Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect (Another sadly)


  • This topic is locked This topic is locked

#1
Tryo

Tryo

    Member

  • Member
  • PipPip
  • 14 posts
Seems this is a common problem that i unfortunately had to come across. It affects both IE and Firefox. I have tried my anti virus software but cannot find anything, in addition my Microsoft Security Essentials does not load and seems to be locked out despite what i try. Hope you guys can help.

OTL Log File:

OTL logfile created on: 6/30/2011 3:29:40 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Christian\Desktop\Anti
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 82.68% Memory free
5.34 Gb Paging File | 5.02 Gb Available in Paging File | 93.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 2.18 Gb Free Space | 1.49% Space Free | Partition Type: NTFS
Drive D: | 319.27 Gb Total Space | 0.12 Gb Free Space | 0.04% Space Free | Partition Type: NTFS
Drive G: | 1.89 Gb Total Space | 0.16 Gb Free Space | 8.46% Space Free | Partition Type: FAT
Drive H: | 1.89 Gb Total Space | 0.27 Gb Free Space | 14.40% Space Free | Partition Type: FAT

Computer Name: KRALLE | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 15:27:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian\Desktop\Anti\OTL.exe
PRC - [2010/11/09 19:20:08 | 000,529,744 | ---- | M] (Sunbelt Software) -- C:\VIPRERESCUE\VipreRescueScanner.exe
PRC - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 01:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2005/06/02 02:34:34 | 000,067,160 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2002/06/27 01:21:30 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PRC - [2002/06/27 01:20:58 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/04/11 04:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/11 04:19:34 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2011/06/30 15:27:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian\Desktop\Anti\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/11/29 11:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2002/03/15 16:37:46 | 000,081,920 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/09/03 21:05:48 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/18 14:41:10 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/02/16 01:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/11/17 03:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/12/12 10:50:04 | 000,647,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/26 18:25:14 | 000,207,616 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/08/26 18:24:06 | 000,675,840 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/08/26 18:22:34 | 001,041,152 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/08/14 11:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...16&gct=&gc=1&q=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 13:17:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 03:19:15 | 000,000,000 | ---D | M]

[2009/10/23 20:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christian\Application Data\Mozilla\Extensions
[2011/05/08 03:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\sy56kv78.default\extensions
[2011/02/16 12:43:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\sy56kv78.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/08 03:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\sy56kv78.default\extensions\nostmp
[2011/05/08 02:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/26 01:32:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/25 13:17:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/26 01:31:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/08 03:19:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/30 14:14:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AIM] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: WinDriver = C:\Documents and Settings\Christian\Application Data\WinDriver.exe
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1230948972421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1230950844671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Christian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Christian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/02 03:01:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{25654be7-6d2b-11e0-b868-00111104630d}\Shell - "" = AutoRun
O33 - MountPoints2\{25654be7-6d2b-11e0-b868-00111104630d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{25654be7-6d2b-11e0-b868-00111104630d}\Shell\AutoRun\command - "" = I:\TL-Bootstrap.exe
O33 - MountPoints2\{e68aea1b-7c74-11df-b962-00111104630d}\Shell - "" = AutoRun
O33 - MountPoints2\{e68aea1b-7c74-11df-b962-00111104630d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e68aea1b-7c74-11df-b962-00111104630d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/30 14:35:28 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/30 14:35:28 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/06/30 14:35:15 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/06/30 14:14:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/30 14:11:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Christian\Recent
[2011/06/30 13:02:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Christian\Start Menu\Programs\Administrative Tools
[2011/06/30 13:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian\Desktop\Anti
[2011/06/30 11:27:42 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/06/29 01:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian\Desktop\Workout
[2009/01/02 21:17:39 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/06/30 15:07:48 | 007,567,904 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/06/30 15:03:06 | 403,640,864 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/06/30 14:35:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/06/30 14:27:24 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/06/30 14:27:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/30 14:27:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/30 14:27:10 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\tasks\KQALM.job
[2011/06/30 14:27:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/30 14:26:00 | 000,713,576 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/06/30 14:25:59 | 005,412,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/06/30 14:14:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/30 14:13:14 | 000,007,052 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\cc_20110630_141309.reg
[2011/06/30 14:09:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/29 23:03:12 | 000,311,188 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\cc_20110629_230302.reg
[2011/06/29 22:47:43 | 000,155,648 | RHS- | M] () -- C:\WINDOWS\System32\divxdecc.dll
[2011/06/29 03:32:31 | 000,232,448 | ---- | M] () -- C:\Documents and Settings\Christian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/23 22:13:30 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Christian\Desktop\Fibrocell Science Contact Us.URL
[2011/06/16 04:30:39 | 000,057,731 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff 3.htm
[2011/06/15 03:30:23 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 03:30:23 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/14 04:28:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/14 03:23:23 | 000,051,788 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\steph.htm
[2011/06/08 05:55:59 | 000,184,032 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff 2.htm
[2011/06/07 02:29:18 | 000,147,565 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff.htm
[2011/06/03 14:20:09 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\Christian\Desktop\Hair Cuttery.htm

========== Files Created - No Company Name ==========

[2011/06/30 14:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/06/30 14:13:11 | 000,007,052 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\cc_20110630_141309.reg
[2011/06/30 11:33:43 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/29 23:03:05 | 000,311,188 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\cc_20110629_230302.reg
[2011/06/29 22:47:43 | 000,000,318 | -HS- | C] () -- C:\WINDOWS\tasks\KQALM.job
[2011/06/29 22:47:42 | 000,155,648 | RHS- | C] () -- C:\WINDOWS\System32\divxdecc.dll
[2011/06/23 22:13:30 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Christian\Desktop\Fibrocell Science Contact Us.URL
[2011/06/16 03:33:10 | 000,057,731 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff 3.htm
[2011/06/14 02:07:17 | 000,051,788 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\steph.htm
[2011/06/08 02:55:44 | 000,184,032 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff 2.htm
[2011/06/06 18:15:20 | 000,147,565 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff.htm
[2011/06/03 14:20:09 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\Christian\Desktop\Hair Cuttery.htm
[2011/01/04 02:27:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/01/04 02:27:00 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/26 01:58:26 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/24 22:58:18 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/14 16:22:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/12 12:45:03 | 403,640,864 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/07/12 12:45:03 | 007,567,904 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/03/25 14:26:29 | 000,000,158 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2009/03/25 14:26:27 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/03/25 14:19:03 | 000,027,807 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2009/03/25 14:19:03 | 000,007,765 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2009/01/07 15:44:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/02 22:29:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/02 22:00:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/02 21:18:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/01/02 21:18:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/01/02 21:18:04 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2009/01/02 21:17:39 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2009/01/02 21:17:39 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/01/02 21:17:38 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2009/01/02 21:17:32 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2009/01/02 21:17:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2009/01/02 20:05:10 | 000,232,448 | ---- | C] () -- C:\Documents and Settings\Christian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/02 03:04:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/02 02:59:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/01 21:57:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/01 21:56:17 | 000,158,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2003/12/12 10:40:50 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/07/16 12:48:28 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:48:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:35:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:35:06 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:35:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:35:03 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:33:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:28:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:28:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:21:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:20:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/29 09:50:02 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2010/12/24 20:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/01/09 19:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/09/03 21:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/05 22:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/07/12 12:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/12/26 01:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/04/11 00:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/02 22:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Aim
[2011/06/30 11:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Azureus
[2010/12/24 20:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Braid
[2009/05/14 14:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/03 21:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\DAEMON Tools Lite
[2010/11/17 00:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\mp3rocket
[2011/01/14 03:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Notepad++
[2010/09/13 01:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\OpenOffice.org
[2011/01/07 17:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Rovio
[2011/03/18 18:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\spiral
[2010/05/02 20:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\uTorrent
[2009/02/08 14:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Viewpoint
[2009/01/12 22:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Xilisoft Corporation
[2009/06/26 14:28:11 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1238005596.job
[2011/06/30 14:27:10 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\Tasks\KQALM.job
[2011/06/30 14:09:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/30 14:27:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can kill this together

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: WinDriver = C:\Documents and Settings\Christian\Application Data\WinDriver.exe
    [2011/06/30 14:27:10 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\tasks\KQALM.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Tryo

Tryo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for the prompt assistance. The first step with the OTL script seems to have unlocked Microsoft Security Essentials (shows up on taskbar now) but i did not attempt to open. Here are the logs:


New OTL:

OTL logfile created on: 6/30/2011 4:48:53 PM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Christian\Desktop\Anti
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 3.09 Gb Available Physical Memory | 88.22% Memory free
5.34 Gb Paging File | 5.13 Gb Available in Paging File | 95.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 2.23 Gb Free Space | 1.52% Space Free | Partition Type: NTFS
Drive D: | 319.27 Gb Total Space | 0.12 Gb Free Space | 0.04% Space Free | Partition Type: NTFS
Drive G: | 1.89 Gb Total Space | 0.16 Gb Free Space | 8.35% Space Free | Partition Type: FAT
Drive H: | 1.89 Gb Total Space | 0.27 Gb Free Space | 14.40% Space Free | Partition Type: FAT

Computer Name: KRALLE | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 15:27:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian\Desktop\Anti\OTL.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 01:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/02 02:34:34 | 000,067,160 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2002/06/27 01:21:30 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PRC - [2002/06/27 01:20:58 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/04/11 04:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/11 04:19:34 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2011/06/30 15:27:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian\Desktop\Anti\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/11/29 11:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2002/03/15 16:37:46 | 000,081,920 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/03 21:05:48 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/18 14:41:10 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/02/16 01:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/11/17 03:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/12/12 10:50:04 | 000,647,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/26 18:25:14 | 000,207,616 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/08/26 18:24:06 | 000,675,840 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/08/26 18:22:34 | 001,041,152 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/08/14 11:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...16&gct=&gc=1&q=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 13:17:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 03:19:15 | 000,000,000 | ---D | M]

[2009/10/23 20:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christian\Application Data\Mozilla\Extensions
[2011/05/08 03:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\sy56kv78.default\extensions
[2011/02/16 12:43:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\sy56kv78.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/08 03:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\sy56kv78.default\extensions\nostmp
[2011/05/08 02:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/26 01:32:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/25 13:17:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/26 01:31:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/08 03:19:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/30 16:46:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AIM] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1230948972421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1230950844671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Christian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Christian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/02 03:01:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{25654be7-6d2b-11e0-b868-00111104630d}\Shell - "" = AutoRun
O33 - MountPoints2\{25654be7-6d2b-11e0-b868-00111104630d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{25654be7-6d2b-11e0-b868-00111104630d}\Shell\AutoRun\command - "" = I:\TL-Bootstrap.exe
O33 - MountPoints2\{e68aea1b-7c74-11df-b962-00111104630d}\Shell - "" = AutoRun
O33 - MountPoints2\{e68aea1b-7c74-11df-b962-00111104630d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e68aea1b-7c74-11df-b962-00111104630d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/30 16:46:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/30 16:45:04 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Christian\Desktop\aswMBR.exe
[2011/06/30 14:35:28 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/30 14:35:28 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/06/30 14:11:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Christian\Recent
[2011/06/30 13:02:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Christian\Start Menu\Programs\Administrative Tools
[2011/06/30 13:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian\Desktop\Anti
[2011/06/30 11:27:42 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/06/29 01:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian\Desktop\Workout
[2009/01/02 21:17:39 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/06/30 16:48:46 | 007,570,464 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/06/30 16:48:39 | 403,682,080 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/06/30 16:48:16 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/06/30 16:48:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/30 16:48:05 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/30 16:47:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/30 16:46:51 | 000,713,888 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/06/30 16:46:50 | 005,412,704 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/06/30 16:46:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/30 16:43:24 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Christian\Desktop\aswMBR.exe
[2011/06/30 14:13:14 | 000,007,052 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\cc_20110630_141309.reg
[2011/06/30 14:09:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/29 23:03:12 | 000,311,188 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\cc_20110629_230302.reg
[2011/06/29 22:47:43 | 000,155,648 | RHS- | M] () -- C:\WINDOWS\System32\divxdecc.dll
[2011/06/29 03:32:31 | 000,232,448 | ---- | M] () -- C:\Documents and Settings\Christian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/23 22:13:30 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Christian\Desktop\Fibrocell Science Contact Us.URL
[2011/06/16 04:30:39 | 000,057,731 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff 3.htm
[2011/06/15 03:30:23 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 03:30:23 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/14 04:28:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/14 03:23:23 | 000,051,788 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\steph.htm
[2011/06/08 05:55:59 | 000,184,032 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff 2.htm
[2011/06/07 02:29:18 | 000,147,565 | ---- | M] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff.htm
[2011/06/03 14:20:09 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\Christian\Desktop\Hair Cuttery.htm

========== Files Created - No Company Name ==========

[2011/06/30 14:13:11 | 000,007,052 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\cc_20110630_141309.reg
[2011/06/30 11:33:43 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/29 23:03:05 | 000,311,188 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\cc_20110629_230302.reg
[2011/06/29 22:47:42 | 000,155,648 | RHS- | C] () -- C:\WINDOWS\System32\divxdecc.dll
[2011/06/23 22:13:30 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Christian\Desktop\Fibrocell Science Contact Us.URL
[2011/06/16 03:33:10 | 000,057,731 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff 3.htm
[2011/06/14 02:07:17 | 000,051,788 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\steph.htm
[2011/06/08 02:55:44 | 000,184,032 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff 2.htm
[2011/06/06 18:15:20 | 000,147,565 | ---- | C] () -- C:\Documents and Settings\Christian\My Documents\new liz keith stuff.htm
[2011/06/03 14:20:09 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\Christian\Desktop\Hair Cuttery.htm
[2011/01/04 02:27:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/01/04 02:27:00 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/26 01:58:26 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/24 22:58:18 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/14 16:22:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/12 12:45:03 | 403,682,080 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/07/12 12:45:03 | 007,570,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/03/25 14:26:29 | 000,000,158 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2009/03/25 14:26:27 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/03/25 14:19:03 | 000,027,807 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2009/03/25 14:19:03 | 000,007,765 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2009/01/07 15:44:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/02 22:29:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/02 22:00:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/02 21:18:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/01/02 21:18:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/01/02 21:18:04 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2009/01/02 21:17:39 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2009/01/02 21:17:39 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/01/02 21:17:38 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2009/01/02 21:17:32 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2009/01/02 21:17:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2009/01/02 20:05:10 | 000,232,448 | ---- | C] () -- C:\Documents and Settings\Christian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/02 03:04:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/02 02:59:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/01 21:57:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/01 21:56:17 | 000,158,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2003/12/12 10:40:50 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/07/16 12:48:28 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:48:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:35:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:35:06 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:35:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:35:03 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:33:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:28:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:28:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:21:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:20:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/29 09:50:02 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2010/12/24 20:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/01/09 19:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/09/03 21:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/05 22:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/07/12 12:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/12/26 01:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/04/11 00:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/02 22:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Aim
[2011/06/30 11:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Azureus
[2010/12/24 20:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Braid
[2009/05/14 14:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/03 21:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\DAEMON Tools Lite
[2010/11/17 00:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\mp3rocket
[2011/01/14 03:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Notepad++
[2010/09/13 01:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\OpenOffice.org
[2011/01/07 17:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Rovio
[2011/03/18 18:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\spiral
[2010/05/02 20:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\uTorrent
[2009/02/08 14:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Viewpoint
[2009/01/12 22:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Xilisoft Corporation
[2009/06/26 14:28:11 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1238005596.job
[2011/06/30 14:09:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/30 16:48:05 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >




And aswMBR

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-30 16:53:00
-----------------------------
16:53:00.343 OS Version: Windows 5.1.2600 Service Pack 3
16:53:00.343 Number of processors: 2 586 0x209
16:53:00.343 ComputerName: KRALLE UserName:
16:53:01.031 Initialize success
16:54:29.203 AVAST engine defs: 11063000
16:54:36.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
16:54:36.703 Disk 0 Vendor: WDC_WD5000AACS-00D0B0 01.01B01 Size: 476940MB BusType: 3
16:54:36.703 Disk 0 MBR read error 0
16:54:36.703 Disk 0 MBR scan
16:54:36.703 Disk 0 unknown MBR code
16:54:36.703 MBR BIOS signature not found 0
16:54:36.703 Disk 0 scanning sectors +976752000
16:54:36.703 Disk 0 scanning C:\WINDOWS\system32\drivers
16:54:48.171 Service scanning
16:54:49.093 Disk 0 trace - called modules:
16:54:49.093 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys splt.sys hal.dll >>UNKNOWN [0x8b135938]<<
16:54:49.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0f7ab8]
16:54:49.093 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8b0cfb00]
16:54:51.140 AVAST engine scan C:\WINDOWS
16:56:29.546 AVAST engine scan C:\Documents and Settings\Christian
16:56:29.562 AVAST engine scan C:\Documents and Settings\All Users
16:56:29.562 Scan finished successfully
16:56:37.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Christian\Desktop\MBR.dat"
16:56:37.984 The log file has been saved successfully to "C:\Documents and Settings\Christian\Desktop\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
MBR has a suspicious look about it so....


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
Tryo

Tryo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
TDSSKiller did not find anything other that the suspicious sptd.sys file. Here is the log

2011/06/30 17:03:24.0750 1728 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/30 17:03:26.0750 1728 ================================================================================
2011/06/30 17:03:26.0750 1728 SystemInfo:
2011/06/30 17:03:26.0750 1728
2011/06/30 17:03:26.0750 1728 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/30 17:03:26.0750 1728 Product type: Workstation
2011/06/30 17:03:26.0750 1728 ComputerName: KRALLE
2011/06/30 17:03:26.0750 1728 UserName: Christian
2011/06/30 17:03:26.0750 1728 Windows directory: C:\WINDOWS
2011/06/30 17:03:26.0750 1728 System windows directory: C:\WINDOWS
2011/06/30 17:03:26.0750 1728 Processor architecture: Intel x86
2011/06/30 17:03:26.0750 1728 Number of processors: 2
2011/06/30 17:03:26.0750 1728 Page size: 0x1000
2011/06/30 17:03:26.0750 1728 Boot type: Normal boot
2011/06/30 17:03:26.0750 1728 ================================================================================
2011/06/30 17:03:28.0203 1728 Initialize success
2011/06/30 17:03:29.0937 2644 ================================================================================
2011/06/30 17:03:29.0937 2644 Scan started
2011/06/30 17:03:29.0937 2644 Mode: Manual;
2011/06/30 17:03:29.0937 2644 ================================================================================
2011/06/30 17:03:31.0187 2644 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/30 17:03:31.0250 2644 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/30 17:03:31.0312 2644 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/30 17:03:31.0359 2644 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/30 17:03:31.0390 2644 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/06/30 17:03:31.0437 2644 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/30 17:03:31.0671 2644 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/30 17:03:31.0718 2644 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/30 17:03:31.0796 2644 ati2mtag (b9aa7785f472a658436676cdaafc94da) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/30 17:03:31.0875 2644 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/30 17:03:31.0921 2644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/30 17:03:31.0968 2644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/30 17:03:32.0031 2644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/30 17:03:32.0093 2644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/30 17:03:32.0140 2644 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/30 17:03:32.0187 2644 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/30 17:03:32.0359 2644 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/30 17:03:32.0406 2644 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/30 17:03:32.0484 2644 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/30 17:03:32.0531 2644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/30 17:03:32.0562 2644 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/30 17:03:32.0625 2644 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/30 17:03:32.0656 2644 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/30 17:03:32.0718 2644 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/30 17:03:32.0765 2644 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/30 17:03:32.0781 2644 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/30 17:03:32.0812 2644 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/30 17:03:32.0875 2644 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/30 17:03:32.0906 2644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/30 17:03:33.0078 2644 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/30 17:03:33.0109 2644 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/30 17:03:33.0156 2644 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/30 17:03:33.0187 2644 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/30 17:03:33.0265 2644 HPZid412 (d3eaa6f63fff759d36f8b7adc0b52b7d) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/30 17:03:33.0281 2644 HPZipr12 (8b34661cd899e9274395d5f9ceef725e) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/30 17:03:33.0328 2644 HPZius12 (8c5b5566bbc78d6aedad44e92dbd878e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/30 17:03:33.0375 2644 HSFHWBS2 (e53970b0d5614f0b1220e35052828cc3) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/06/30 17:03:33.0421 2644 HSF_DP (7129d0662665b2442898a0ef8fc85bb5) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/06/30 17:03:33.0515 2644 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/30 17:03:33.0578 2644 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/30 17:03:33.0609 2644 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/30 17:03:33.0703 2644 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/30 17:03:33.0734 2644 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/30 17:03:33.0765 2644 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/30 17:03:33.0812 2644 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/30 17:03:33.0843 2644 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/30 17:03:33.0875 2644 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/30 17:03:33.0921 2644 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/30 17:03:33.0968 2644 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/30 17:03:34.0015 2644 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/30 17:03:34.0062 2644 KLIF (52b115b2be8987038d56b3b2aeb445f5) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/06/30 17:03:34.0109 2644 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/30 17:03:34.0171 2644 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/30 17:03:34.0234 2644 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/30 17:03:34.0281 2644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/30 17:03:34.0328 2644 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/30 17:03:34.0343 2644 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/30 17:03:34.0375 2644 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/30 17:03:34.0390 2644 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/30 17:03:34.0437 2644 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/30 17:03:34.0484 2644 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/30 17:03:34.0750 2644 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/30 17:03:34.0796 2644 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/30 17:03:34.0843 2644 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/30 17:03:34.0906 2644 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/30 17:03:34.0921 2644 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/30 17:03:34.0937 2644 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/30 17:03:34.0984 2644 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/30 17:03:35.0015 2644 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/30 17:03:35.0062 2644 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/30 17:03:35.0093 2644 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/30 17:03:35.0109 2644 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/30 17:03:35.0125 2644 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/30 17:03:35.0187 2644 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/30 17:03:35.0218 2644 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/30 17:03:35.0281 2644 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/30 17:03:35.0359 2644 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/30 17:03:35.0406 2644 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/30 17:03:35.0468 2644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/30 17:03:35.0500 2644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/30 17:03:35.0531 2644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/30 17:03:35.0578 2644 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/06/30 17:03:35.0656 2644 P16X (13026e137486d916a0677d276144ea7f) C:\WINDOWS\system32\drivers\P16X.sys
2011/06/30 17:03:35.0734 2644 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/30 17:03:35.0796 2644 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/30 17:03:35.0828 2644 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/30 17:03:35.0875 2644 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/30 17:03:35.0937 2644 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/30 17:03:35.0984 2644 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/30 17:03:36.0140 2644 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2011/06/30 17:03:36.0203 2644 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/30 17:03:36.0218 2644 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/30 17:03:36.0265 2644 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/30 17:03:36.0281 2644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/30 17:03:36.0406 2644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/30 17:03:36.0421 2644 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/30 17:03:36.0468 2644 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/30 17:03:36.0484 2644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/30 17:03:36.0515 2644 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/30 17:03:36.0546 2644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/30 17:03:36.0578 2644 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/30 17:03:36.0609 2644 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/30 17:03:36.0640 2644 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/30 17:03:36.0734 2644 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
2011/06/30 17:03:36.0796 2644 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/30 17:03:36.0828 2644 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/30 17:03:36.0875 2644 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/30 17:03:36.0921 2644 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/30 17:03:37.0015 2644 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/30 17:03:37.0078 2644 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/30 17:03:37.0078 2644 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/30 17:03:37.0078 2644 sptd - detected LockedFile.Multi.Generic (1)
2011/06/30 17:03:37.0109 2644 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/30 17:03:37.0171 2644 srescan (bb1cc49b817d2551eb321f4a9afb7d8c) C:\WINDOWS\system32\ZoneLabs\srescan.sys
2011/06/30 17:03:37.0234 2644 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/30 17:03:37.0296 2644 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/30 17:03:37.0328 2644 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/30 17:03:37.0437 2644 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/30 17:03:37.0500 2644 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/30 17:03:37.0562 2644 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/30 17:03:37.0593 2644 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/30 17:03:37.0625 2644 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/30 17:03:37.0718 2644 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/30 17:03:37.0781 2644 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/30 17:03:37.0843 2644 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/30 17:03:37.0875 2644 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/30 17:03:37.0906 2644 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/30 17:03:37.0953 2644 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/30 17:03:37.0968 2644 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/30 17:03:38.0015 2644 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/30 17:03:38.0078 2644 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/30 17:03:38.0109 2644 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/30 17:03:38.0156 2644 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/30 17:03:38.0203 2644 vsdatant (13a225a31f8d64a395373e9434d2d1ab) C:\WINDOWS\system32\vsdatant.sys
2011/06/30 17:03:38.0265 2644 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/30 17:03:38.0312 2644 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/30 17:03:38.0375 2644 winachsf (292b0bba146793a7937d9849bddb4298) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/30 17:03:38.0500 2644 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/30 17:03:38.0531 2644 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/30 17:03:38.0562 2644 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/30 17:03:38.0734 2644 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
2011/06/30 17:03:38.0843 2644 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR7
2011/06/30 17:03:38.0937 2644 Boot (0x1200) (5af88b25e0b57007cea5921ce1cbaa7b) \Device\Harddisk0\DR0\Partition0
2011/06/30 17:03:38.0968 2644 Boot (0x1200) (4d1125c546a3c86c35d8da259ff753aa) \Device\Harddisk0\DR0\Partition1
2011/06/30 17:03:38.0968 2644 Boot (0x1200) (076835f1298e3662cb6e8777de93af03) \Device\Harddisk1\DR3\Partition0
2011/06/30 17:03:38.0984 2644 Boot (0x1200) (5ad7e9b472fcb22584085c0cf70aef03) \Device\Harddisk2\DR7\Partition0
2011/06/30 17:03:39.0000 2644 ================================================================================
2011/06/30 17:03:39.0000 2644 Scan finished
2011/06/30 17:03:39.0000 2644 ================================================================================
2011/06/30 17:03:39.0015 1984 Detected object count: 1
2011/06/30 17:03:39.0015 1984 Actual detected object count: 1
2011/06/30 17:03:42.0062 1984 LockedFile.Multi.Generic(sptd) - User select action: Skip
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now update and run Malwarebytes please and post the resultant log... Also could you check for redirects :)
  • 0

#7
Tryo

Tryo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Will do, I will also run Security Essentials as well unless otherwise told
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope sounds cool - only a quick scan is required with Malwarebytes
  • 0

#9
Tryo

Tryo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Found nothing with the virus scans and no signs of redirects with Firefox or IE.

Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6989

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/30/2011 5:18:12 PM
mbam-log-2011-06-30 (17-18-12).txt

Scan type: Quick scan
Objects scanned: 147051
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Let me know if there is anything else or other scans i should do. Otherwise thanks for the quick and speedy help. It is very appreciated.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#11
Tryo

Tryo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Once again thanks for the help, tips and recommendations. I will check back in at 24 hours and hopefully my computer will still be clean.

Once again thanks.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure :)
  • 0

#13
Tryo

Tryo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
about 24 hours later and so far everything is working fine with no problems. Thanks once again.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP