Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Typing resizes my windows

Started by jpe228 , Aug 16 2011 10:50 AM

  • Please log in to reply

#1
jpe228
Posted 16 August 2011 - 10:50 AM

jpe228

    Member

  • Member
  • PipPip
  • 17 posts
My current problem on my work computer happens once or twice a day and makes working somewhat difficult.

The computer works normally for at least an hour, and then something happens that typing in anything adds a host of commands. It usually begins when I am typing, and has occurred the last few times at the letter "c."
Typing "c" restores all windows that I have open to the same size and tiles them in my monitor.
Typing "p" expands the window I am working in across my two monitors.
Typing "e" restores the window that I am working in to one screen, but only if it has been "P" maximized.
Sometimes but not consistently, "c" changes the window I am working in to a different one, which is difficult if I am typing a sentence, as I can't type continuously like I am now (albeit with constant window sizing issues).

These problems occur consistently for about an hour and then the computer goes back to normal. Sometimes this happens again later.
Restarting fixes this temporarily, but only for a few hours, when the error begins again.

I literally have no idea what the problem is (hardware, software, spyware...) or how to go about fixing it. One of our IT guys saw my computer doing this the other day and offered "How do you get any work done when it's like that?" but alas, no expert advice.

I ran the OTL scan today, and I pasted the log below.

OTL logfile created on: 8/16/2011 12:28:24 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\jennifer.engeleit\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 29.43% Memory free
3.81 Gb Paging File | 2.51 Gb Available in Paging File | 65.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.41 Gb Free Space | 30.65% Space Free | Partition Type: NTFS
Drive X: | 298.02 Gb Total Space | 259.44 Gb Free Space | 87.05% Space Free | Partition Type: FAT

Computer Name: OM-4510 | User Name: jennifer.engeleit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 09:49:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer.engeleit\My Documents\Downloads\OTL.exe
PRC - [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\jennifer.engeleit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/27 19:03:16 | 000,165,088 | ---- | M] (Fieldston Software) -- C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe
PRC - [2011/07/20 20:10:52 | 005,263,968 | ---- | M] (Spotify Ltd) -- C:\Program Files\Spotify\spotify.exe
PRC - [2011/06/29 08:56:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/16 23:26:08 | 020,759,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
PRC - [2010/07/21 17:39:20 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\U2VSvr.exe
PRC - [2010/07/21 17:38:10 | 000,770,048 | ---- | M] (Magic Control Technology Corporation) -- C:\WINDOWS\system32\MTri1+.exe
PRC - [2010/03/29 20:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/03/23 10:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009/09/22 22:22:14 | 000,315,736 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
PRC - [2009/09/18 18:03:08 | 000,138,792 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
PRC - [2009/02/19 11:56:40 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/02/19 11:56:36 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\lms.exe
PRC - [2008/12/11 20:53:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/11 20:53:40 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 09:49:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer.engeleit\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/10 11:54:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/21 17:39:20 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\U2VSvr.exe -- (U2VSvr)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/22 22:22:14 | 000,315,736 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe -- (AVP)
SRV - [2009/09/18 18:03:08 | 000,138,792 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe -- (klnagent)
SRV - [2009/02/19 11:56:40 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/02/19 11:56:36 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\lms.exe -- (LMS) Intel®
SRV - [2008/12/11 20:53:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/02/09 16:40:06 | 000,223,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/01/26 19:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/07/13 18:04:52 | 000,111,104 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\t1pusb.sys -- (t1pusb)
DRV - [2010/01/20 14:37:06 | 000,030,720 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\T1PMrGrp.sys -- (T1PMrGrp)
DRV - [2010/01/20 14:37:06 | 000,030,080 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\T1PExGrp.sys -- (T1PExGrp)
DRV - [2009/09/14 15:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/03 17:24:40 | 000,024,848 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2009/09/01 16:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/05/04 22:03:40 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/12/29 21:34:52 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2008/08/27 18:09:10 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/05/23 17:54:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\jennifer.engeleit\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\jennifer.engeleit\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/13 13:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/13 13:26:38 | 000,000,000 | ---D | M]

[2011/02/10 10:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jennifer.engeleit\Application Data\Mozilla\Extensions
[2011/08/01 13:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jennifer.engeleit\Application Data\Mozilla\Firefox\Profiles\orfi2m48.default\extensions
[2011/02/11 12:01:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jennifer.engeleit\Application Data\Mozilla\Firefox\Profiles\orfi2m48.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/01 13:10:42 | 000,000,000 | ---D | M] (BetterLinks) -- C:\Documents and Settings\jennifer.engeleit\Application Data\Mozilla\Firefox\Profiles\orfi2m48.default\extensions\[email protected]
[2011/05/02 15:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/24 11:50:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JENNIFER.ENGELEIT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ORFI2M48.DEFAULT\EXTENSIONS\[email protected]
[2009/07/31 15:41:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/29 08:56:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Util] C:\WINDOWS\system32\Util.exe ()
O4 - HKCU..\Run: [gSyncit] C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\jennifer.engeleit\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1250189640828 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.124.14 192.168.124.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = med.touro.edu
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\jennifer.engeleit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jennifer.engeleit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/09 01:44:22 | 000,000,000 | ---D | M] - X:\autorun -- [ FAT ]
O32 - AutoRun File - [2007/05/18 10:37:12 | 000,000,069 | RH-- | M] () - X:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/15 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.engeleit\Start Menu\Programs\Spotify
[2011/08/15 11:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.engeleit\Local Settings\Application Data\Spotify
[2011/08/15 11:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.engeleit\Application Data\Spotify
[2011/08/15 11:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2011/08/08 09:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.engeleit\Desktop\ExamSoft Upload Sheets
[2011/08/05 13:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ExamSoft
[2011/08/01 13:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.engeleit\Local Settings\Application Data\WinZip Courier
[2011/08/01 13:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZipEC
[2011/08/01 13:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.engeleit\Local Settings\Application Data\OpenCandy
[2011/08/01 13:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.engeleit\Application Data\OpenCandy
[2011/08/01 09:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.engeleit\Desktop\Orientation
[2011/07/29 10:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.engeleit\Application Data\gSyncit
[2011/07/29 10:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\gSyncit
[2011/07/29 10:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\Fieldston Software
[2008/11/12 12:38:44 | 000,441,344 | ---- | C] ( ) -- C:\WINDOWS\System32\savst.exe
[1996/11/18 00:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/16 12:06:00 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3140976057-1606932115-464809206-1008UA.job
[2011/08/16 09:06:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3140976057-1606932115-464809206-1008Core.job
[2011/08/16 08:46:51 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/16 08:46:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/16 08:46:18 | 2111,401,984 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/10 17:10:53 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 17:10:53 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 17:09:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/10 09:07:02 | 000,002,378 | ---- | M] () -- C:\Documents and Settings\jennifer.engeleit\Desktop\Google Chrome.lnk
[2011/08/10 09:07:02 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\jennifer.engeleit\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/08 14:55:24 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\All Users\msrecovery.cfc
[2011/08/05 13:30:22 | 000,056,131 | ---- | M] () -- C:\WINDOWS\jgzr.dat
[2011/08/05 13:10:53 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SofTest.lnk
[2011/07/21 09:26:58 | 000,000,128 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2011/07/18 09:27:59 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\jennifer.engeleit\My Documents\Student scores.xlt
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/05 13:10:52 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SofTest.lnk
[2011/07/18 09:27:59 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\jennifer.engeleit\My Documents\Student scores.xlt
[2011/07/14 15:28:17 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\UDLL.dll
[2011/07/14 15:28:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\t1psvr.dll
[2011/07/14 15:28:17 | 000,193,912 | ---- | C] () -- C:\WINDOWS\System32\U2VDisp.exe
[2011/07/14 15:28:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\U2VSvr.exe
[2011/07/14 15:28:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\Util.exe
[2011/07/14 15:28:17 | 000,175,856 | ---- | C] () -- C:\WINDOWS\System32\t1psvr.exe
[2011/07/14 15:28:17 | 000,175,856 | ---- | C] () -- C:\WINDOWS\System32\T1PDisp.exe
[2011/07/14 15:28:17 | 000,048,154 | ---- | C] () -- C:\WINDOWS\System32\MTri1+.ini
[2011/07/14 15:28:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mctudll.dll
[2011/07/14 15:28:17 | 000,044,784 | ---- | C] () -- C:\WINDOWS\System32\T1PSvrUtil.exe
[2011/05/05 10:57:25 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\jennifer.engeleit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/24 11:36:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/02/24 11:36:39 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/02/24 11:36:38 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/02/24 11:36:38 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/02/23 16:43:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/23 10:59:12 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\jennifer.engeleit\Local Settings\Application Data\EditLiveForJava.ini
[2011/02/15 17:55:17 | 000,102,759 | ---- | C] () -- C:\WINDOWS\HPFins09.dat.temp
[2011/02/15 17:55:17 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat.temp
[2011/02/15 17:54:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/02/15 15:51:30 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2011/02/10 13:17:26 | 000,102,833 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2011/02/10 13:17:26 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2011/02/10 12:06:27 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011/02/10 11:45:14 | 000,056,131 | ---- | C] () -- C:\WINDOWS\jgzr.dat
[2011/02/10 11:42:39 | 000,000,128 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011/02/10 11:42:38 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/02/10 10:00:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/10 09:56:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jennifer.engeleit\Local Settings\Application Data\WavXMapDrive.bat
[2011/02/09 16:40:51 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/02/09 16:40:51 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/09/09 20:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/07/31 18:30:55 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/07/31 18:30:55 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/07/31 18:30:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/07/31 18:30:08 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/07/31 15:55:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/31 15:50:51 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/31 15:43:31 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 12:16:22 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 12:16:22 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 05:21:52 | 001,571,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/30 13:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 13:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2005/08/10 10:56:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ESxUtil.dll
[2002/06/26 14:04:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\regperm.exe
[1996/11/18 01:00:00 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[1996/11/18 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[1996/11/18 00:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[1996/11/18 00:00:00 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[1996/11/18 00:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[1996/05/25 16:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\fxtls432.dll

========== LOP Check ==========

[2011/08/08 14:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Examsoft
[2011/07/21 09:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/02/23 10:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PersonalBrain
[2011/02/09 15:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/08/01 13:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC
[2011/07/13 13:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/31 15:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.engeleit\Application Data\Broadcom
[2011/08/16 08:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.engeleit\Application Data\gSyncit
[2011/08/01 13:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.engeleit\Application Data\OpenCandy
[2011/02/15 15:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.engeleit\Application Data\pdf995
[2011/02/23 11:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.engeleit\Application Data\PersonalBrain
[2011/08/16 09:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.engeleit\Application Data\Spotify
[2009/07/31 15:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.engeleit\Application Data\Wave Systems Corp
[2009/07/31 15:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.engeleit\Application Data\Windows Desktop Search
[2009/08/13 12:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.engeleit\Application Data\Windows Search
[2011/06/20 10:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.engeleit\Application Data\Xerox

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 19 August 2011 - 07:43 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jpe228,

Welcome to the Malware forum.

Let's start by having a deeper look at your part of your system. After that we will download and run a program called Malwarebytes.

Now

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it. At this stage say no to the offer to download AVAST.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you return please post
  • aswMBR report
  • MBAM log

  • 0

#3
jpe228
Posted 22 August 2011 - 09:27 AM

jpe228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
aswMBR Log

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-22 09:00:56
-----------------------------
09:00:56.397 OS Version: Windows 5.1.2600 Service Pack 3
09:00:56.397 Number of processors: 2 586 0x170A
09:00:56.397 ComputerName: OM-4510 UserName:
09:00:57.087 Initialize success
09:01:07.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:01:07.609 Disk 0 Vendor: WDC_WD40 05.0 Size: 38146MB BusType: 8
09:01:07.625 Disk 0 MBR read successfully
09:01:07.641 Disk 0 MBR scan
09:01:07.641 Disk 0 unknown MBR code
09:01:07.641 Disk 0 scanning sectors +78122952
09:01:07.703 Disk 0 scanning C:\WINDOWS\system32\drivers
09:01:13.835 Service scanning
09:01:14.854 Modules scanning
09:01:28.842 Disk 0 trace - called modules:
09:01:28.874 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:01:28.874 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a36f868]
09:01:28.874 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89de3028]
09:01:28.874 Scan finished successfully
09:02:43.471 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jennifer.engeleit\Desktop\MBR.dat"
09:02:43.471 The log file has been saved successfully to "C:\Documents and Settings\jennifer.engeleit\Desktop\aswMBR 8-22-11.txt"


MBAM Log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7535

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/22/2011 10:14:26 AM
mbam-log-2011-08-22 (10-14-26).txt

Scan type: Quick scan
Objects scanned: 207184
Time elapsed: 17 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
emeraldnzl
Posted 22 August 2011 - 03:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again jpe228,

  • C:\Documents and Settings\jennifer.engeleit\Desktop\MBR.dat
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Do the same for this one C:\WINDOWS\jgzr.dat
  • 0

#5
jpe228
Posted 23 August 2011 - 07:27 AM

jpe228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
MBR.dat

VirSCAN.org Scanned Report :
Scanned time : 2011/08/23 21:18:17 (CST)
Scanner results: Scanners did not find malware!
File Name : MBR.dat
File Size : 512 byte
File Type : x86 boot sector; partition 1
MD5 : ff40b5c764c417eb7504a9a745d75483
SHA1 : d9f98717e136479ea658d9a1b3e5fa435d34ebb9
Online report : http://r.virscan.org...4bd1ceb3eee730e

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.3 20110823060241 2011-08-23 0.29 -
AhnLab V3 2011.08.24.00 2011.08.24 2011-08-24 2.30 -
AntiVir 8.2.6.32 7.11.13.190 2011-08-23 2.26 -
Antiy 2.0.18 20110804.11725727 2011-08-04 0.02 -
Arcavir 2011 201107140423 2011-07-14 2.28 -
Authentium 5.1.1 201108230841 2011-08-23 1.52 -
AVAST! 4.7.4 110823-0 2011-08-23 0.00 -
AVG 8.5.850 271.1.1/3852 2011-08-23 0.25 -
BitDefender 7.90123.8960092 7.38745 2011-08-23 4.71 -
ClamAV 0.97.1 13468 2011-08-23 0.00 -
Comodo 5.1 9847 2011-08-23 1.81 -
CP Secure 1.3.0.5 2011.08.19 2011-08-19 0.01 -
Dr.Web 5.0.2.3300 2011.08.23 2011-08-23 15.70 -
F-Prot 4.6.2.117 20110822 2011-08-22 0.81 -
F-Secure 7.02.73807 2011.08.23.01 2011-08-23 9.74 -
Fortinet 4.2.257 13.572 2011-08-22 0.12 -
GData 22.1769 20110823 2011-08-23 0.11 -
ViRobot 20110823 2011.08.23 2011-08-23 0.37 -
Ikarus T3.1.32.20.0 2011.08.23.79163 2011-08-23 4.96 -
JiangMin 13.0.900 2011.08.22 2011-08-22 1.54 -
Kaspersky 5.5.10 2011.08.23 2011-08-23 0.06 -
KingSoft 2009.2.5.15 2011.8.23.18 2011-08-23 0.83 -
McAfee 5400.1158 6446 2011-08-22 9.74 -
Microsoft 1.7604 2011.08.23 2011-08-23 4.13 -
NOD32 3.0.21 6398 2011-08-21 0.01 -
Norman 6.07.10 6.07.00 2011-08-22 22.02 -
Panda 9.05.01 2011.08.22 2011-08-22 2.01 -
Trend Micro 9.200-1012 8.360.11 2011-08-17 0.02 -
Quick Heal 11.00 2011.08.23 2011-08-23 0.91 -
Rising 20.0 23.72.01.03 2011-08-23 1.49 -
Sophos 3.22.0 4.68 2011-08-23 3.93 -
Sunbelt 3.9.2497.2 10247 2011-08-22 0.66 -
Symantec 1.3.0.24 20110822.004 2011-08-22 0.18 -
nProtect 20110823.01 12483199 2011-08-23 1.52 -
The Hacker 6.7.0.1 v00282 2011-08-21 0.53 -
VBA32 3.12.16.4 20110822.1952 2011-08-22 3.91 -
VirusBuster 5.3.0.4 14.0.181.1/59529652011-08-22 0.00 -


jgzr.dat

VirSCAN.org Scanned Report :
Scanned time : 2011/08/23 21:11:31 (CST)
Scanner results: Scanners did not find malware!
File Name : jgzr.dat
File Size : 56131 byte
File Type : data
MD5 : 2d6d52f9f34b860fdd5ceccc446acea3
SHA1 : c830c0e8a8367f0ac3c81706da0e2eeaa98605d5
Online report : http://r.virscan.org...ef9e500ee8e7d95

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.3 20110823060241 2011-08-23 1.03 -
AhnLab V3 2011.08.23.00 2011.08.23 2011-08-23 12.75 -
AntiVir 8.2.6.32 7.11.13.190 2011-08-23 0.52 -
Antiy 2.0.18 20110804.11725727 2011-08-04 0.03 -
Arcavir 2011 201107140423 2011-07-14 3.49 -
Authentium 5.1.1 201108230841 2011-08-23 2.46 -
AVAST! 4.7.4 110823-0 2011-08-23 0.10 -
AVG 8.5.850 271.1.1/3852 2011-08-23 0.93 -
BitDefender 7.90123.8960092 7.38745 2011-08-23 4.87 -
ClamAV 0.97.1 13468 2011-08-23 0.01 -
Comodo 5.1 9844 2011-08-23 1.99 -
CP Secure 1.3.0.5 2011.08.19 2011-08-19 0.01 -
Dr.Web 5.0.2.3300 2011.08.23 2011-08-23 19.17 -
F-Prot 4.6.2.117 20110822 2011-08-22 2.60 -
F-Secure 7.02.73807 2011.08.23.01 2011-08-23 0.26 -
Fortinet 4.2.257 13.572 2011-08-22 0.46 -
GData 22.1768 20110823 2011-08-23 0.32 -
ViRobot 20110823 2011.08.23 2011-08-23 0.65 -
Ikarus T3.1.32.20.0 2011.08.23.79163 2011-08-23 7.06 -
JiangMin 13.0.900 2011.08.22 2011-08-22 1.52 -
Kaspersky 5.5.10 2011.08.23 2011-08-23 0.05 -
KingSoft 2009.2.5.15 2011.8.23.18 2011-08-23 0.87 -
McAfee 5400.1158 6446 2011-08-22 10.17 -
Microsoft 1.7604 2011.08.23 2011-08-23 3.33 -
NOD32 3.0.21 6398 2011-08-21 0.01 -
Norman 6.07.10 6.07.00 2011-08-22 26.04 -
Panda 9.05.01 2011.08.22 2011-08-22 2.04 -
Trend Micro 9.200-1012 8.360.11 2011-08-17 0.04 -
Quick Heal 11.00 2011.08.23 2011-08-23 1.04 -
Rising 20.0 23.72.01.03 2011-08-23 0.29 -
Sophos 3.22.0 4.68 2011-08-23 4.51 -
Sunbelt 3.9.2497.2 10247 2011-08-22 0.83 -
Symantec 1.3.0.24 20110822.004 2011-08-22 0.05 -
nProtect 20110823.01 12483199 2011-08-23 1.22 -
The Hacker 6.7.0.1 v00282 2011-08-21 0.52 -
VBA32 3.12.16.4 20110822.1952 2011-08-22 4.09 -
VirusBuster 5.3.0.4 14.0.181.1/59529652011-08-22 0.01 -
  • 0

#6
emeraldnzl
Posted 23 August 2011 - 01:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again jpe228,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
jpe228
Posted 24 August 2011 - 09:07 AM

jpe228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ComboFix Log

ComboFix 11-08-24.02 - jennifer.engeleit 08/24/2011 10:58:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.833 [GMT -4:00]
Running from: c:\documents and settings\jennifer.engeleit\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-18 17:20 . 2011-08-18 17:20 -------- d-----r- c:\documents and settings\jennifer.engeleit\My Pictures
2011-08-17 19:48 . 2011-08-17 19:48 -------- d-----w- c:\program files\e-Speaking
2011-08-15 15:40 . 2011-08-24 14:47 -------- d-----w- c:\documents and settings\jennifer.engeleit\Application Data\Spotify
2011-08-15 15:40 . 2011-08-15 15:40 -------- d-----w- c:\documents and settings\jennifer.engeleit\Local Settings\Application Data\Spotify
2011-08-15 15:40 . 2011-08-15 16:10 -------- d-----w- c:\program files\Spotify
2011-08-10 13:03 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:02 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-01 17:44 . 2011-08-01 17:44 -------- d-----w- c:\documents and settings\jennifer.engeleit\Local Settings\Application Data\WinZip Courier
2011-08-01 17:10 . 2011-08-01 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipEC
2011-08-01 17:10 . 2011-08-01 20:33 -------- d-----w- c:\documents and settings\jennifer.engeleit\Local Settings\Application Data\OpenCandy
2011-08-01 17:10 . 2011-08-01 17:10 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B4.TMP
2011-08-01 17:10 . 2011-08-01 17:10 -------- d-----w- c:\documents and settings\jennifer.engeleit\Application Data\OpenCandy
2011-07-29 14:27 . 2011-08-24 12:54 -------- d-----w- c:\documents and settings\jennifer.engeleit\Application Data\gSyncit
2011-07-29 14:26 . 2011-07-29 14:26 -------- d-----w- c:\program files\Fieldston Software
2011-07-27 23:03 . 2011-07-27 23:03 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-07-27 23:03 . 2011-07-27 23:03 773968 ----a-w- c:\windows\system32\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 12:50 . 2011-05-17 13:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-25 16:16 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2011-02-10 14:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-02-10 14:46 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2008-04-25 21:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-25 16:16 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:07 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-08-23 12:53 . 2011-05-02 19:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"gSyncit"="c:\program files\Fieldston Software\gSyncit\gsyncit.exe" [2011-07-27 165088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-08-27 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-11 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-12 186904]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2009-09-23 315736]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Util"="c:\windows\system32\Util.exe" [2010-07-07 188416]
.
c:\documents and settings\jennifer.engeleit\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
[HKLM\~\startupfolder\C:^Documents and Settings^jennifer.engeleit^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\jennifer.engeleit\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-04 21:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
2009-02-19 15:56 796184 ----a-w- c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-01-26 22:30 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"c:\\Program Files\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15000:UDP"= 15000:UDP:Kaspersky Administration Kit
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [7/31/2009 6:30 PM 24064]
R2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [9/18/2009 6:03 PM 138792]
R2 U2VSvr;U2VSvr;c:\windows\system32\U2VSvr.exe [7/14/2011 3:28 PM 192512]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [7/31/2009 3:45 PM 2066968]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [7/31/2009 6:30 PM 144480]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [9/3/2009 5:24 PM 24848]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 3:42 PM 32272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
R3 T1PExGrp;T1PExGrp;c:\windows\system32\drivers\T1PExGrp.sys [2/23/2011 4:41 PM 30080]
R3 T1PMrGrp;T1PMrGrp;c:\windows\system32\drivers\T1PMrGrp.sys [2/23/2011 4:41 PM 30720]
R3 t1pusb;Trigger 1+ Graphics Card;c:\windows\system32\drivers\t1pusb.sys [7/14/2011 3:28 PM 111104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3140976057-1606932115-464809206-1008Core.job
- c:\documents and settings\jennifer.engeleit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-29 13:45]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3140976057-1606932115-464809206-1008UA.job
- c:\documents and settings\jennifer.engeleit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-29 13:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.124.14 192.168.124.12
TCP: Interfaces\{E1A11F94-21F4-4E69-A8B6-1854C5AC0D7D}: NameServer = 192.168.124.14,192.168.124.12
FF - ProfilePath - c:\documents and settings\jennifer.engeleit\Application Data\Mozilla\Firefox\Profiles\orfi2m48.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ChangeTPMAuth - c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-24 11:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-08-24 11:04:58
ComboFix-quarantined-files.txt 2011-08-24 15:04
.
Pre-Run: 11,675,422,720 bytes free
Post-Run: 13,734,535,168 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7C3749144219A05AAB67550CABE87AC5
  • 0

#8
emeraldnzl
Posted 24 August 2011 - 02:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jpe228,

Where we are now.

As I see it the symptoms your computer is displaying can be caused by a number of things. There is malware that can do it or it can be caused by something else happing in your machine... say some sort of hardware failure or maybe even overheating.

We have checked for malware infection and while we haven't investigated everything that can be investigated there is nothing much leaping out at me.

There is one more tool will run just to cover another base and then we will do some other things to see if the cause is non malware related.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
After that

Please run chkdsk.

Go to Windows XP chkdsk for some helpful instructions.

So when you return please post
  • tddsskiller log
  • tell me if chkdsk made a difference
  • tell me, is your computer a laptop or desktop
  • 0

#9
jpe228
Posted 25 August 2011 - 07:40 AM

jpe228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
tddsskiller log

2011/08/24 16:42:05.0172 2944 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/24 16:42:05.0454 2944 ================================================================================
2011/08/24 16:42:05.0454 2944 SystemInfo:
2011/08/24 16:42:05.0454 2944
2011/08/24 16:42:05.0454 2944 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/24 16:42:05.0454 2944 Product type: Workstation
2011/08/24 16:42:05.0454 2944 ComputerName: OM-4510
2011/08/24 16:42:05.0454 2944 UserName: jennifer.engeleit
2011/08/24 16:42:05.0454 2944 Windows directory: C:\WINDOWS
2011/08/24 16:42:05.0454 2944 System windows directory: C:\WINDOWS
2011/08/24 16:42:05.0454 2944 Processor architecture: Intel x86
2011/08/24 16:42:05.0454 2944 Number of processors: 2
2011/08/24 16:42:05.0454 2944 Page size: 0x1000
2011/08/24 16:42:05.0454 2944 Boot type: Normal boot
2011/08/24 16:42:05.0454 2944 ================================================================================
2011/08/24 16:42:07.0766 2944 Initialize success
2011/08/24 16:42:08.0860 5528 ================================================================================
2011/08/24 16:42:08.0860 5528 Scan started
2011/08/24 16:42:08.0860 5528 Mode: Manual;
2011/08/24 16:42:08.0860 5528 ================================================================================
2011/08/24 16:42:11.0251 5528 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/24 16:42:11.0454 5528 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/24 16:42:11.0657 5528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/24 16:42:11.0844 5528 ADIHdAudAddService (d80d1d73d1dbf38d0afe692c8bdc939a) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/08/24 16:42:12.0079 5528 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/24 16:42:12.0313 5528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/24 16:42:12.0516 5528 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/24 16:42:12.0735 5528 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/24 16:42:12.0938 5528 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/24 16:42:13.0188 5528 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/24 16:42:13.0376 5528 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/24 16:42:13.0704 5528 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/24 16:42:13.0969 5528 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/24 16:42:14.0157 5528 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/24 16:42:14.0344 5528 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/24 16:42:14.0548 5528 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/24 16:42:14.0735 5528 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/24 16:42:14.0923 5528 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/24 16:42:15.0126 5528 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/24 16:42:15.0313 5528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/24 16:42:15.0516 5528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/24 16:42:16.0141 5528 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/24 16:42:16.0688 5528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/24 16:42:16.0876 5528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/24 16:42:17.0079 5528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/24 16:42:17.0485 5528 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/24 16:42:17.0688 5528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/24 16:42:17.0876 5528 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/24 16:42:18.0095 5528 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/24 16:42:18.0298 5528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/24 16:42:18.0485 5528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/24 16:42:18.0688 5528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/24 16:42:19.0048 5528 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/24 16:42:19.0266 5528 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/24 16:42:19.0470 5528 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/24 16:42:19.0657 5528 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/24 16:42:19.0860 5528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/24 16:42:20.0063 5528 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2011/08/24 16:42:20.0266 5528 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2011/08/24 16:42:20.0454 5528 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/08/24 16:42:20.0641 5528 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
2011/08/24 16:42:20.0845 5528 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2011/08/24 16:42:21.0032 5528 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2011/08/24 16:42:21.0235 5528 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2011/08/24 16:42:21.0438 5528 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/08/24 16:42:21.0626 5528 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2011/08/24 16:42:21.0829 5528 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2011/08/24 16:42:22.0048 5528 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/24 16:42:22.0266 5528 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/24 16:42:22.0470 5528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/24 16:42:22.0657 5528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/24 16:42:22.0860 5528 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/24 16:42:23.0063 5528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/24 16:42:23.0251 5528 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/08/24 16:42:23.0548 5528 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/08/24 16:42:23.0751 5528 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
2011/08/24 16:42:23.0985 5528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/24 16:42:24.0235 5528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/24 16:42:24.0423 5528 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/24 16:42:24.0626 5528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/24 16:42:24.0829 5528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/24 16:42:25.0032 5528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/24 16:42:25.0298 5528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/24 16:42:25.0485 5528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/24 16:42:25.0688 5528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/24 16:42:25.0891 5528 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/24 16:42:26.0095 5528 HECI (3067edd0dd77825ac783424ec09ef29f) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/08/24 16:42:26.0313 5528 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/24 16:42:26.0516 5528 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/24 16:42:26.0704 5528 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/24 16:42:26.0907 5528 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/24 16:42:27.0157 5528 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/24 16:42:27.0345 5528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/24 16:42:27.0548 5528 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/24 16:42:27.0720 5528 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/24 16:42:28.0048 5528 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/24 16:42:28.0407 5528 iaStor (6c44fa574a17b31e12ddbbe973171728) C:\WINDOWS\system32\drivers\iaStor.sys
2011/08/24 16:42:28.0610 5528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/24 16:42:28.0798 5528 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/24 16:42:28.0985 5528 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/24 16:42:29.0188 5528 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/24 16:42:29.0392 5528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/24 16:42:29.0595 5528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/24 16:42:29.0782 5528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/24 16:42:30.0032 5528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/24 16:42:30.0235 5528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/24 16:42:30.0423 5528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/24 16:42:30.0626 5528 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/24 16:42:30.0813 5528 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/24 16:42:31.0001 5528 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/24 16:42:31.0204 5528 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2011/08/24 16:42:31.0407 5528 KLFLTDEV (adda474c9b18fd829a6c8351485c4842) C:\WINDOWS\system32\DRIVERS\klfltdev.sys
2011/08/24 16:42:31.0610 5528 KLIF (7391ea3fc728c3a7d2c99822d20fe11d) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/08/24 16:42:31.0813 5528 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/08/24 16:42:32.0032 5528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/24 16:42:32.0220 5528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/24 16:42:32.0595 5528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/24 16:42:32.0798 5528 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/24 16:42:33.0001 5528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/24 16:42:33.0188 5528 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/24 16:42:33.0454 5528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/24 16:42:33.0642 5528 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/24 16:42:33.0845 5528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/24 16:42:34.0110 5528 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/24 16:42:34.0329 5528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/24 16:42:34.0517 5528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/24 16:42:34.0720 5528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/24 16:42:34.0907 5528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/24 16:42:35.0095 5528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/24 16:42:35.0282 5528 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/24 16:42:35.0501 5528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/24 16:42:35.0688 5528 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/24 16:42:35.0876 5528 NAL (03ca886ba148b6b9996be1368ddc3fc0) C:\WINDOWS\system32\Drivers\iqvw32.sys
2011/08/24 16:42:36.0110 5528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/24 16:42:36.0298 5528 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/24 16:42:36.0485 5528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/24 16:42:36.0688 5528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/24 16:42:36.0892 5528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/24 16:42:37.0079 5528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/24 16:42:37.0282 5528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/24 16:42:37.0485 5528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/24 16:42:37.0720 5528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/24 16:42:37.0939 5528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/24 16:42:38.0173 5528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/24 16:42:38.0626 5528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/24 16:42:39.0735 5528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/24 16:42:40.0048 5528 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/24 16:42:40.0329 5528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/24 16:42:40.0517 5528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/24 16:42:40.0767 5528 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
2011/08/24 16:42:41.0032 5528 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/24 16:42:41.0470 5528 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/24 16:42:41.0704 5528 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/24 16:42:42.0689 5528 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/24 16:42:43.0001 5528 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/24 16:42:43.0282 5528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/24 16:42:43.0579 5528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/24 16:42:43.0767 5528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/24 16:42:43.0985 5528 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/24 16:42:44.0204 5528 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/24 16:42:44.0407 5528 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/24 16:42:44.0595 5528 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/24 16:42:44.0798 5528 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/24 16:42:44.0985 5528 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/24 16:42:45.0189 5528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/24 16:42:45.0376 5528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/24 16:42:45.0579 5528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/24 16:42:45.0767 5528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/24 16:42:45.0970 5528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/24 16:42:46.0173 5528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/24 16:42:46.0376 5528 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/24 16:42:46.0642 5528 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/24 16:42:46.0845 5528 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/24 16:42:47.0048 5528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/24 16:42:47.0251 5528 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/24 16:42:47.0454 5528 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/24 16:42:47.0657 5528 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
2011/08/24 16:42:47.0861 5528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/24 16:42:48.0236 5528 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/24 16:42:48.0423 5528 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/24 16:42:48.0626 5528 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/24 16:42:48.0814 5528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/24 16:42:49.0032 5528 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/24 16:42:49.0236 5528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/24 16:42:49.0470 5528 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/24 16:42:49.0673 5528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/24 16:42:49.0845 5528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/24 16:42:50.0048 5528 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/24 16:42:50.0236 5528 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/24 16:42:50.0439 5528 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/24 16:42:50.0611 5528 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/24 16:42:50.0814 5528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/24 16:42:51.0001 5528 T1PExGrp (cb587873fb4f91c192806a602fe35227) C:\WINDOWS\system32\drivers\T1PExGrp.sys
2011/08/24 16:42:51.0251 5528 T1PMrGrp (ac930b97ed3e46f09ef83bfb6944e8c9) C:\WINDOWS\system32\drivers\T1PMrGrp.sys
2011/08/24 16:42:51.0454 5528 t1pusb (5de7e41f12be1666ec6d8355d03f95cd) C:\WINDOWS\system32\drivers\t1pusb.sys
2011/08/24 16:42:51.0657 5528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/24 16:42:51.0876 5528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/24 16:42:52.0079 5528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/24 16:42:52.0267 5528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/24 16:42:52.0470 5528 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/24 16:42:52.0689 5528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/24 16:42:52.0907 5528 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/24 16:42:53.0111 5528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/24 16:42:53.0329 5528 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/24 16:42:53.0564 5528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/24 16:42:53.0767 5528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/24 16:42:53.0970 5528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/24 16:42:54.0157 5528 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/24 16:42:54.0345 5528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/24 16:42:54.0548 5528 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/24 16:42:54.0751 5528 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/24 16:42:54.0939 5528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/24 16:42:55.0126 5528 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/24 16:42:55.0314 5528 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/24 16:42:55.0517 5528 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/24 16:42:55.0720 5528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/24 16:42:56.0095 5528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/24 16:42:56.0298 5528 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/24 16:42:56.0501 5528 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/24 16:42:56.0517 5528 MBR (0x1B8) (93359ce5829765624456aae7002d1db1) \Device\Harddisk0\DR0
2011/08/24 16:42:56.0642 5528 Boot (0x1200) (936c5183e307e1566791ad5fbbc76212) \Device\Harddisk0\DR0\Partition0
2011/08/24 16:42:56.0642 5528 ================================================================================
2011/08/24 16:42:56.0642 5528 Scan finished
2011/08/24 16:42:56.0642 5528 ================================================================================
2011/08/24 16:42:56.0657 2912 Detected object count: 0
2011/08/24 16:42:56.0657 2912 Actual detected object count: 0

chkdsk
This did not appear to make a difference. I've been at work for about 45 minutes and my computer is already messing up.

I am running a desktop computer. I can tell you it is a Dell, but I don't know what other information you'd be looking for. I didn't think this was a malware problem intially, but the folks over at the Operating Systems forum told me to run an OTL scan and then sent me here. I would not be surprised if the problem were that I just have an old/malfunctioning computer that I have worked into the ground over the past 8 months (when my office replaced my old computer with this one). If the problem is something that I can't fix, I'll ask for a new one. Thank you so much for all your help so far.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP