Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

After malware removal 30 min start up time & run.DLL error


  • This topic is locked This topic is locked

#1
amy elizabeth

amy elizabeth

    Member

  • Member
  • PipPip
  • 19 posts
Hello!
I have no idea what is wrong with my computer, or what type of malware/virus (or combination) I originally had, but after attempting to remove it, possibly even successfully removing it, with Malwarebytes Anti Malware my computer now takes an excessively long time to start up (it stays on the blue Windows "Welcome" screen for 30+ minutes before moving on to the desktop screen). And when it does finally get to the desktop I get an error message that says C:\WINDOWS\wowuwmg.DLL File not found. Also, I don't know if this is related or just an unfortunate coincidence, when I try to plug my USB flash drive into any of the USB ports, my computer doesn't see it.

When I ran the original Anti Malware scan it may have said something at the end about having trouble removing something, but I can't remember exactly what it said, except that it wanted me to reboot my computer to finish the removal process. It was on that reboot that I first began having the 30+ minute start up time. I scanned several more times with Anti Malware & found a couple more things that it removed & I hoped that would fix it, but no luck. When I run it now it says no threats found, but I'm still having the start up problems & getting the error message, so I don't know if that just means I have something it can't find, or if I did something wrong when initally removing things. My OTL log is below, but if you need additional info (like the logs from the Anti Malware scans) let me know.

I am eternally grateful for any help you can provide.
Thanks,
AE

++++++++++++++++++++++++++++++++++++++++

OTL logfile created on: 11/13/2010 2:29:59 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Amy Grace\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 423.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 81.65 Gb Total Space | 29.45 Gb Free Space | 36.07% Space Free | Partition Type: NTFS
Drive D: | 62.47 Gb Total Space | 62.40 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

Computer Name: AMYGRACE | User Name: Amy Grace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/13 14:29:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amy Grace\My Documents\OTL.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/25 22:38:10 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/10/18 17:09:46 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/10/15 14:18:28 | 000,359,936 | ---- | M] (ASUSTek COMPUTER INC. ) -- C:\WINDOWS\EeePCDisableAutoPlay\EeePCDisableAutoPlay.exe
PRC - [2008/09/17 15:15:34 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/09/17 13:54:20 | 000,106,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2008/09/16 16:16:38 | 000,593,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2008/09/03 11:34:42 | 000,335,872 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDCTRL.EXE
PRC - [2008/08/22 17:18:44 | 000,204,800 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDDECT.EXE
PRC - [2008/05/21 00:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/17 20:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/12/19 10:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/05/21 03:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/02/20 14:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
PRC - [2004/07/01 16:20:20 | 000,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe


========== Modules (SafeList) ==========

MOD - [2010/11/13 14:29:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amy Grace\My Documents\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/04 12:00:56 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/02/20 14:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\uvclf.sys -- (uvclf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RT2860.sys -- (RT80x86)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/09/18 18:44:38 | 001,326,528 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/09/18 05:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/25 01:59:40 | 000,026,112 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (Ktp)
DRV - [2008/08/19 09:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/04/14 07:51:44 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/08 14:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2008/03/11 06:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/02/04 04:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/19 10:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{3ABE10FA-0575-4DCE-99F5-0E17CC68786A}: C:\Documents and Settings\Amy Grace\Local Settings\Application Data\{3ABE10FA-0575-4DCE-99F5-0E17CC68786A} [2010/11/12 19:20:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/02/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iRiver Updater] \Updater.exe ()
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Lrododegexino] C:\WINDOWS\wowuwmg.DLL File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EeePCDisableAutoPlay.lnk = C:\WINDOWS\Installer\{564DBEDA-BD68-459A-B4B6-74341F28CF1D}\EeePCDisableAutoPl_564DBEDABD68459AB4B674341F28CF1D.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Amy Grace\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amy Grace\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2008/08/18 02:56:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\Shell - "" = AutoRun
O33 - MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\Shell\install\command - "" = E:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/13 14:29:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amy Grace\My Documents\OTL.exe
[2010/11/12 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Grace\Local Settings\Application Data\{3ABE10FA-0575-4DCE-99F5-0E17CC68786A}
[2010/11/12 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/11/12 19:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Grace\Application Data\Ilgy
[2010/11/12 19:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Grace\Application Data\Hiumyf
[2010/11/12 19:16:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2009/08/11 11:08:03 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[2009/08/11 11:08:03 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2009/08/11 11:07:35 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2009/08/11 11:07:35 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2009/08/11 11:07:35 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2009/08/11 11:07:35 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2009/08/11 11:07:35 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2009/08/11 11:07:34 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2009/08/11 11:07:34 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll
[2008/08/18 03:49:45 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\U1 Setup.exe

========== Files - Modified Within 30 Days ==========

[2010/11/13 14:29:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amy Grace\My Documents\OTL.exe
[2010/11/13 14:26:01 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1077469927-2372699774-2319586602-1006UA.job
[2010/11/13 13:57:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/13 13:44:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/11/13 12:57:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/13 12:28:19 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/13 12:28:19 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/13 12:27:27 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EeePCDisableAutoPlay.lnk
[2010/11/13 12:27:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/13 12:26:02 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1077469927-2372699774-2319586602-1006Core.job
[2010/11/13 12:05:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/13 12:04:59 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/13 12:04:59 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/13 12:04:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 12:04:33 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/13 12:03:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/11/13 12:03:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/11/13 12:02:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/12 22:58:35 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/12 22:27:28 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Swafamagabo.dat
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/12 19:20:44 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/12 19:20:44 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/12 19:20:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qkoqi.bin
[2010/11/12 19:19:44 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/12 19:19:44 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/12 19:19:44 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/12 19:19:09 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/12 19:19:09 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/12 19:19:03 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/12 19:18:57 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/12 19:18:56 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/12 19:18:54 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/09 13:59:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/11/09 13:59:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/11/08 00:27:50 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Amy Grace\Desktop\Google Chrome.lnk
[2010/11/02 03:15:11 | 016,115,032 | ---- | M] () -- C:\Documents and Settings\Amy Grace\My Documents\manual for sharon's printer.exe
[2010/11/02 02:22:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/11/02 02:22:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/11/02 00:55:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/11/02 00:55:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/10/31 21:16:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/10/31 21:16:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/10/31 00:15:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/10/31 00:15:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/10/29 23:03:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/10/29 23:03:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/10/27 00:32:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/10/27 00:32:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/10/21 19:11:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/10/21 19:11:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/10/18 10:11:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/18 08:43:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/10/18 08:43:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/10/16 01:13:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/10/16 01:13:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

========== Files Created - No Company Name ==========

[2010/11/12 19:20:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/12 19:20:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/12 19:20:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/12 19:20:48 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/12 19:20:47 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/12 19:20:47 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/12 19:20:45 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/12 19:20:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/12 19:20:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qkoqi.bin
[2010/11/12 19:20:38 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/12 19:20:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Swafamagabo.dat
[2010/11/12 19:20:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/12 19:20:24 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/12 19:19:39 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/12 19:19:36 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/12 19:19:31 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/12 19:19:27 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/12 19:19:23 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/12 19:19:10 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/12 19:19:08 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/12 19:19:04 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/12 19:18:58 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/12 19:18:57 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/12 19:18:56 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/12 19:18:53 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/12 19:18:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/02 03:15:11 | 016,115,032 | ---- | C] () -- C:\Documents and Settings\Amy Grace\My Documents\manual for sharon's printer.exe
[2010/03/22 00:49:12 | 000,012,778 | -HS- | C] () -- C:\Documents and Settings\Amy Grace\Local Settings\Application Data\VH56DJI7u87yo
[2010/03/22 00:49:12 | 000,012,778 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
[2010/01/05 22:30:14 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2009/09/12 01:56:27 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Amy Grace\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 07:57:42 | 000,014,548 | ---- | C] () -- C:\Documents and Settings\Amy Grace\Application Data\wklnhst.dat
[2009/08/11 11:08:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2009/08/11 11:08:03 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2009/08/11 11:07:45 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2009/08/11 11:07:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2009/08/11 11:07:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2009/08/11 11:07:35 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2009/08/11 00:01:29 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Amy Grace\Local Settings\Application Data\fusioncache.dat
[2008/10/08 18:28:58 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\SSUSBC.dll
[2008/09/02 06:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/08/19 10:16:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/19 10:03:11 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2008/08/19 10:03:11 | 000,048,128 | R--- | C] () -- C:\WINDOWS\System32\drivers\maxv_kern_i386.sys
[2008/08/19 10:03:11 | 000,040,832 | R--- | C] () -- C:\WINDOWS\System32\drivers\cshp_kern_i386.sys
[2008/08/19 10:03:11 | 000,030,592 | R--- | C] () -- C:\WINDOWS\System32\drivers\hp360_kern_i386.sys
[2008/08/19 10:03:10 | 000,038,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\srs_premiumsound_i386.sys
[2008/08/18 10:50:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/18 03:51:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/08/18 03:51:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/08/18 03:51:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/08/18 03:51:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/08/18 03:51:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/08/18 03:51:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/08/18 03:26:54 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/07/30 18:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2008/04/25 00:08:42 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/03/17 14:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/04/02 13:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/09/24 01:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2010/03/09 22:21:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/03/09 11:24:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/03/12 10:01:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008/08/18 04:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ECAP
[2008/08/18 04:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/03/25 22:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/08/10 23:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/11/13 04:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2009/08/12 03:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/03/19 22:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Grace\Application Data\Canon
[2010/11/12 19:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Grace\Application Data\Hiumyf
[2010/11/12 22:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Grace\Application Data\Ilgy
[2010/03/23 20:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Grace\Application Data\StarOffice8
[2009/08/25 07:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy Grace\Application Data\Template
[2010/11/12 19:18:54 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/12 19:19:44 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/13 12:04:59 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/13 12:04:59 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/13 12:57:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/13 13:57:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/11/12 19:20:44 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/12 19:20:44 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/12 19:18:56 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/12 22:58:35 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/12 19:21:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/11/12 19:18:57 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/12 19:19:03 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/13 12:05:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/12 19:19:09 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/12 19:19:09 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/12 19:19:44 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/12 19:19:44 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/11/13 13:44:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :D
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here. ;)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    O4 - HKCU..\Run: [Lrododegexino] C:\WINDOWS\wowuwmg.DLL File not found
    O33 - MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\Shell - "" = AutoRun
    O33 - MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
    O33 - MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found
    O33 - MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\Shell\install\command - "" = E:\SETUP.EXE -- File not found
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2010/11/12 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Grace\Local Settings\Application Data\{3ABE10FA-0575-4DCE-99F5-0E17CC68786A}
    [2010/11/12 19:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Grace\Application Data\Ilgy
    [2010/11/12 19:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Grace\Application Data\Hiumyf
    [2010/11/12 19:16:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
    [2010/11/12 22:27:28 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Swafamagabo.dat
    [2010/11/12 19:20:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qkoqi.bin
    [2010/11/12 19:20:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qkoqi.bin
    [2010/11/12 19:20:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Swafamagabo.dat
    [2010/03/22 00:49:12 | 000,012,778 | -HS- | C] () -- C:\Documents and Settings\Amy Grace\Local Settings\Application Data\VH56DJI7u87yo
    [2010/03/22 00:49:12 | 000,012,778 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
    
    :Reg
    
    :Files
    C:\WINDOWS\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker ... Save it to your Desktop.
Note: The log can be very long, you may need to post it separately.
  • Right click on the .rar and Extract the files.
  • Double-click on RKUnhookerLE.exe to execute it.
    Vista - W7 users: Right click RKUnhookerLE.exe, choose "Run As Administrator" to execute it. If UAC prompts, please allow it.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, Files and Code Hooks. Uncheck the rest. then Click OK. (See image below...)
    Posted Image
    The scanning will toggle through the checked items "tabs" ... it will take a while, so please be patient.
  • When the scanner is finished... click File, Save Report.
  • Save the file "Report.txt" to your Desktop... Press Close... then press Yes
  • Copy the entire contents of the Report.txt file in you're next reply.

Please Note:
You may get this warning, it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




NEXT:



Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#3
amy elizabeth

amy elizabeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you so much for your quick reply! I followed all your steps & here are the log files you requested:

OTL
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lrododegexino deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cc1ae64-f0a8-11de-b158-00224353103c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cc1ae64-f0a8-11de-b158-00224353103c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cc1ae64-f0a8-11de-b158-00224353103c}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cc1ae64-f0a8-11de-b158-00224353103c}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cc1ae64-f0a8-11de-b158-00224353103c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cc1ae64-f0a8-11de-b158-00224353103c}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\Amy Grace\Local Settings\Application Data\{3ABE10FA-0575-4DCE-99F5-0E17CC68786A}\chrome\content folder moved successfully.
C:\Documents and Settings\Amy Grace\Local Settings\Application Data\{3ABE10FA-0575-4DCE-99F5-0E17CC68786A}\chrome folder moved successfully.
C:\Documents and Settings\Amy Grace\Local Settings\Application Data\{3ABE10FA-0575-4DCE-99F5-0E17CC68786A} folder moved successfully.
C:\Documents and Settings\Amy Grace\Application Data\Ilgy folder moved successfully.
C:\Documents and Settings\Amy Grace\Application Data\Hiumyf folder moved successfully.
C:\Documents and Settings\All Users\Documents\Server folder moved successfully.
C:\WINDOWS\Swafamagabo.dat moved successfully.
C:\WINDOWS\Qkoqi.bin moved successfully.
File C:\WINDOWS\Qkoqi.bin not found.
File C:\WINDOWS\Swafamagabo.dat not found.
C:\Documents and Settings\Amy Grace\Local Settings\Application Data\VH56DJI7u87yo moved successfully.
C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo moved successfully.
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Amy Grace\My Documents\cmd.bat deleted successfully.
C:\Documents and Settings\Amy Grace\My Documents\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Amy Grace
->Temp folder emptied: 18669775 bytes
->Temporary Internet Files folder emptied: 10419011 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 13106404 bytes
->Flash cache emptied: 1355 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76007 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Amy Grace
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11132010_163701

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Amy Grace\Local Settings\Temp\~DF2F2B.tmp not found!
File\Folder C:\Documents and Settings\Amy Grace\Local Settings\Temp\~DF3A58.tmp not found!
C:\Documents and Settings\Amy Grace\Local Settings\Temporary Internet Files\Content.IE5\Q86ZZCC4\290248-after-malware-removal-30-min-start-up-time-rundll-error[2].htm moved successfully.
C:\Documents and Settings\Amy Grace\Local Settings\Temporary Internet Files\Content.IE5\Q86ZZCC4\like[1].htm moved successfully.
C:\Documents and Settings\Amy Grace\Local Settings\Temporary Internet Files\Content.IE5\C7BSCYVE\xd_proxy[1].htm moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

++++++++++++++++++++++++++

Rootkit Unhooker Report

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF6D28000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA2FF000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4984832 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xF6BA8000 C:\WINDOWS\system32\DRIVERS\athw.sys 1327104 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0xF6A93000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xF734D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA03A000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF69C2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA11F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA98EC000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA9420000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7459000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9A5C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7320000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA95A1000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA0AA000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6CEC000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA0F7000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA013000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0xAA23B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6B84000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6A20000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA0D5000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73F1000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7429000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA9FCD000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xF7306000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7411000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9FB5000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xA9CF6000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF73DA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6A7C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9A89000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6D14000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA178000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF7448000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6A43000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7768000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA9C3E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7738000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75C8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7688000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7678000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 53248 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller ndis miniport driver)
0xF76A8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75A8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76C8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7698000 C:\WINDOWS\system32\DRIVERS\ETD.sys 45056 bytes (ELANTECH Devices Corp., ETD Ware TSR Enhancements)
0xF77B8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7598000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76B8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7798000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF7588000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76F8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76E8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75B8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7668000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76D8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF77A8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA8F60000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7608000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78C0000 C:\WINDOWS\system32\DRIVERS\btport.sys 32768 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xF78E8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7908000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7890000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7808000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7900000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7898000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78A0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7888000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF78D8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78F8000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF78E0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7810000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78B0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78B8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78A8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7928000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF79A0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7A2C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7A44000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9E8D000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF79A4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7A30000 C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 12288 bytes (ASUSTeK Computer Inc., ASUS ACPI Device Driver)
0xA9EE1000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7998000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF799C000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA1C3000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6A78000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7A34000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6A74000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AC0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7ACC000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7ABE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A88000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AC2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AC4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A96000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7A98000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AA0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A8A000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C7D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BD8000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CA0000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B51000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7B50000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x805D1134-->AA028BB2 [aswSP.SYS]
ntkrnlpa.exe-->NtCreateSection, Type: Inline - RelativeJump 0x805AB38E-->AA0289D6 [aswSP.SYS]
ntkrnlpa.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x8058413A-->AA028B10 [aswSP.SYS]
ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump 0x805C2F86-->AA025FFA [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x805BC502-->AA0245D4 [aswSP.SYS]
[1424]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->00000000 [unknown_code_page]
[2860]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2860]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2860]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2860]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2860]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2860]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[2860]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3184]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3184]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3184]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3184]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3184]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3184]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3184]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3184]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3184]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3184]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3184]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3184]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3184]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3184]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[3184]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[3184]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3184]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3184]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3184]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3184]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3184]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3184]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3184]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3184]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3184]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3184]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3184]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3184]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3184]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3184]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3184]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3184]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3184]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3184]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[3184]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[3184]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[3184]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[3184]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3184]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[3416]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3416]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3416]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3416]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3416]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3416]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3416]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3416]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3416]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3416]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3416]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3416]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3416]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3416]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[3416]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[3416]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3416]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3416]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3416]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3416]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3416]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[3416]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3416]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3416]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3416]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3416]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3416]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3416]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3416]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3416]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3416]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3416]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3416]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3416]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3416]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[3416]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[3416]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[3416]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[3416]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[3416]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[3416]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3416]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[3756]msnmsgr.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x7C84495D-->00000000 [msnmsgr.exe]
[3880]PMB.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->00000000 [unknown_code_page]
[768]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[768]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]

++++++++++++++++++++++++

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 113):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A88000 \WINDOWS\system32\KDCOM.DLL
0xF7998000 \WINDOWS\system32\BOOTVID.dll
0xF7459000 ACPI.sys
0xF7A8A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7448000 pci.sys
0xF7588000 isapnp.sys
0xF799C000 compbatt.sys
0xF79A0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B50000 pciide.sys
0xF7808000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7598000 MountMgr.sys
0xF7429000 ftdisk.sys
0xF79A4000 ACPIEC.sys
0xF7B51000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7810000 PartMgr.sys
0xF75A8000 VolSnap.sys
0xF7411000 atapi.sys
0xF75B8000 disk.sys
0xF75C8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73F1000 fltMgr.sys
0xF73DA000 KSecDD.sys
0xF734D000 Ntfs.sys
0xF7320000 NDIS.sys
0xF7306000 Mup.sys
0xF7668000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6D28000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6D14000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6CEC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7678000 \SystemRoot\system32\DRIVERS\l1e51x86.sys
0xF6BA8000 \SystemRoot\system32\DRIVERS\athw.sys
0xF7888000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6B84000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7890000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7688000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7898000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7698000 \SystemRoot\system32\DRIVERS\ETD.sys
0xF78A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A2C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7A30000 \SystemRoot\system32\DRIVERS\ASUSACPI.sys
0xF6A93000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7A96000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7C7D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A34000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6A7C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78A8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6A43000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78B0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78B8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A98000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6A20000 \SystemRoot\system32\DRIVERS\ks.sys
0xF69C2000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A44000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF78C0000 \SystemRoot\system32\DRIVERS\btport.sys
0xF76F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7738000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AA0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAA2FF000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA23B000 \SystemRoot\system32\drivers\portcls.sys
0xF7768000 \SystemRoot\system32\drivers\drmk.sys
0xF6A78000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7ABE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CA0000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AC0000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78D8000 \SystemRoot\System32\drivers\vga.sys
0xF7AC2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AC4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78E0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6A74000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA178000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA11F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7798000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA0F7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA0D5000 \SystemRoot\System32\drivers\afd.sys
0xF77A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA0AA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA03A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77B8000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA013000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7900000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF7908000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA9FCD000 \SystemRoot\System32\Drivers\usbvideo.sys
0xA9FB5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7ACC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA1C3000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7928000 \SystemRoot\System32\watchdog.sys
0xF7608000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BD8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9EE1000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA9E8D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9CF6000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA9A89000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9C3E000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9A5C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA98EC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF78F8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA9420000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8EF5000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
416 C:\WINDOWS\system32\smss.exe
700 csrss.exe
724 C:\WINDOWS\system32\winlogon.exe
768 C:\WINDOWS\system32\services.exe
780 C:\WINDOWS\system32\lsass.exe
952 C:\WINDOWS\system32\svchost.exe
996 svchost.exe
1056 C:\WINDOWS\system32\svchost.exe
1160 svchost.exe
1236 svchost.exe
1424 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1852 C:\WINDOWS\system32\spoolsv.exe
604 svchost.exe
636 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
648 C:\Program Files\Bonjour\mDNSResponder.exe
744 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
784 C:\Program Files\Java\jre6\bin\jqs.exe
1220 C:\WINDOWS\system32\svchost.exe
1456 wdfmgr.exe
128 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2860 C:\WINDOWS\explorer.exe
3088 C:\WINDOWS\NOTEPAD.EXE
3152 C:\WINDOWS\system32\igfxtray.exe
3160 C:\WINDOWS\system32\hkcmd.exe
3176 C:\Program Files\Java\jre6\bin\jusched.exe
3192 C:\Program Files\EeePC\ACPI\AsTray.exe
3212 C:\WINDOWS\system32\igfxsrvc.exe
3248 C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
3252 C:\WINDOWS\system32\igfxext.exe
3264 C:\Program Files\EeePC\ACPI\AsEPCMon.exe
3356 C:\WINDOWS\RTHDCPL.EXE
3424 C:\Program Files\Elantech\ETDCTRL.EXE
3432 C:\Program Files\Elantech\ETDDECT.EXE
3460 C:\Updater.exe
3668 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3716 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
3728 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
3748 C:\WINDOWS\system32\ctfmon.exe
3756 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3772 C:\Program Files\Messenger\msmsgs.exe
3796 C:\WINDOWS\system32\lxcrcoms.exe
3880 C:\Program Files\Pando Networks\Media Booster\PMB.exe
4032 C:\WINDOWS\EeePCDisableAutoPlay\EeePCDisableAutoPlay.exe
196 C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
2804 C:\Program Files\Java\jre6\bin\jucheck.exe
3184 C:\Program Files\Internet Explorer\iexplore.exe
3416 C:\Program Files\Internet Explorer\iexplore.exe
1872 C:\Program Files\Internet Explorer\iexplore.exe
2560 C:\Documents and Settings\Amy Grace\My Documents\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`69bbc600 (NTFS)

PhysicalDrive0 Model Number: ST9160310AS, Rev: 0303

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

How are things running?


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:




Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.


NEXT




Kaspersky Online Scanner
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#5
amy elizabeth

amy elizabeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Well, I thought my computer was running a bit better, it only took 20 minutes to start up when I rebooted it. However now it won't let me put it in standby mode & it won't run the Kaspersky Online scanner. I updated & ran the Malwarebytes quick scan (it found nothing, the log is posted below) and uninstalled all previous versions of Java & installed the updated version. But when I tried to run the Kaspersky scan I got this error message:

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.

Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]


I tried closing & reopening the Kaspersky window, but still got that error message, then I closed all the windows, restarted my computer and tried running it again, and still got the error message.

I turned off the realtime scanner for my Avast Antivirus, but didn't shut it down completely, could that be preventing the Kaspersky scan from running? I also don't know if the fact I'm using a wireless connection makes a difference.

Since I couldn't get the Kaspersky Online scan to run I wasn't sure if I should download the Security Check, so I didn't. Please let me know if I should, thanks!


Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5120

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/15/2010 9:24:21 AM
mbam-log-2010-11-15 (09-24-21).txt

Scan type: Quick scan
Objects scanned: 150887
Time elapsed: 13 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by amy elizabeth, 15 November 2010 - 08:52 AM.

  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

20 minutes to boot up is a pretty long time. I'll try and see if we can address that a little later.

There have been some reports of users being unable to run a Kaspersky Online Scanner.

We can run a different one instead. After running this scanner below, please run the SecurityCheck tool.

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

#7
amy elizabeth

amy elizabeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
20 minutes is a long time, but it's better than 30. Also, I forgot to mention that the wowuwmg.dll error message no longer pops up whenever I do a restart. I don't know what that might mean, but maybe you do. I ran both the ESETScan & Security Check & the results are below.

ESETScan results:

C:\laptop drive 1\WINDOWS\wt\backup\1.6.2.003\wcmdmgrl.exe Win32/Adware.WildTangent application
C:\laptop drive 1\WINDOWS\wt\updater\wcmdmgrl.exe Win32/Adware.WildTangent application
C:\laptop drive 1\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll probably a variant of Win32/Agent.HNCJWDG trojan
C:\laptop drive 2\Program Files\AIM95\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application
C:\laptop drive 2\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Win32/Adware.WBug.A application
C:\_OTL\MovedFiles\11132010_163701\C_Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EQ trojan

And the Security Check results:

Results of screen317's Security Check version 0.99.6
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

avast! Free Antivirus
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 22
Adobe Flash Player
Adobe Reader 8.1.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

We will run a few other scans to ensue that nothing else is hiding, and then we will address the long boot-up time.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\laptop drive 1\WINDOWS\wt\backup\1.6.2.003\wcmdmgrl.exe
    C:\laptop drive 1\WINDOWS\wt\updater\wcmdmgrl.exe
    C:\laptop drive 1\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll
    C:\laptop drive 2\Program Files\AIM95\Sysfiles\WxBug.EXE
    C:\laptop drive 2\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Scanning with DDS

Download DDS and save it to your desktop from here or here or here.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt & Attach.txt reports in your next reply.

  • 0

#9
amy elizabeth

amy elizabeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I updated Adobe & ran the scans you requested. The OTL & the TDSSKiller logs are below. I ran the DDS scan and I have the DDS.txt & Attach.txt files saved to my computer, however I was confused by your wording. For the OTL & TDSSKiller logs you said "copy & paste" but for these two you said "Post" in bold, blue italics. Is that somehow different? Or am I just being overly analytical & really I should just copy and paste as usual? Adding to my confusion, the Attach.txt file says to "zip it up & attach it" and I have no idea how to go about zipping a file, if that is what I'm supposed to be doing.
Thank you so much for your continued patience & support!


OTL log:
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\laptop drive 1\WINDOWS\wt\backup\1.6.2.003\wcmdmgrl.exe moved successfully.
C:\laptop drive 1\WINDOWS\wt\updater\wcmdmgrl.exe moved successfully.
C:\laptop drive 1\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll moved successfully.
C:\laptop drive 2\Program Files\AIM95\Sysfiles\WxBug.EXE moved successfully.
C:\laptop drive 2\Program Files\AWS\WeatherBug\MiniBugTransporter.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Amy Grace\My Documents\cmd.bat deleted successfully.
C:\Documents and Settings\Amy Grace\My Documents\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Amy Grace
->Temp folder emptied: 111102841 bytes
->Temporary Internet Files folder emptied: 6233394 bytes
->Java cache emptied: 128094 bytes
->Google Chrome cache emptied: 7678517 bytes
->Flash cache emptied: 1651 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16889 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Amy Grace
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11152010_203832

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

+++++++++++++++++++++++++++

TDSSKiller log:

2010/11/15 21:04:30.0734 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/15 21:04:30.0734 ================================================================================
2010/11/15 21:04:30.0734 SystemInfo:
2010/11/15 21:04:30.0734
2010/11/15 21:04:30.0734 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/15 21:04:30.0734 Product type: Workstation
2010/11/15 21:04:30.0734 ComputerName: AMYGRACE
2010/11/15 21:04:30.0734 UserName: Amy Grace
2010/11/15 21:04:30.0734 Windows directory: C:\WINDOWS
2010/11/15 21:04:30.0734 System windows directory: C:\WINDOWS
2010/11/15 21:04:30.0734 Processor architecture: Intel x86
2010/11/15 21:04:30.0734 Number of processors: 2
2010/11/15 21:04:30.0734 Page size: 0x1000
2010/11/15 21:04:30.0734 Boot type: Normal boot
2010/11/15 21:04:30.0734 ================================================================================
2010/11/15 21:04:31.0078 Initialize success
2010/11/15 21:04:49.0062 ================================================================================
2010/11/15 21:04:49.0062 Scan started
2010/11/15 21:04:49.0062 Mode: Manual;
2010/11/15 21:04:49.0062 ================================================================================
2010/11/15 21:04:49.0671 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/15 21:04:49.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/15 21:04:49.0968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/15 21:04:50.0046 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/15 21:04:50.0500 AR5416 (7d53e5646ba23fd51296f7ef8979a000) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/11/15 21:04:50.0734 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
2010/11/15 21:04:50.0765 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/11/15 21:04:50.0843 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/15 21:04:50.0906 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/15 21:04:50.0968 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/15 21:04:51.0015 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/15 21:04:51.0078 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/15 21:04:51.0203 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/15 21:04:51.0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/15 21:04:51.0437 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/11/15 21:04:51.0562 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/11/15 21:04:51.0625 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/15 21:04:51.0750 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/15 21:04:51.0812 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2010/11/15 21:04:51.0984 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/15 21:04:52.0062 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/15 21:04:52.0296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/15 21:04:52.0390 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/15 21:04:52.0484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/15 21:04:52.0531 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/15 21:04:52.0718 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/15 21:04:52.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/15 21:04:52.0921 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/15 21:04:52.0968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/15 21:04:53.0046 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/15 21:04:53.0125 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/15 21:04:53.0171 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/15 21:04:53.0375 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/15 21:04:53.0453 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/15 21:04:53.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/15 21:04:53.0859 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/15 21:04:54.0625 IntcAzAudAddService (12a9dafe2266b6fa6ddbce1847347751) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/15 21:04:54.0750 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/15 21:04:54.0890 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/15 21:04:54.0968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/15 21:04:55.0078 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/15 21:04:55.0109 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/15 21:04:55.0203 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/15 21:04:55.0281 Ktp (6e775ade642556c6d43450d16d763fc2) C:\WINDOWS\system32\DRIVERS\ETD.sys
2010/11/15 21:04:55.0359 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2010/11/15 21:04:55.0453 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010/11/15 21:04:55.0562 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/15 21:04:55.0656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/15 21:04:55.0734 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/15 21:04:55.0843 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/15 21:04:55.0890 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/15 21:04:55.0984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/15 21:04:56.0078 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/15 21:04:56.0109 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/15 21:04:56.0203 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/15 21:04:56.0250 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/15 21:04:56.0281 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/15 21:04:56.0375 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/15 21:04:56.0453 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/15 21:04:56.0531 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/15 21:04:56.0609 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/15 21:04:56.0750 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/15 21:04:56.0843 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/15 21:04:57.0000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/15 21:04:57.0031 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/15 21:04:57.0109 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/15 21:04:57.0140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/15 21:04:57.0218 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/15 21:04:57.0281 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/15 21:04:57.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/15 21:04:57.0671 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/15 21:04:57.0703 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/15 21:04:57.0921 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/15 21:04:58.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/15 21:04:58.0125 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/15 21:04:58.0156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/15 21:04:58.0218 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/15 21:04:58.0390 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/15 21:04:58.0781 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/15 21:04:58.0859 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/15 21:04:59.0031 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/11/15 21:04:59.0312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/15 21:04:59.0609 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/15 21:04:59.0718 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/15 21:04:59.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/15 21:04:59.0937 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/15 21:05:00.0062 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/15 21:05:00.0171 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/15 21:05:00.0250 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/15 21:05:00.0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/15 21:05:00.0359 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/15 21:05:00.0437 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/15 21:05:00.0562 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/15 21:05:00.0656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/15 21:05:00.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/15 21:05:00.0875 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/15 21:05:01.0312 ================================================================================
2010/11/15 21:05:01.0312 Scan finished
2010/11/15 21:05:01.0312 ================================================================================
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

I updated Adobe & ran the scans you requested. The OTL & the TDSSKiller logs are below. I ran the DDS scan and I have the DDS.txt & Attach.txt files saved to my computer, however I was confused by your wording. For the OTL & TDSSKiller logs you said "copy & paste" but for these two you said "Post" in bold, blue italics. Is that somehow different? Or am I just being overly analytical & really I should just copy and paste as usual? Adding to my confusion, the Attach.txt file says to "zip it up & attach it" and I have no idea how to go about zipping a file, if that is what I'm supposed to be doing.
Thank you so much for your continued patience & support!

Your welcome! Sorry about the confusion with the wording. You can just copy and paste both of those logs and post them for me.
  • 0

Advertisements


#11
amy elizabeth

amy elizabeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks! Here are the DDS & Attach logs:


DDS (Ver_10-11-10.01) - NTFSx86
Run by Amy Grace at 21:21:41.81 on Mon 11/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.492 [GMT -5:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Updater.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\EeePCDisableAutoPlay\EeePCDisableAutoPlay.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Amy Grace\My Documents\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\documents and settings\amy grace\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,[email protected]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iRiver Updater] \Updater.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eeepcd~1.lnk - c:\windows\installer\{564dbeda-bd68-459a-b4b6-74341f28cf1d}\EeePCDisableAutoPl_564DBEDABD68459AB4B674341F28CF1D.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-2 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-2 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-2 40384]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-2 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-2 40384]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-25 14336]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys --> c:\windows\system32\drivers\RT2860.sys [?]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys --> c:\windows\system32\drivers\uvclf.sys [?]

=============== Created Last 30 ================

2010-11-15 19:42:30 -------- d-----w- c:\program files\ESET
2010-11-15 04:58:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-15 04:58:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-13 21:37:01 -------- d-----w- C:\_OTL
2010-11-13 00:21:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-11-13 00:21:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-11-13 00:20:47 42112 -c--a-w- c:\windows\system32\dllcache\imapi.sys
2010-11-13 00:20:47 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-11-13 00:20:34 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-11-13 00:20:34 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-11-13 00:19:35 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-11-13 00:19:35 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-11-13 00:17:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\WSTB

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2008-05-07 14:34:00 15523560 ----a-w- c:\program files\U1 Setup.exe

============= FINISH: 21:22:36.70 ===============


+++++++++++++++++++++++++

Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/11/2009 1:01:00 AM
System Uptime: 11/15/2010 8:39:28 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | 1002HA
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | PBGA 437 | 1600/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 82 GiB total, 29.322 GiB free.
D: is FIXED (NTFS) - 62 GiB total, 62.404 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel Audio Splitter
Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel Audio Splitter
PNP Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: splitter

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel Acoustic Echo Canceller
Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel Acoustic Echo Canceller
PNP Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: aec

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel GS Wavetable Synthesizer
Device ID: SW\{6C1B9F60-C0A9-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel GS Wavetable Synthesizer
PNP Device ID: SW\{6C1B9F60-C0A9-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: swmidi

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DLS Synthesizer
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Microsoft Kernel DLS Synthesizer
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DRM Audio Descrambler
Device ID: SW\{EEC12DB6-AD9C-4168-8658-B03DAEF417FE}\{ABD61E00-9350-47E2-A632-4438B90C6641}
Manufacturer: Microsoft
Name: Microsoft Kernel DRM Audio Descrambler
PNP Device ID: SW\{EEC12DB6-AD9C-4168-8658-B03DAEF417FE}\{ABD61E00-9350-47E2-A632-4438B90C6641}
Service: drmkaud

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


Adabas D 13.01.00
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
Amazon Unbox Video
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUSUpdate for Eee PC
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Azurewave Wireless LAN
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Eee Storage 1.2.10.245
EeePCDisableAutoPlay
ERUNT 1.1j
ESET Online Scanner v3
ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java Auto Updater
Java™ 6 Update 22
Lexmark 2400 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Reader
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Move Media Player
Pando Media Booster
QuickTime
Realtek High Definition Audio Driver
Rootkit Unhooker LE 3.8 SR 2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Selective Suspend Driver for CardReader
Skype™ 3.6
StarOffice 8 ASUS Edition
Super Hybrid Engine
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Writer
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver

==== Event Viewer Messages From Past Week ========

11/9/2010 2:13:22 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 00224353103C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/15/2010 7:12:08 PM, error: Dhcp [1002] - The IP address lease 10.60.99.242 for the Network Card with network address 00224353103C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/14/2010 11:35:52 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/13/2010 4:41:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2010 4:37:09 PM, error: SRService [104] - The System Restore initialization process failed.
11/13/2010 4:37:09 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
11/12/2010 7:30:29 PM, error: Service Control Manager [7034] - The lxcr_device service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 7:30:27 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2010 7:30:26 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 7:30:26 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 7:30:26 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 7:30:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2010 7:23:33 PM, error: Service Control Manager [7000] - The World Standard Teletext Codec service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:23:27 PM, error: Service Control Manager [7000] - The uvclf service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:23:27 PM, error: Service Control Manager [7000] - The USB Mass Storage Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:23:26 PM, error: Service Control Manager [7000] - The USB Scanner Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:23:26 PM, error: Service Control Manager [7000] - The Microsoft USB PRINTER Class service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:23:23 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\tdpipe.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
11/12/2010 7:23:17 PM, error: Service Control Manager [7000] - The Microsoft Kernel GS Wavetable Synthesizer service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:23:16 PM, error: Service Control Manager [7000] - The BDA IPSink service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:23:15 PM, error: Service Control Manager [7000] - The SSUSB Filter service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:23:15 PM, error: Service Control Manager [7000] - The SSDISK Filter service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:23:14 PM, error: Service Control Manager [7000] - The SRS Labs Premium Sound service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:23:12 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file slip.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.2600.5512.
11/12/2010 7:23:12 PM, error: Service Control Manager [7000] - The Microsoft Kernel Audio Splitter service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:23:10 PM, error: Service Control Manager [7000] - The BDA Slip De-Framer service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:22:56 PM, error: Service Control Manager [7000] - The Secdrv service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:51 PM, error: Service Control Manager [7000] - The Ralink 802.11n Wireless Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:42 PM, error: Service Control Manager [7000] - The Digital CD Audio Playback Filter Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:30 PM, error: Service Control Manager [7001] - The IPX Traffic Filter Driver service depends on the IPX Traffic Forwarder Driver service which failed to start because of the following error: The system cannot find the file specified.
11/12/2010 7:21:30 PM, error: Service Control Manager [7000] - The IPX Traffic Forwarder Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:25 PM, error: Service Control Manager [7000] - The Microsoft TV/Video Connection service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:24 PM, error: Service Control Manager [7000] - The NABTS/FEC VBI Codec service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:23 PM, error: Service Control Manager [7000] - The Microsoft Streaming Tee/Sink-to-Sink Converter service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:22 PM, error: Service Control Manager [7000] - The Microsoft Streaming Quality Manager Proxy service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:19 PM, error: Service Control Manager [7000] - The Microsoft Streaming Clock Proxy service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:18 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file lbrtfdc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.10.1.0.
11/12/2010 7:21:18 PM, error: Service Control Manager [7000] - The Microsoft Streaming Service Proxy service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:10 PM, error: Service Control Manager [7000] - The IR Enumerator Service service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:06 PM, error: Service Control Manager [7000] - The IP Network Address Translator service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:21:02 PM, error: Service Control Manager [7000] - The IP in IP Tunnel Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:20:58 PM, error: Service Control Manager [7000] - The IP Traffic Filter Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:20:52 PM, error: Service Control Manager [7000] - The IPv6 Windows Firewall Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:20:49 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file imapi.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
11/12/2010 7:20:47 PM, error: Service Control Manager [7000] - The CD-Burning Filter Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:20:40 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file i2omgmt.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
11/12/2010 7:20:27 PM, error: Service Control Manager [7000] - The i2omgmt service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:20:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\hidusb.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
11/12/2010 7:20:24 PM, error: Service Control Manager [7000] - The HP CD-Writer Controller Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:19:58 PM, error: Service Control Manager [7000] - The GEAR ASPI Filter Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:19:38 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file fdc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
11/12/2010 7:19:38 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file changer.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
11/12/2010 7:18:49 PM, error: Service Control Manager [7000] - The Microsoft Kernel DRM Audio Descrambler service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:18:48 PM, error: Service Control Manager [7000] - The Microsoft Kernel DLS Syntheiszer service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:18:48 PM, error: Service Control Manager [7000] - The CD-ROM Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:18:32 PM, error: Service Control Manager [7000] - The Closed Caption Decoder service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:18:30 PM, error: Service Control Manager [7000] - The WIDCOMM USB Bluetooth Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:18:25 PM, error: Service Control Manager [7000] - The Bluetooth LAN Access Server service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:18:21 PM, error: Service Control Manager [7000] - The Bluetooth Audio Device service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:18:16 PM, error: Service Control Manager [7000] - The ATM ARP Client Protocol service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:18:13 PM, error: Service Control Manager [7000] - The RAS Asynchronous Media Driver service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 7:18:10 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: The system cannot find the file specified.
11/12/2010 11:49:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/12/2010 11:44:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
11/12/2010 11:44:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/12/2010 11:44:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/12/2010 11:44:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/12/2010 11:44:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/12/2010 11:44:51 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/12/2010 11:44:51 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/12/2010 10:14:34 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 00224353103C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================
  • 0

#12
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello again,

Remove Program
We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
  • ESET Online Scanner v3
  • Rootkit Unhooker LE 3.8 SR 2



Please download JkDefrag by Jeroen Kessels
  • Unzip the program to a folder.
  • Reboot to release most of the files in use.
  • Double Click JkDefrag.exe to run the program.
Note: Everything is done automatically the moment you run JkDefrag.exe



You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.




How are things running?
  • 0

#13
amy elizabeth

amy elizabeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I removed the 2 programs you listed & ran the JkDefrag program (it took an hour and forty five minutes to run, is that normal?)Things seem to be running fine once the computer is actually started, however it still takes a frustratingly long time to start up. Even after I downloaded & ran StartupLite it still took 17 minutes to boot up. Could it be that there is still some sort of infection on my computer that the antivirus/malware scans haven't found? Or just a problem caused by the original infection?
  • 0

#14
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Yes the JkDefrag program can take a bit of time to run on your computer. How long have you been experiencing this long boot time for your computer to start up?
  • 0

#15
amy elizabeth

amy elizabeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Since Friday. The extended boot time has only been happening since I removed whatever weird virus/infection(s) was on my computer. Here is my timeline of events, in case it helps shed light on what is causing the problem.

Friday afternoon when I turned on my computer, everything started up fine (it took like a minute). However that evening I was online when all of a sudden my Avast antivirus began going crazy saying it had blocked one threat after another. I immediately closed my browser window, but blocked threat notifications from Avast continued to pop up. I quickly realized that Avast had not blocked everything when one of those fake security alert boxes (the kind that always stays on top, no matter how many different windows you open) appeared on my desktop telling me my system was infected & asking if I wanted to debug. I did not click on it because I knew it was a trap. Instead I ran an Avast boot time scan (which took nearly 3 hours). The scan said it didn't find any infected files, but the fake security box was back, so I deleted all of my temp files & ran a Malwarebytes quick scan. That scan found 37 infections & asked me to reboot. I did & that is when the problems began with the extra long start up times. After it was stuck on that blue windows start up screen for 5 or so minutes, I decided it had frozen & held the power button until it turned off. I tried to start it again, but the same thing happened, stuck on the windows start up screen. I turned it off again & booted it up in safe mode (which started in the normal amount of time). In safe mode I ran another Malwarebytes scan, which found another 4 infections & asked me to reboot again. I thought perhaps this time it would start normally, but it still got stuck on the windows start up screen. I restarted in safe mode & ran an Avast antivirus quick scan (which took 1 hour 15 minutes, but found nothing) and another Malwarebytes scan, which found 1 infected file & asked me to reboot again. I clicked yes, then went to bed & the next morning I found that my computer had actually rebooted, it just took an abnormally long time to do so. I restarted the computer again & timed how long it took (slightly more than 30 minutes) at which point I decided to call in the experts & started posting here.


And that is my story. I'm sure I went into way more detail than you wanted or needed to know, but I don't know enough about computers to know what is or is not helpful.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP