2010/06/26 19:20:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/26 19:20:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/26 19:20:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/26 19:20:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/26 19:20:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/26 18:20:54 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\FrontLine Registry Cleaner Scheduled Scan - Matthew Woodward.job
[2010/06/26 18:20:44 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\Frontline Registry Cleaner.lnk
[2010/06/26 13:59:56 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/26 13:59:56 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/26 13:40:13 | 003,720,968 | R--- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\ComboFix.exe
[2010/06/25 23:36:55 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\CCleaner.lnk
[2010/06/25 11:10:22 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/15 19:41:58 | 000,170,701 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\W-4 Form.pdf
[2010/06/12 20:52:52 | 000,011,887 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Personal Essay.docx
[2010/06/08 20:02:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2010/05/26 23:06:01 | 000,010,695 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\ThankYou.docx
[2010/05/19 12:57:22 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\Traffic Simulator Configuration Tool.lnk
[2010/05/17 16:09:19 | 000,017,245 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Transcript.docx
[2010/05/14 19:44:52 | 000,994,582 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Ilives Reader 093.exe
[2010/05/04 21:59:59 | 000,164,352 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Emerson Application.doc
[2010/04/05 01:11:58 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\SC4 Plug-in Manager.lnk
[2010/04/05 01:11:58 | 000,000,483 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\SC4 B.A.T..lnk
[2010/04/05 01:11:44 | 000,000,468 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\gmax.lnk
[2010/01/07 01:22:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/25 21:06:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/11/25 21:06:41 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/10/31 00:32:34 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/10/29 20:59:09 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/24 22:46:48 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/10/24 22:42:11 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2009/10/24 22:30:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/24 22:25:34 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/05/10 17:23:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/10 16:46:02 | 000,000,728 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/10 16:42:38 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/26 22:48:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/04/26 22:48:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/04/26 22:48:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/04/26 22:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/02 21:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 05:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/10/25 19:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/25 19:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/06/08 20:02:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/22 19:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2010/06/26 18:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2009/12/18 08:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/06/27 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/24 23:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/25 19:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\acccore
[2009/10/25 22:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\Deckadance
[2009/11/22 19:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\Final Draft
[2009/12/18 08:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\muvee Technologies
[2009/11/01 18:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\OpenOffice.org
[2010/02/11 02:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\Sawer
[2010/06/26 18:20:55 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\FrontLine Registry Cleaner Scheduled Scan - Matthew Woodward.job
[2010/06/25 19:32:21 | 000,001,668 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LDAA7929206F64476A2EB2573BA30A081.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/10/24 22:59:38 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[1999/04/13 15:12:26 | 000,000,512 | ---- | M] () -- C:\Boot32.w2k
[1999/04/07 18:34:04 | 000,001,536 | ---- | M] () -- C:\BOOTSEC.32
[2009/10/24 20:50:57 | 000,019,926 | ---- | M] () -- C:\CSPU.DAT
[2009/10/24 23:03:25 | 000,002,622 | ---- | M] () -- C:\CTOERROR.FLG
[2010/06/27 18:36:47 | 2146,021,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/27 18:37:43 | 000,000,313 | ---- | M] () -- C:\hpqp.ini
[2009/10/25 19:03:20 | 000,000,459 | -H-- | M] () -- C:\IPH.PH
[2004/08/05 00:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2002/08/29 23:00:00 | 000,047,580 | ---- | M] () -- C:\ntdetect.wpe
[2004/08/05 00:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/27 18:36:45 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2006/06/12 11:20:55 | 000,000,688 | ---- | M] () -- C:\pcanet.ini
[2002/08/29 23:00:00 | 000,245,920 | ---- | M] () -- C:\wpeldr
[2010/06/27 18:36:58 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2005/08/26 12:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD7L.DLL
[2005/08/26 12:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP7L.DLL
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/05/10 09:15:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/10 09:15:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< %systemroot%\system32\user32.dll /md5 >
[2004/08/05 00:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/05 00:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Attached Files


Edited by Essexboy, 28 June 2010 - 01:57 PM.

  • 0

#4
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi mcw5044,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

  • 0

#5
mcw5044

mcw5044

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I ran TDSSkiller, and here is the resulting log. It told me to reboot to finish the process, should I go ahead and do that?

18:33:28:265 0472 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
18:33:28:265 0472 ================================================================================
18:33:28:265 0472 SystemInfo:

18:33:28:265 0472 OS Version: 5.1.2600 ServicePack: 2.0
18:33:28:265 0472 Product type: Workstation
18:33:28:281 0472 ComputerName: YOUR-0548C161E1
18:33:28:281 0472 UserName: Matthew Woodward
18:33:28:281 0472 Windows directory: C:\WINDOWS
18:33:28:281 0472 Processor architecture: Intel x86
18:33:28:281 0472 Number of processors: 2
18:33:28:281 0472 Page size: 0x1000
18:33:28:281 0472 Boot type: Normal boot
18:33:28:281 0472 ================================================================================
18:33:28:703 0472 Initialize success
18:33:28:703 0472
18:33:28:703 0472 Scanning Services ...
18:33:28:765 0472 Raw services enum returned 349 services
18:33:28:765 0472
18:33:28:765 0472 Scanning Drivers ...
18:33:29:500 0472 5U870CAP_VID_1262&PID_25FD (b978ac7198fc16f94e50cfaecb4aa453) C:\WINDOWS\system32\Drivers\5U870CAP.sys
18:33:29:578 0472 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:33:29:640 0472 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:33:29:656 0472 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:33:29:671 0472 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:33:29:906 0472 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
18:33:30:000 0472 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
18:33:30:062 0472 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:33:30:078 0472 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:33:30:093 0472 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:33:30:109 0472 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:33:30:156 0472 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:33:30:234 0472 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:33:30:296 0472 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:33:30:312 0472 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:33:30:375 0472 AmdK8 (ff8562f78b45a811c1ee23431622d4cc) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:33:30:390 0472 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:33:30:406 0472 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:33:30:421 0472 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:33:30:437 0472 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:33:30:453 0472 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:33:30:484 0472 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:33:30:500 0472 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:33:30:531 0472 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:33:30:578 0472 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:33:30:671 0472 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:33:30:843 0472 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:33:30:921 0472 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:33:30:937 0472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:33:30:968 0472 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:33:30:984 0472 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:33:31:000 0472 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:33:31:015 0472 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
18:33:31:046 0472 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:33:31:078 0472 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:33:31:093 0472 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:33:31:109 0472 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:33:31:125 0472 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:33:31:156 0472 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:33:31:187 0472 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:33:31:234 0472 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
18:33:31:312 0472 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
18:33:31:375 0472 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
18:33:31:546 0472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:33:31:656 0472 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
18:33:31:703 0472 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:33:31:750 0472 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
18:33:31:859 0472 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
18:33:32:000 0472 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
18:33:32:203 0472 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
18:33:32:281 0472 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
18:33:32:312 0472 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
18:33:32:328 0472 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:33:32:375 0472 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:33:32:390 0472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:33:32:421 0472 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:33:32:484 0472 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:33:32:515 0472 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:33:32:578 0472 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
18:33:32:625 0472 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys
18:33:32:750 0472 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:33:32:843 0472 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:33:32:906 0472 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:33:32:968 0472 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:33:33:000 0472 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:33:33:062 0472 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:33:33:125 0472 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:33:33:281 0472 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:33:33:421 0472 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
18:33:33:500 0472 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:33:33:546 0472 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:33:33:578 0472 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:33:33:671 0472 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:33:33:812 0472 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:33:33:859 0472 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:33:33:890 0472 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:33:33:937 0472 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:33:34:046 0472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:33:34:109 0472 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:33:34:156 0472 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:33:34:218 0472 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:33:34:359 0472 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:33:34:421 0472 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:33:34:515 0472 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:33:34:593 0472 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:33:34:640 0472 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
18:33:34:703 0472 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
18:33:34:812 0472 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
18:33:34:859 0472 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:33:34:906 0472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:33:35:046 0472 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
18:33:35:062 0472 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:33:35:125 0472 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:33:35:171 0472 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
18:33:35:203 0472 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:33:35:218 0472 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:33:35:312 0472 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:33:35:375 0472 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
18:33:35:406 0472 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:33:35:484 0472 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:33:35:546 0472 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
18:33:35:656 0472 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:33:35:687 0472 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
18:33:35:703 0472 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
18:33:35:718 0472 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:33:35:796 0472 NDIS (aa898f84d2b59129fb92e143a2c73434) C:\WINDOWS\system32\drivers\NDIS.sys
18:33:35:859 0472 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:33:35:906 0472 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:33:35:937 0472 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:33:35:984 0472 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:33:36:000 0472 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
18:33:36:031 0472 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:33:36:125 0472 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:33:36:281 0472 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:33:36:359 0472 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
18:33:36:421 0472 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
18:33:36:468 0472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:33:36:875 0472 nv (d42fb8615e810901779294f5627364fe) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:33:37:359 0472 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
18:33:37:390 0472 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:33:37:468 0472 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:33:37:484 0472 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
18:33:37:531 0472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:33:37:640 0472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:33:37:718 0472 ohci1394 (197ddf60b254a84d8656850397b5f923) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:33:37:765 0472 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
18:33:37:796 0472 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
18:33:37:812 0472 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:33:37:828 0472 PCI (ddb343fab2ad7bab9e805d9c0648576b) C:\WINDOWS\system32\DRIVERS\pci.sys
18:33:37:828 0472 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: ddb343fab2ad7bab9e805d9c0648576b, Fake md5: 8086d9979234b603ad5bc2f5d890b234
18:33:37:828 0472 File "C:\WINDOWS\system32\DRIVERS\pci.sys" infected by TDSS rootkit ... 18:33:39:390 0472 Backup copy found, using it..
18:33:39:796 0472 will be cured on next reboot
18:33:39:937 0472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:33:39:968 0472 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:33:40:015 0472 PCTCore (ad629e621cb1242ba8707cd9c2c5b6ec) C:\WINDOWS\system32\drivers\PCTCore.sys
18:33:40:093 0472 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:33:40:093 0472 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:33:40:125 0472 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:33:40:203 0472 Processor (9e372a156f92425a1904b84589093a37) C:\WINDOWS\system32\DRIVERS\processr.sys
18:33:40:203 0472 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
18:33:40:218 0472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:33:40:250 0472 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:33:40:265 0472 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:33:40:281 0472 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:33:40:281 0472 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:33:40:312 0472 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:33:40:312 0472 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:33:40:359 0472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:33:40:437 0472 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:33:40:593 0472 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:33:40:609 0472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:33:40:656 0472 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:33:40:671 0472 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:33:40:734 0472 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:33:40:781 0472 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
18:33:40:859 0472 redbook (7babb669731fc537e50d707a6d16e848) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:33:41:015 0472 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
18:33:41:093 0472 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
18:33:41:125 0472 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
18:33:41:218 0472 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:33:41:234 0472 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:33:41:281 0472 Secdrv (ba0d892d2f786bcebdf03b0a252b47f3) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:33:41:296 0472 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
18:33:41:328 0472 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:33:41:359 0472 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:33:41:437 0472 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:33:41:625 0472 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:33:41:703 0472 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
18:33:41:750 0472 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
18:33:41:812 0472 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
18:33:41:859 0472 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
18:33:41:875 0472 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
18:33:41:906 0472 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
18:33:41:921 0472 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:33:41:953 0472 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:33:41:968 0472 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
18:33:42:015 0472 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:33:42:031 0472 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:33:42:046 0472 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:33:42:109 0472 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:33:42:171 0472 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:33:42:281 0472 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
18:33:42:375 0472 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:33:42:437 0472 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:33:42:468 0472 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
18:33:42:484 0472 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:33:42:515 0472 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:33:42:546 0472 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
18:33:42:671 0472 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:33:42:718 0472 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
18:33:42:796 0472 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:33:42:921 0472 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:33:43:093 0472 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:33:43:125 0472 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:33:43:187 0472 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:33:43:234 0472 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:33:43:281 0472 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:33:43:312 0472 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:33:43:343 0472 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:33:43:406 0472 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
18:33:43:453 0472 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:33:43:500 0472 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:33:43:515 0472 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
18:33:43:546 0472 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:33:43:734 0472 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
18:33:43:875 0472 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:33:44:078 0472 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:33:44:140 0472 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:33:44:156 0472 Reboot required for cure complete..
18:33:44:437 0472 Cure on reboot scheduled successfully
18:33:44:437 0472
18:33:44:437 0472 Completed
18:33:44:437 0472
18:33:44:437 0472 Results:
18:33:44:437 0472 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:33:44:437 0472 File objects infected / cured / cured on reboot: 1 / 0 / 1
18:33:44:437 0472
18:33:44:453 0472 KLMD(ARK) unloaded successfully
  • 0

#6
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

  • 0

#7
mcw5044

mcw5044

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I ran TFC and let it reboot, but now I'm getting a message that says that Windows cannot start because one of the files in my drivers folder in System32 is missing or corrupt. Is there any way to get around that, or will I have to reinstall my operating system?
  • 0

#8
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Can you tell me which file it is?
  • 0

#9
mcw5044

mcw5044

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
It was tsk28.tmp
  • 0

#10
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Can you boot into Windows though?
  • 0

Advertisements


#11
mcw5044

mcw5044

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I cannot boot into windows, after the first screen upon turning the computer on, I get a message saying Windows cannot load because that file is missing or corrupt, and that I could try and repair it by using the setup CD (which I believe I don't have, unless that's the same thing as a system recovery disc).
  • 0

#12
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Please try booting into safe mode. You can do that by following these steps:
  • Reboot your computer
  • Before the Windows Logo comes up, repeatedly tap F8. This will take you to the Advanced Boot Menu
  • In the menu, select Safe Mode using the arrow keys, and press enter
Let me know if you are able to boot in this mode.
  • 0

#13
mcw5044

mcw5044

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I cannot boot my computer in safe mode, I merely get the same error.
  • 0

#14
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
How about Last Known Good Configuration. It's in the same menu as safe mode.
  • 0

#15
mcw5044

mcw5044

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Using Last Known Good Configuration worked, but the infection remains. Should I move on the MBAM scan, or go back to a previous step?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP