[360nourishment]

Hello

Yesterday morning, I noticed that my internet browsers are crashing (Chrome & Firefox). I first began by uninstalling / re-installing the browsers (And deleting all personal preferences and bookmarks for both). Then I ran anti-virsus scans, malaware scans, anti-spyware scans. I located a few items which I quarantined, but I still had issues with the browsers crashing.

Today I noticed an additional problem, when I search for something on google, when I click on a result, I am redirected to another URL.

I ran GMER, OTL and Combofix. GMER & OTL ran successfully. The real problem was Combofix, the window said that it was scanning the files but it didn't scan anything (and I waited over an hour). I tried running Combofix a couple of times before I gave up.


Does anyone know why I am unable to run this program (BTW, the version I ran is the most updated)?

Thanx for any help you provide, I truly hate people who invent these stupid viruses / malaware.

TB

Edited by JSntgRvr, 17 July 2011 - 03:48 PM.

[Advertisements]

Hi, 360nourishment! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Please do the following:

Step 1

OTL Custom Scan

• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Check the boxes beside LOP Check and Purity Check.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

When completed the above, please post back the following in the order asked for:

• OTL scan log
  
• aswMBR log
  
• Please post also your GMER and Combofix logs if possible
  

[Render]

Hi, 360nourishment! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Please do the following:

Step 1

OTL Custom Scan

• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Check the boxes beside LOP Check and Purity Check.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

When completed the above, please post back the following in the order asked for:

• OTL scan log
  
• aswMBR log
  
• Please post also your GMER and Combofix logs if possible
  

[360nourishment]

Hello Render

You replied just as I was printing out instructtions to re-install my Operating System, lol.

Here are the logs in the order you requested. (I deleted my GMER logs yesterday). Thanks.

OTL

OTL logfile created on: 5/1/2011 2:18:37 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Taheerah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 36.30 Gb Total Space | 6.45 Gb Free Space | 17.78% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 232.83 Gb Total Space | 205.64 Gb Free Space | 88.32% Space Free | Partition Type: FAT32
Unable to calculate disk information.

Computer Name: DELL-A0D343AE12 | User Name: Taheerah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 14:05:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Taheerah\Desktop\OTL.exe
PRC - [2011/04/28 16:35:44 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/28 16:34:40 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/04/28 16:34:36 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/28 16:34:26 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/04/28 16:34:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 16:34:21 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/04/21 16:54:40 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/21 16:54:38 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/20 11:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/02/09 15:00:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/02/06 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/28 15:04:02 | 001,941,808 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
PRC - [2006/12/28 14:55:14 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/12/28 14:55:06 | 000,407,072 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/12/28 14:48:54 | 001,165,104 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/06/29 16:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 16:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/10/07 18:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 20:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/29 03:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 14:05:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Taheerah\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/06/29 16:13:50 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/28 16:35:44 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/28 16:34:40 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/04/28 16:34:26 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/04/28 16:34:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/12/28 14:55:06 | 000,407,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/06/29 16:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/04/28 16:36:42 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/04/28 16:36:41 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/28 16:36:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/28 16:34:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/12/28 15:29:28 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/12/28 15:29:28 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/12/28 15:29:10 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2006/12/18 14:00:14 | 000,424,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/21 15:55:02 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/06 19:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/09/29 00:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 21:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 19:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 19:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 19:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 20:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/11 17:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/23 21:04:00 | 000,076,160 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gticard.sys -- (GTICARD)
DRV - [2003/08/29 19:56:12 | 000,052,080 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/01/23 20:37:50 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 13:48:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 11:30:42 | 000,000,000 | ---D | M]

[2011/04/27 13:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Taheerah\Application Data\Mozilla\Extensions
[2011/04/27 13:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/12 12:10:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/22 11:43:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 16:30:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/30 03:06:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/27 12:47:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010/05/22 11:43:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/19 02:03:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/12 14:09:00 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/27 21:09:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35(1).exe (SurfRight B.V.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Taheerah\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Taheerah\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Taheerah/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/Taheerah/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Taheerah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Taheerah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/28 11:04:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/12/07 14:35:32 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 14:05:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Taheerah\Desktop\OTL.exe
[2011/05/01 12:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Local Settings\Application Data\WMTools Downloaded Files
[2011/04/30 22:49:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/04/30 19:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/04/30 19:48:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/04/30 19:48:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/04/30 19:48:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/04/30 19:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/30 19:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/04/30 19:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\IObit
[2011/04/30 19:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/04/30 18:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/04/30 15:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/30 15:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/30 15:31:52 | 030,459,048 | ---- | C] (IObit ) -- C:\Documents and Settings\Taheerah\Desktop\asc4-setup-cnet.exe
[2011/04/29 16:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/28 16:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\Avira
[2011/04/28 16:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/04/28 16:47:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/28 16:47:13 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/28 16:47:13 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/28 16:47:13 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/28 16:47:13 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/28 16:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/27 19:36:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/27 19:36:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/27 19:36:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/27 19:36:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/27 16:43:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/04/27 16:35:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/27 16:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/04/27 15:58:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Taheerah\Recent
[2011/04/27 13:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/27 12:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/27 12:47:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/27 12:47:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/27 12:47:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/27 10:05:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/08 23:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\IBP
[2011/04/06 16:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/04/06 16:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/04/04 13:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/04 13:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[2011/05/01 14:21:37 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/05/01 14:05:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Taheerah\Desktop\OTL.exe
[2011/05/01 12:56:56 | 000,082,642 | ---- | M] () -- C:\ads_err.adt
[2011/05/01 12:54:09 | 000,004,608 | ---- | M] () -- C:\ads_err.adi
[2011/05/01 10:46:49 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/01 10:45:15 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/05/01 10:45:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 23:30:39 | 000,073,740 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\List2.xml
[2011/04/30 19:52:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 19:32:40 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/04/30 19:32:40 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Taheerah\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/04/30 19:32:39 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/04/30 18:00:10 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/04/30 15:31:56 | 030,459,048 | ---- | M] (IObit ) -- C:\Documents and Settings\Taheerah\Desktop\asc4-setup-cnet.exe
[2011/04/29 17:15:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2011/04/29 13:08:08 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/28 18:39:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/28 16:47:42 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/28 16:36:42 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/28 16:36:41 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/28 16:36:39 | 000,022,360 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/28 16:36:38 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/28 16:36:38 | 000,045,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/27 21:09:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/27 16:35:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Taheerah\Local Settings\Application Data\prvlcl.dat
[2011/04/27 13:54:13 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/27 13:48:45 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Taheerah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/27 13:48:45 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/27 13:37:26 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\SpywareBlaster.lnk
[2011/04/25 11:30:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/19 16:35:54 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Traffic Travis.lnk
[2011/04/15 10:16:39 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 02:54:05 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 02:54:05 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/06 16:25:12 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/04/06 16:25:12 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

========== Files Created - No Company Name ==========

[2011/05/01 14:21:37 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/04/30 23:30:32 | 000,073,740 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\List2.xml
[2011/04/30 19:52:12 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/04/30 19:48:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 19:33:01 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/04/30 19:32:40 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/04/30 19:32:40 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Taheerah\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/04/30 19:32:39 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/04/30 18:00:10 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/04/30 15:43:40 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/28 16:47:42 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/28 16:30:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/27 19:36:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/27 19:36:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/27 19:36:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/27 19:36:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/27 19:36:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/27 13:54:13 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/27 13:48:45 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Taheerah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/27 13:48:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/27 13:48:45 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/27 13:34:45 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\SpywareBlaster.lnk
[2011/04/06 16:25:12 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/04/06 16:25:12 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/10/16 09:32:34 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/13 14:22:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Taheerah\Local Settings\Application Data\prvlcl.dat
[2010/05/12 13:25:13 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/11 12:32:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/02 02:02:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/02/28 15:33:09 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/02/28 15:33:09 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/02/28 15:33:09 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/02/28 15:33:09 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/02/28 15:33:09 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/02/28 15:33:09 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/02/28 15:33:09 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/02/28 15:33:09 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/02/28 15:33:09 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/02/28 15:33:09 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/02/28 15:33:09 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/02/28 15:33:09 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/02/28 15:33:09 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/02/28 15:33:09 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/02/28 15:33:09 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/02/28 15:33:09 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/28 15:30:22 | 000,000,089 | ---- | C] () -- C:\WINDOWS\EPWF610.ini
[2010/02/20 22:53:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2010/02/20 22:45:53 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2010/02/20 22:45:53 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2009/11/11 14:37:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/11/10 13:50:08 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/09/27 13:43:12 | 000,052,968 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/31 16:54:02 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/08/31 10:04:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/17 16:10:09 | 009,983,264 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/17 16:10:09 | 000,295,712 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/17 15:54:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/04 11:42:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/21 19:29:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007/12/28 13:50:53 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2007/12/28 11:07:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/28 11:00:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/12/28 02:51:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/28 02:50:18 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/27 20:33:07 | 000,017,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[2006/03/28 15:29:06 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/28 15:28:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 21:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 10:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/18 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 04:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 04:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/04/16 16:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011/04/27 16:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/05/21 16:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/12/21 22:59:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/03/19 19:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/04/30 16:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/30 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/12/21 22:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/10/20 13:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2010/02/20 22:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2011/04/29 14:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/26 00:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/04/06 16:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/11/11 10:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC
[2009/11/23 03:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/06/19 21:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 11:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/21 23:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/23 16:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Affilorama
[2011/03/09 19:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\AnvSoft
[2010/12/21 23:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\AVG10
[2010/05/23 17:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\AVG9
[2009/08/31 16:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Blackberry Desktop
[2009/08/21 19:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/03 23:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\DVDVideoSoftIEHelpers
[2010/07/19 22:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Epson
[2009/11/10 13:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Foxit
[2010/07/26 13:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Foxit Software
[2010/06/04 10:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\FreeAudioPack
[2011/04/09 00:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\IBP
[2011/03/24 19:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\inkscape
[2010/05/28 10:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\InterVideo
[2011/04/30 19:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\IObit
[2010/03/19 19:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Leadertech
[2009/08/31 16:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Research In Motion
[2010/02/20 22:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Smart PDF Converter
[2010/02/20 23:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\SolidDocuments
[2009/08/26 00:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\TuneUp Software
[2010/09/24 00:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/04/29 17:15:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2011/05/01 10:45:15 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/03/25 03:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\defrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/03 20:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/03 20:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 20:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 20:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< >

========== Files - Unicode (All) ==========
[2009/08/17 17:17:20 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/08/17 16:08:00 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF4CCAAD

< End of report >




aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-01 14:29:35
-----------------------------
14:29:35.390 OS Version: Windows 5.1.2600 Service Pack 3
14:29:35.390 Number of processors: 1 586 0xD08
14:29:35.390 ComputerName: DELL-A0D343AE12 UserName: Taheerah
14:29:36.361 Initialize success
14:29:38.755 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
14:29:38.765 Disk 0 Vendor: TOSHIBA_MK4026GAX PA102D Size: 38154MB BusType: 3
14:29:38.765 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK4026GAX_______________________PA102D__#5&66ae477&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
14:29:38.765 Device \Driver\atapi -> DriverStartIo 8a553af1
14:29:40.858 Disk 0 MBR read successfully
14:29:40.868 Disk 0 MBR scan
14:29:40.868 Disk 0 unknown MBR code
14:29:42.921 Disk 0 scanning sectors +78140160
14:29:42.921 Disk 0 scanning C:\WINDOWS\system32\drivers
14:29:50.592 File C:\WINDOWS\system32\drivers\snapman.sys TDL3 **ROOTKIT**
14:29:50.592 Disk 0 trace - called modules:
14:29:50.602 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a553ecc]<<
14:29:50.602 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5a1ab8]
14:29:50.602 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a507b08]
14:29:50.602 [0x8a5a3b28] -> IRP_MJ_CREATE -> 0x8a553ecc
14:29:50.602 Scan finished successfully
14:30:15.658 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Taheerah\Desktop\MBR.dat"
14:30:15.668 The log file has been saved successfully to "C:\Documents and Settings\Taheerah\Desktop\aswMBR.txt"

[Render]

Hi,

Let's try with this first:

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix button



Save the log as before and post in your next reply

[360nourishment]

Hi,

Unfortunately, I do not have the option to select 'Fix' after my scan. The only button I can press is the 'Fix MBR'.

Please advise.

Thanks

[Render]

Yes. That was actually my mistake. Sorry for that.

We will try with another tool. Please do the following:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[360nourishment]

Hi,

When I ran TDSSKiller, I accidently closed the program out after it identified the rootkit (I didn't get to the second step). When I tried to re-run the program, it said, no infections found? I attempted to reboot my computer and re-ran the program and it said the same thing.

I hope that I didn't royally screw things up!

[Render]

It's OK. Please take a look in your root directory, (usually C:\ folder) for TDK log in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[360nourishment]

Hi,

Ok, please see below...


2011/05/01 15:41:48.0761 5288 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/01 15:41:49.0382 5288 ================================================================================
2011/05/01 15:41:49.0382 5288 SystemInfo:
2011/05/01 15:41:49.0382 5288
2011/05/01 15:41:49.0382 5288 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/01 15:41:49.0382 5288 Product type: Workstation
2011/05/01 15:41:49.0382 5288 ComputerName: DELL-A0D343AE12
2011/05/01 15:41:49.0382 5288 UserName: Taheerah
2011/05/01 15:41:49.0382 5288 Windows directory: C:\WINDOWS
2011/05/01 15:41:49.0382 5288 System windows directory: C:\WINDOWS
2011/05/01 15:41:49.0382 5288 Processor architecture: Intel x86
2011/05/01 15:41:49.0382 5288 Number of processors: 1
2011/05/01 15:41:49.0382 5288 Page size: 0x1000
2011/05/01 15:41:49.0382 5288 Boot type: Normal boot
2011/05/01 15:41:49.0382 5288 ================================================================================
2011/05/01 15:41:49.0913 5288 Initialize success
2011/05/01 15:41:56.0362 5872 ================================================================================
2011/05/01 15:41:56.0362 5872 Scan started
2011/05/01 15:41:56.0362 5872 Mode: Manual;
2011/05/01 15:41:56.0362 5872 ================================================================================
2011/05/01 15:42:00.0518 5872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/01 15:42:00.0969 5872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/01 15:42:01.0129 5872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/01 15:42:01.0219 5872 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/01 15:42:01.0439 5872 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/05/01 15:42:01.0599 5872 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/05/01 15:42:01.0650 5872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/01 15:42:01.0830 5872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/01 15:42:01.0960 5872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/01 15:42:02.0120 5872 ati2mtag (8eb17cf829df300cc885651cfeaf931c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/01 15:42:02.0210 5872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/01 15:42:02.0290 5872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/01 15:42:02.0421 5872 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/01 15:42:02.0591 5872 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/01 15:42:02.0701 5872 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/01 15:42:02.0751 5872 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/01 15:42:02.0911 5872 BCM43XX (bf84c5cab6392bb4ef01248287f69388) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/01 15:42:02.0991 5872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/01 15:42:03.0202 5872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/01 15:42:03.0292 5872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/01 15:42:03.0382 5872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/01 15:42:03.0462 5872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/01 15:42:03.0602 5872 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/01 15:42:03.0672 5872 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/01 15:42:03.0803 5872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/01 15:42:03.0933 5872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/01 15:42:04.0023 5872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/01 15:42:04.0093 5872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/01 15:42:04.0143 5872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/01 15:42:04.0223 5872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/01 15:42:04.0273 5872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/01 15:42:04.0353 5872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/01 15:42:04.0394 5872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/01 15:42:04.0454 5872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/01 15:42:04.0604 5872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/01 15:42:04.0674 5872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/01 15:42:04.0734 5872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/01 15:42:04.0814 5872 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/01 15:42:04.0964 5872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/01 15:42:05.0034 5872 GTICARD (5ccb2f5cd9f8b6a7dfd57e5346ee5796) C:\WINDOWS\system32\DRIVERS\gticard.sys
2011/05/01 15:42:05.0115 5872 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
2011/05/01 15:42:05.0205 5872 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/05/01 15:42:05.0315 5872 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2011/05/01 15:42:05.0435 5872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/01 15:42:05.0705 5872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/01 15:42:05.0816 5872 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/01 15:42:05.0946 5872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/01 15:42:06.0416 5872 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/01 15:42:06.0497 5872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/01 15:42:06.0577 5872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/01 15:42:06.0647 5872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/01 15:42:06.0737 5872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/01 15:42:06.0807 5872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/01 15:42:06.0927 5872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/01 15:42:06.0987 5872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/01 15:42:07.0117 5872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/01 15:42:07.0178 5872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/01 15:42:07.0248 5872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/01 15:42:07.0328 5872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/01 15:42:07.0458 5872 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/01 15:42:07.0568 5872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/01 15:42:07.0708 5872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/01 15:42:07.0778 5872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/01 15:42:07.0828 5872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/01 15:42:07.0959 5872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/01 15:42:08.0059 5872 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/01 15:42:08.0149 5872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/01 15:42:08.0239 5872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/01 15:42:08.0339 5872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/01 15:42:08.0409 5872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/01 15:42:08.0529 5872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/01 15:42:08.0770 5872 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/01 15:42:08.0870 5872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/01 15:42:08.0950 5872 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/01 15:42:09.0010 5872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/01 15:42:09.0120 5872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/01 15:42:09.0200 5872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/01 15:42:09.0281 5872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/01 15:42:09.0351 5872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/01 15:42:09.0481 5872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/01 15:42:09.0571 5872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/01 15:42:09.0651 5872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/01 15:42:09.0821 5872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/01 15:42:09.0931 5872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/01 15:42:10.0052 5872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/01 15:42:10.0162 5872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/01 15:42:10.0242 5872 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/05/01 15:42:10.0362 5872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/01 15:42:10.0502 5872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/01 15:42:10.0642 5872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/01 15:42:10.0733 5872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/01 15:42:10.0793 5872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/01 15:42:10.0833 5872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/01 15:42:11.0123 5872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/01 15:42:11.0163 5872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/01 15:42:11.0183 5872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/01 15:42:11.0233 5872 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/01 15:42:11.0384 5872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/01 15:42:11.0454 5872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/01 15:42:11.0674 5872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/01 15:42:11.0734 5872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/01 15:42:11.0804 5872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/01 15:42:11.0914 5872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/01 15:42:12.0004 5872 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/01 15:42:12.0215 5872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/01 15:42:12.0365 5872 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/05/01 15:42:12.0445 5872 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/01 15:42:12.0766 5872 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/01 15:42:13.0046 5872 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/01 15:42:13.0086 5872 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/01 15:42:13.0216 5872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/01 15:42:13.0306 5872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/01 15:42:13.0386 5872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/01 15:42:13.0507 5872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/01 15:42:13.0747 5872 snapman (bcac5aebae903d0f082b995d948bf0e4) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/05/01 15:42:13.0747 5872 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\snapman.sys. Real md5: bcac5aebae903d0f082b995d948bf0e4, Fake md5: e78c98378a071ce4d48a7c514fa98fa1
2011/05/01 15:42:13.0757 5872 snapman - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/01 15:42:13.0917 5872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/01 15:42:13.0987 5872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/01 15:42:14.0107 5872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/01 15:42:14.0198 5872 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/01 15:42:14.0298 5872 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\stac97.sys
2011/05/01 15:42:14.0388 5872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/01 15:42:14.0428 5872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/01 15:42:14.0578 5872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/01 15:42:14.0728 5872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/01 15:42:14.0819 5872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/01 15:42:14.0929 5872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/01 15:42:14.0999 5872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/01 15:42:15.0079 5872 tifsfilter (d352fff2a623b916c08ceacbfc8b5c32) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/05/01 15:42:15.0179 5872 timounter (64694b2a5c772e1c61feac300ed90ca6) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/05/01 15:42:15.0259 5872 tiumfwl (7ed11f79540ff1bc2ac12d2ae489474a) C:\WINDOWS\system32\drivers\tiumfwl.sys
2011/05/01 15:42:15.0399 5872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/01 15:42:15.0580 5872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/01 15:42:15.0710 5872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/01 15:42:15.0790 5872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/01 15:42:15.0890 5872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/01 15:42:16.0000 5872 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/01 15:42:16.0090 5872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/01 15:42:16.0200 5872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/01 15:42:16.0311 5872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/01 15:42:16.0421 5872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/01 15:42:16.0561 5872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/01 15:42:16.0811 5872 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/01 15:42:17.0032 5872 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/01 15:42:17.0132 5872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/01 15:42:17.0232 5872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/01 15:42:17.0502 5872 ================================================================================
2011/05/01 15:42:17.0502 5872 Scan finished
2011/05/01 15:42:17.0502 5872 ================================================================================
2011/05/01 15:42:17.0522 1560 Detected object count: 1
2011/05/01 15:42:56.0739 1560 snapman (bcac5aebae903d0f082b995d948bf0e4) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/05/01 15:42:56.0739 1560 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\snapman.sys. Real md5: bcac5aebae903d0f082b995d948bf0e4, Fake md5: e78c98378a071ce4d48a7c514fa98fa1
2011/05/01 15:42:57.0099 1560 Backup copy found, using it..
2011/05/01 15:42:57.0119 1560 C:\WINDOWS\system32\DRIVERS\snapman.sys - will be cured after reboot
2011/05/01 15:42:57.0119 1560 Rootkit.Win32.TDSS.tdl3(snapman) - User select action: Cure
2011/05/01 15:43:10.0929 3124 Deinitialize success

[Render]

Seems like TDK successfully removed the main infection. Let's check it:

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[360nourishment]

Hi Render

Here you go...


aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-01 16:14:03
-----------------------------
16:14:03.639 OS Version: Windows 5.1.2600 Service Pack 3
16:14:03.639 Number of processors: 1 586 0xD08
16:14:03.639 ComputerName: DELL-A0D343AE12 UserName: Taheerah
16:14:04.681 Initialize success
16:14:19.592 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:14:19.602 Disk 0 Vendor: TOSHIBA_MK4026GAX PA102D Size: 38154MB BusType: 3
16:14:21.715 Disk 0 MBR read successfully
16:14:21.715 Disk 0 MBR scan
16:14:21.715 Disk 0 unknown MBR code
16:14:23.718 Disk 0 scanning sectors +78140160
16:14:23.718 Disk 0 scanning C:\WINDOWS\system32\drivers
16:14:31.760 Service scanning
16:14:32.801 Disk 0 trace - called modules:
16:14:32.861 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
16:14:32.861 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5c6ab8]
16:14:32.871 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5fb940]
16:14:32.871 Scan finished successfully
16:14:59.560 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Taheerah\Desktop\MBR.dat"
16:14:59.620 The log file has been saved successfully to "C:\Documents and Settings\Taheerah\Desktop\aswMBR.txt"

[Render]

This looks good from logs. Please check for redirects and do the following.

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

• On the first tab select all elements down to Computer and then select start scan
• Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

• Select the Manual Disinfection tab
• Press the Gather System Information button
• Once done Open the last report saved folder then attach the zip file to your next post zip
• The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

How to add an attachment to a new topic or reply

[360nourishment]

Hi,

Below is what I received after I ran an Autoscan

Autoscan: completed 4 minutes ago (events: 2, objects: 152503, time: 01:10:37)

5/1/2011 5:09:18 PM Task started
5/1/2011 6:19:57 PM Task completed


Attached is the zip file from my Manual scan.

Attached Files

•  avptool_sysinfo.zip   21.55KB   105 downloads

[Render]

Thank you. Are you still getting the redirects?

On your desktop should be a file MBR.dat. Please go to http://virustotal.com, hit the Browse button then point it at your desktop and the file MBR.dat and then Open. Then hit Send file and then Reanalyse. It will query about 40 anti-virus companies and ask their opinion of the file. IF it doesn't say 0/40 or so please copy the report and paste it into a reply.

[360nourishment]

Hi Render,

No, I am no getting any more redirects. The result of the analysis is 0/42.